Considerations for Upgrading to FIM 2010 R2

The following sections will provide information on things that need to be considered prior to upgrading. For additional information see:

  1. Release Notes for Forefront Identity Manager 2010 R2 SP1

  2. Release Notes for Forefront Identity Manager 2010 R2

For a detailed step-by-step guide for upgrading see Test Lab Guide: Upgrading to Forefront Identity Manager 2010 R2. This portion of the deployment guide is made up of the following:

  • General FIM 2010 R2 Upgrade Information

  • Considerations when Upgrading to FIM 2010 R2

  • Considerations when Upgrading to FIM 2010 R2 Synchronization Service

  • Considerations when Upgrading to FIM 2010 R2 Service and Portal

  • Considerations when Upgrading to FIM Certificate Management 2010 R2

  • Backup Information

  • Common FIM 2010 R2 Database Upgrade Issues

General FIM 2010 R2 Upgrade Information

Upgrading from FIM 2010 to FIM 2010 R2 is supported for all server components, including those below:

  • FIM Service

  • FIM Portal

  • FIM Synchronization Service

  • Microsoft® Forefront Identity Manager Certificate Management (FIM CM) components

Upgrade to FIM 2010 R2 is supported from all builds prior to, and including, build 4.0.3617.2 . To find out what build you are using, click About Forefront Identity Manager on the administrator home page in the FIM portal.

Warning

It is strongly recommended that you upgrade all the FIM Server components in your environment to the same version. Mixing components from FIM 2010 and FIM 2010 R2 is not supported by the FIM product team.

Upgrading from FIM 2010 to FIM 2010 R2 is supported for the client components below:

  • FIM Add-ins and Extensions

  • FIM CM Bulk Client

  • FIM CM Client

  • FIM Password Change Notification Service (PCNS)

The following is the supported upgrade paths for Forefront Identity Manager 2010 R2.

Upgrade from-> FIM 2010 RTM FIM 2010 RTM Update 1 FIM 2010 RTM Update 2 FIM 2010 RTM Update 2 with June QFE FIM 2010 R2 RC FIM 2010 R2 RC Refresh

(4.0.2592.0)

(4.0.3531.2)

(4.0.3606.2)

(4.0.3617.2)

(4.1.1906.0)

(4.1.2089.0)

Is supported?

Yes**

Yes**

Yes**

Yes**

Yes*

Yes*

Warning

If you have installed the FIM Portal on SharePoint whose URL is something other than https://localhost, you will be required to upgrade to QFE build 4.0.3617.2 prior to upgrading. For information about this see KB 2688078. * Upgrading the FIM 2010 R2 RC Service and Portal is only supported for TAP customers. * Upgrading the FIM 2010 R2 RC SSPR Portals (Registration and Reset) is not supported even for TAP customers. These will need to be uninstalled and re-installed. ** If you have deployed FIM 2010 RTM from the MSDN website an in-place upgrade is not supported for the Synchronization Service. However, the database can be preserved and used in FIM 2010 R2 RTM. To do this, you must uninstall the FIM 2010 RTM Synchronization Service and then install FIM 2010 R2 RTM using the existing database. The uninstall and then subsequent install of the FIM 2010 R2 Synchronization Service using the FIM 2010 RTM Sync database is supported. The FIM Service and Portal can then be upgraded using the normal method. This only affects users who installed FIM 2010 RTM from the MSDN website and only the Synchronization Service. This is a known issue. ** Upgrading Evaluation versions of FIM 2010 RTM to FIM 2010 R2 is not supported.

The following are the steps required in Upgrading. For a detailed step-by-step upgrade that includes upgrading SQL Server and SharePoint see Test Lab Guide: Upgrading to Forefront Identity Manager 2010 R2. The estimated time is based on internal Microsoft upgrades.

Step Description Estimated time

1

Backup FIM Synchronization Encryption key (see Backup the FIM Synchronization Service Encryption Key) and FIM Synchronization Server configuration (see Backup the FIM Synchronization Service Server Configuration)

2

(Optional) If you are upgrading the Service and Portal Language Packs, you need to backup any customized RCDCs prior to upgrade (see Backup all Resource Control Display Configuration (RCDC) Objects).

