Step 10: Verify the Installation

Verifying the FIMCM1 installation for the Forefront Identity