3

Disable sync jobs and DB backup job (if applicable) on Sync Server

4

Backup FIM Service Server Configuration (see Backup the FIM Service Configuration)

5

Backup FIMService DB, FIMSync DB (read more here about backup)

6

Change SQL to Simple Recovery on all SQL servers

7

Upgrade sync engine to R2

~ 4 hours

8

Enable SQL Broker on the FIM Service DB by ALTER DATABASE <FIM Service DB name> SET ENABLE_BROKER

< 5 min

9

Upgrade FIM Service and Portal

~30 min

10

Upgrade FIM Language Pack(s) (if applicable)

5-10 hours

11

[optional]Change SQL to Full Recovery on server with SharePoint

< 5 min

12

[optional] Backup SharePoint DB

13

[optional] Upgrade SharePoint to SP2010

30 min

14

[optional] Disable SharePoint 2010 search index job

15

Perform full Portal UI client side test to confirm major features are working

30 min

16

Run all import / export jobs and verify sync operations are working

a few hours

17

Re-enable jobs disabled in Step 3

For a list of service accounts that may be required, depending on the server components that are to be installed during upgrade, see Service Accounts earlier in this document.

Considerations when Upgrading to FIM 2010 R2

The following are considerations that must be taken into account when upgrading to FIM 2010 R2. These considerations are general things that need to be taken into account.

Upgrading Outlook 2007 to Outlook 2010 and the FIM Add-ins and Extensions

Prior to upgrading to Outlook 2010 from Outlook 2007 you must uninstall the FIM add-in, then re-install it. It doesn’t matter if this is done before or after the upgrade to Outlook 2010

Specifying a Very Long File Path Can Cause Extraction to Fail

If the directory you selected for extracting the product files is deep in the folder hierarchy, the total file path can exceed 255 characters. Extraction will fail with the message, "Can't create output file." To avoid this issue, select a short path name to the extraction directory.

Error when upgrading with existing certificate

Users attempting to upgrade from FIM 2010 RTM QFE 4.0.3576.2 to FIM 2010 R2 while using the "Reuse Existing Certificate" option may experience the error "Service 'Forefront Identity Manager Service' (FIMService) failed to start. Verify that you have sufficient privileges to start system services." If you encounter this error, re-run setup with the "Generate New Certificate" option selected in the Service and Portal setup.

If you are using a custom certificate on FIM 2010, make sure that the certificate name is ForefrontIdentityManager, otherwise upgrade will fail. If your certificate is name differently, follow these steps:

  1. Issue a new certificate with the name ForefrontIdentityManager as the subject.

  2. On FIM 2010 (not FIM 2010 R2 ), run a re-install in Change mode.

  3. Point to the new certificate.

  4. Run the FIM 2010 R2 upgrade.

Considerations when Upgrading to FIM 2010 R2 Synchronization Service

The following are considerations that must be taken into account when upgrading to FIM Certificate Management 2010 R2. These considerations deal strictly with upgrading.

Synchronization engine database upgrade can fill up transaction log and fail when database recovery mode is set to Full

If you have a large database and configure the recovery mode for Full, it is possible that the database upgrade will fail due to the transaction log becoming full. In this case, the upgrade will be rolled back with an error message indicating the transaction log is full. Set the recovery mode to Simple and retry the upgrade.

Ignore message to delete MAdata folder during upgrade

During upgrade of FIM Synchronization Service from FIM 2010 to FIM 2010 R2 you will see a popup asking you to manually remove the MAdata folder. This popup should be ignored and the MAdata folder should not be removed.

Considerations when Upgrading to FIM 2010 R2 Service and Portal

The following are considerations that must be taken into account when upgrading to FIM Certificate Management 2010 R2. These considerations deal strictly with upgrading.

All existing resources with the FIM owned schemas are deleted during installation

When installing FIM 2010 R2, the database upgrade scripts will delete all existing objects within the FIM owned schemas, (stored procedures, functions, etc...), with the exceptions of the tables themselves, and will replace them with the FIM 2010 R2 versions. If you've added your own stored procedures or functions to the FIM owned schemas, they will be deleted.

Language packs must be uninstalled before the FIM Service

If you uninstall FIM 2010 R2, you must uninstall any FIM language packs before uninstalling the FIM Service. If you do not, you will see the error “SharePoint did not confirm the retraction of the FIM solution pack within the expected time”

“SharePoint Timer Service is not running” error during installation

If you have already upgraded Window SharePoint Services 2007 to Microsoft SharePoint 2010, and then attempt to upgrade FIM 2010 to FIM 2010 R2, you may encounter the error “The SharePoint Timer Service is not running.” To resolve this issue, it is recommended that you upgrade to FIM 2010 Update Rollup 2 (build 4.0.3606.2)( or later before attempting to do a major upgrade to R2.

If you have not yet upgraded Window SharePoint Services 2007 to Microsoft SharePoint 2010, but plan to, first upgrade FIM 2010 to FIM 2010 R2, and then upgrade Windows SharePoint Services 2007.

Verify the SharePoint 2010 Administration Service is running

If you upgraded SharePoint WSS 3.0 to SharePoint Foundation 2010 verify that the SharePoint Administration Service is running prior to beginning your upgrade. To do this use the following procedure:

To verify the SharePoint 2010 Administration Service is running

  1. Log on the FIM Portal server.

  2. Click Start, select Administrative Tools, and then click Services. This will open the Services MMC.

  3. On the right, scroll down to the SharePoint Administration Service and verify that it is Started.

  4. If it is not Started, right-click on SharePoint Administration Service and select Start.

  5. Once it starts, close Services.

Considerations when Upgrading to FIM Certificate Management 2010 R2

The following are considerations that must be taken into account when upgrading to FIM Certificate Management 2010 R2. These considerations deal strictly with upgrading.

Upgrade Considerations

  • When upgrading to FIM CM 2010 R2, the server should always be upgraded first and then the clients. The older clients will work with the newer version of the server but newer clients will not work with an older version of the server. Therefore, it is imperative that the upgrade be done in this order.

    Warning

    This is the only supported method of upgrading.

  • If you are upgrading from CLM 2007 and want to upgrade to FIM CM 2010 R2, then the CLM 2007 server must first be upgraded to FIM CM 2010 RTM (build 4.0.2592.0) and then it can be upgraded to FIM CM 2010 R2 (build 4.1.2273.0). This is the only supported upgrade method. Upgrading from CLM 2007 directly to FIM 2010 R2 is not supported.

    Upgrade from-> CLM 2007 FIM 2010 CM RTM FIM 2010 CM RTM Update 1 FIM 2010 CM RTM Update 2 FIM 2010 CM RTM Update 2 with June QFE FIM 2010 R2 CM RC FIM 2010 R2 CM RC Refresh

    Build

    Any

    (4.0.2592.0)

    (4.0.3531.2)

    (4.0.3606.2)

    (4.0.3617.2)

    (4.1.1906.0)

    (4.1.2089.0)

    Is Upgrade to R2 RTM supported?

    Yes*

    Yes

    Yes

    Yes

    Yes

    Yes

    Yes

    Warning

    • You must first upgrade to FIM CM 2010 RTM (build 4.0.2592.0) and then it can be upgraded to FIM CM 2010 R2 (build 4.1.2273.0)
  • When you upgrade from FIM CM 2010 RTM (build 4.0.2592.0) to FIM CM 2010 R2 RTM (build 4.1.2273.0) in a topology including a separated sub-CA, and the sub-CA upgrade is done before the FIM CM 2010 RTM server, the FIM CM database is not updated with the new version of FIM CM exit module for the sub-CA . As a result smartcard operations fail for profile templates that include certificate templates of the sub-CA, with error "The version of FIM CM Server [4.1.2273.0] does not match the version of the FIM CM CA Exit Module [4.0.2592.0] installed on the CA [the_name_of_Sub-CA]".

    This is because the way CA registration works is once Certificate Services starts, the FIM CM exit module will attempt to connect to the SQL database and register itself. It will attempt to write it’s version number to the database. The reason it fails, in this case, is because FIM CM 2010 RTM doesn’t have that particular stored procedure. Once you install FIM CM 2010 R2 on the server and restart certificate services on the sub-CA it will work correctly.

Backup Information

The following sections provide information on the various components of a FIM 2010 deployment that should be backed up prior to upgrading. These include:

  • Backup the FIM Synchronization Service Server Configuration

  • Backup the FIM Service and Portal Configuration

  • Backup the FIM Synchronization Service and FIM Service databases

Backup the FIM Synchronization Service Server Configuration

The following procedure details how to backup the FIM Synchronization Service Server Configuration.

To back up the FIM Synchronization Service Server Configuration

  1. Log on to the FIM Synchronization Server

  2. Click Start, select All Programs, click Microsoft Forefront Identity Manager, and click Synchronization Service. This will bring up the Forefront Identity Synchronization Service.

  3. At the top, click File and select Export Server Configuration. You will be prompted with a window that says not to run any management agents or modify the server settings. Click OK.

  4. This will bring up a Browse For Folder dialog. Navigate to a directory to save the configuration. Click OK.

  5. Once this has completed, click OK.

    server config

Backup the FIM Service and Portal Configuration

The following procedure details how to backup the FIM Service Configuration using the new Configuration Backup Tool. Be aware that this occurs automatically when doing an upgrade to FIM 2010 R2.

To back backup the FIM Service Configuration

  1. Log on to the FIM Service server.

  2. Open cmd.exe and navigate to the directory that has the FIM 2010 R2 binaries and proceed to the following location Service and Portal\Program Files\Microsoft Forefront Identity Manager\2010\Tools\ConfigurationBackup

  3. Type Microsoft.IdentityManagement.ConfigurationBackup and hit enter. This will begin the backup.

  4. Once this completes, navigate to C:\Program Files\Microsoft Forefront Identity Manger\2010\Previous Configuration\FIM1\(today's date and time) or (current timestamp)\ and notice the Portal, Service folders and the ConfigurationBackup text.

    config backup

  5. Copy the folder with the today’s date to a safe location.

Backup the FIM Synchronization Service and FIM Service databases

The following procedure details how to backup the FIM Synchronization Service and FIM Service databases. You may need to work with your SQL Administrators to make this happen. Ensure that nothing is running on the FIM Service Server or the FIM Synchronization Server prior to backing up the databases.

To backup the FIM Synchronization Service and FIM Service databases

  1. Log on to your SQL Server. This may be separate servers if the databases reside on different servers.

  2. Click Start, click All Programs, click Microsoft SQL Server 2008, and then click SQL Server Management Studio. This will launch SQL Server Management Studio.

  3. On the Connect to Server dialog box, under Server Type select Database Engine.

  4. On the Connect to Server dialog box, under Server name select APP1.

  5. On the Connect to Server dialog box, under Authentication select Windows Authentication.

  6. Click Connect. This should be successful and the database information will be displayed on the left. The SQL Server Agent should have a green arrow.

  7. On the left, expand Databases, right-click FIMService, and select Tasks, and the select Back Up…. This will bring up the Backup Database - FIMService screen.

    backup db

  8. Click OK.

  9. Once this has completed you will see a window that says the backup was successful. Click OK.

  10. On the left, under Databases, right-click FIMSynchronizationService, and select Tasks, and the select Back Up…. This will bring up the Backup Database - FIMService screen.

  11. Click OK.

  12. Once this has completed you will see a window that says the backup was successful. Click OK.

  13. Now, navigate to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Backup

  14. Copy FIMService.bak and FIMSynchronizationService.bak to a safe location.

Backup all Resource Control Display Configuration (RCDC) Objects

An upgrade (or patch) of the Forefront Identity manager Language packs overwrites the Resource Control Display Configuration (RCDC) objects in the database. Due to this, customers can potentially lose all their customizations to localized strings used on the FIM Portal.

If you have customized localized resources on your FIM Portal, you must follow the guidelines in this document to make sure you don’t lose your customizations.

#------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Script to back all the Resource Control Display Configuration Objects
# This script is intended to be run before upgrade to FIM 2010 R2
#------------------------------------------------------------------------------------------------------

#------------------------------------------------------------------------------------------------------
# Script Parameter Declarations
param
(
# Data Warehouse machine name
[parameter(Mandatory=$false)]
[String]$ConfigurationBackupPath = "C:\FIMBackup"
)
# End Script parameter declarations
#------------------------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------------------------
# Script constant declarations

Set-Variable -Name constantFIMPowerShellSnapInName -Option Constant -Value "FIMAutomation" -ErrorAction SilentlyContinue
Set-Variable -Name constantRCDCFolderName -Option Constant -Value "ResourceControlDisplayConfiguration" -ErrorAction SilentlyContinue
Set-Variable -Name constantRCDCObjectFilter -Option Constant -Value "/ObjectVisualizationConfiguration" -ErrorAction SilentlyContinue
Set-Variable -Name constantLineSeperator -Option Constant -Value "----------------------------------------------------------------------------------------------------------" -ErrorAction SilentlyContinue

# End Script constant declarations
#------------------------------------------------------------------------------------------------------
#------------------------------------------------------------------------------------------------------
# Function definitions

#--------------------------------------------------------------
# Checks to see if the user running the script is an 
# administrative user
#--------------------------------------------------------------
function In-Administrator-Mode
{
# check that current user is in administrators group.
try
{ 
# get the current user who is executing the script. 
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$windowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($CurrentUser)

# Is the user in the Admin grooup.
return $windowsPrincipal.IsInRole("Administrators")
}
catch
{
Write-Error $_
return $false
} 
}

#--------------------------------------------------------------
# Checks to see if the FIMAutomation is installed. 
#--------------------------------------------------------------
function Is-FIM-Powershell-SnapIn-Registered
{
try
{
# get registry key value
Add-PSSnapin -Name $constantFIMPowerShellSnapInName -ErrorAction SilentlyContinue 
return $true
}
catch
{
Write-Error $_ 
return $false
}
}

#--------------------------------------------------------------
# Writes an informational message to the Console
# $message : message text to be written to the console
#--------------------------------------------------------------
function Write-Informational-Message([String]$message)
{
Write-Host $message -ForegroundColor "green"
}

#--------------------------------------------------------------
# Writes an error message to the Console
# $message : message text to be written to the console
#--------------------------------------------------------------
function Write-Error-Message([String]$message)
{
Write-Host $message -ForegroundColor "red"
}

#--------------------------------------------------------------
# Saves the RCDC objects to files
# $rcdcs : List of objects to be saved
# $filePath : Path to save the files at.
#--------------------------------------------------------------
function Save-RCDC-Objects([Object[]]$rcdcs, [String]$filePath)
{ 
foreach($rcdc in $rcdcs)
{ 
$fileName = $rcdc.ResourceManagementObject.ObjectIdentifier.Substring(9) + ".xml"
$fullPath = Join-Path -Path $filePath -ChildPath $fileName
ConvertFrom-FIMResource $rcdc -File $fullPath 
}
}

# End Function declarations
#------------------------------------------------------------------------------------------------------

#------------------------------------------------------------------------------------------------------
# Main Script Logic

try
{
Write-Host $constantLineSeperator
Write-Informational-Message "Resource Control Display Configuration backup script."
Write-Informational-Message "This script will back up all resource control display configuration objects."


# Check to see if the script is being run by an administrative user

$inAdminMode = In-Administrator-Mode 
if ($inAdminMode -ne $true)
{
Write-Error-Message "This script is not being run by an administrator. Please re-run script as an administrative user"
EXIT
}

# check to see if the FIM powershell snapin is installed
Write-Host $constantLineSeperator
Write-Informational-Message "Starting Pre-Requisite checks before script execution"
Write-Host $constantLineSeperator
Write-Informational-Message "Pre-Requisite check #1"
Write-Informational-Message "Checking to see if FIM commandlets are installed"

$isFIMPSSnapinInstalled = Is-FIM-Powershell-SnapIn-Registered

if($isFIMPSSnapinInstalled -eq $false)
{
Write-Error-Message "FIM commandlets are not installed on this machine. Please run the script on a machine where FIM service is installed."
Write-Host $constantLineSeperator
EXIT
}
Write-Informational-Message "FIM commandlets are installed on local machine"

# check to see if the configuration back-up path is valid
Write-Informational-Message "Pre-Requisite Check #2"
Write-Informational-Message "Checking to see if the configuration backup folder path is valid"

if((Test-Path $ConfigurationBackupPath -PathType container) -ne $true)
{
Write-Informational-Message "Configuration Backup directory does not exist. Creating the directory" 
New-Item $ConfigurationBackupPath -type directory | out-null
Write-Informational-Message "Configuration Backup directory created"
}

Write-Informational-Message "All Pre-Requisite checks passed."
Write-Host $constantLineSeperator

Write-Host $constantLineSeperator
Write-Informational-Message "Setting up folders to backup the configuration settings"
Write-Host $constantLineSeperator

# check to see if the RCDC folder is already present. If not, create it.
$rcdcPath = Join-Path -Path $ConfigurationBackupPath -ChildPath $constantRCDCFolderName
$saveMessage = "The configuration settings will be saved at : " + $rcdcPath
Write-Host $saveMessage -foregroundcolor "yellow"

if((Test-Path $rcdcPath -PathType container) -eq $true)
{
Write-Informational-Message "The specified directory is already present"

if((Get-ChildItem $rcdcPath) -ne $null)
{
Write-Informational-Message "There is already a saved back-up in this directory"
Write-Informational-Message "Please save the contents in another directory before re-running this script"
Write-Host $constantLineSeperator
EXIT
} 
}
else
{
Write-Informational-Message "Creating the resource control display configuration backup directory"
New-Item $rcdcPath -type directory | out-null
Write-Informational-Message "Created the resource control display configuration backup directory"
}

# get all the rcdc objects from the FIM Service store.
Write-Host $constantLineSeperator
Write-Informational-Message "Gathering all resource control display configuration objects"
$rcdcObjects = Export-FIMConfig -CustomConfig $constantRCDCObjectFilter 
$resultMessage = "Found " + $rcdcObjects.Count + " objects"
Write-Informational-Message $resultMessage
Write-Host $constantLineSeperator

# Write them out to files as XML
Write-Host $constantLineSeperator
Write-Informational-Message "Saving all the resource control display configuration objects"
Save-RCDC-Objects $rcdcObjects $rcdcPath
Write-Informational-Message "Successfully saved all the resource control display configuration objects"
Write-Host $constantLineSeperator
}
catch [Exception]
{
Write-Error-Message "Script execution failed with the following exception message"
Write-Host $_.Exception.ToString()
}

# End Script code
#------------------------------------------------------------------------------------------------------ 

Use the following procedure to backup and restore the RCDC once the upgrade is complete:

To backup and restore the RCDC configuration

  1. Run the PowerShell Script to back up your RCDCs

    Warning

    This should be the first step before upgrading / patching the langpacks

    This script backs up all the ObjectVisualizationConfiguration objects as XML files which are exported by FIM Automation cmdlets. There is a file created for each object and the name of the file is the Object Identifier (GUID) for the object.

    The script takes one parameter:

    Parameter : ConfigurationBackupPath

    Use this parameter to specify a custom backup folder. This parameter is optional.

    The default is: C:\FIMBackup\ResourceControlDisplayConfiguration\

    The script verifies whether the following three prerequisites are satisfied before processing the script code:

    1. The script must be run by a user with administrative rights.

    2. The script must be run on a computer running the FIM service.

    3. The script must be run by a user that has write permissions to ConfigurationBackupPath.

    If any of these conditions are not satisfied, the script stops and an error is displayed.

  2. Upgrade / Patch the FIM Language Pack

    Once you have backed up these resources, you may proceed to upgrade / patch the FIM language packs. When the upgrade completes, you will no longer see your localized customizations on the portal. The following steps describe how to bring your customizations back from the backed up resources.

  3. Compare FIM Configurations

    In order to make meaningful use of the backed up data, you will need to compare the backed up configuration with the new configuration that is in your database after the upgrade / patch. Each of these steps must be performed per configuration object that you believe was customized, using the GUID of the object.Export database configuration to begin the comparison process

    $newConf = Export-FIMConfig –customConfig “/ObjectVisualizationConfiguration[ObjectID=”<ObjectGUID>”]”
    

    Convert the saved XML files into FIM Objects for comparison

    $oldConf = ConvertTo-FIMResource –file <full path to backed-up objectGUID.xml>
    

    Join the two configurations lists

    $matches = Join-FIMConfig –source $newConf –target $oldConf 
    

    Important

    The command also requires a –join parameter that specifies attributes to join on. Ex : $joinCriteria = @{“ObjectVisualizationConfiguration” = “DisplayName”}

    Compare the attributes of the objects (This needs to be done per match.)

    $changes = Compare-FIMConfig $matches
    
  4. Import FIM Config to finally bring back your customizations

    To bring back your customizations, you must run the following cmdlet:

    Import-FIMConfig $changes
    

    When the cmdlet finishes, the object represented by <GUID> is imported into your database, and carries the changes that you had made previously.

    Repeat steps 2 – 4 for each object that contains customized localization data in it for your portal.

For additional information see Compare-FIMConfig cmdlet.

For additional information see Import-FIMConfig cmdlet.

Common FIM 2010 R2 Database Upgrade Issues

This section outlines problems that can be faced during an upgrade of the Forefront Identity manager – the database upgrade step. It also outlines what needs to be done in these cases.

The Forefront Identity Manager 2010 (FIM) R2 supports an upgrade from prior versions of the product (e.g. FIM 2010 RTM).

Warning

An upgrade to FIM 2010 R2 is a ‘major’ upgrade. The older version of the product will be uninstalled before installing the new version.

During an upgrade of FIM, two high level operations take place:

  1. Install the new FIM Service binaries

  2. Upgrade of the FIM Service Database

Since the FIM Service and FIM Service Database are tied to each other, it is necessary that the version of the FIM Service Database be the same as the version that the FIM Service expects to work with. If the upgrade of the FIM Service Database fails during setup, it will cause a rollback of setup and may leave the FIM Service Database and FIM Service in an incompatible state.

Scenarios resulting in an incompatible state

The issue appears during FIM Service and Portal setup with re-use database option selected and the database is in one of the following states:

  1. Database is one where upgrade has previously failed– during an upgrade, database upgrade may have failed due the below two reasons or because requests to the SQL server may have failed. These failures leave the database in an inconsistent condition, and you will see the following error during setup:

    Database Issue 1

  2. Database version is unknown to setup to upgrade from - this will happen when your current database is the result of applying a Hotfix / Update to your current product that was released before the latest version of the product was released.

    For example, your current installation is FIM 2010 RTM + Update 3 and you want to upgrade to FIM 2010 R2 RTM. Since Update 3 (will be) released after FIM 2010 R2 RTM, database upgrade in FIM 2010 R2 RTM doesn’t know how to upgrade from Update 3. In this case you’ll need to install a patch that will make it possible for FIM 2010 R2 RTM to recognize your database version successfully. You will see a warning similar to the following during setup:

    Database Issue 2

  3. Database version is newer than what setup can upgrade to– this will happen when your current database is the result of applying a Hotfix / Update to the base release of the product. For example, you installed FIM 2010 RTM + Update 1 on one instance (machine). You now want to install another instance pointing to the same database using the ‘reuse database’ option. In this case your existing database (on the first instance) is newer (Update 1’s database version) than what FIM 2010 RTM’s setup can upgrade to. Database upgrade fails in this condition. You will see an information dialog similar to the below, during setup:

    Database Issue 3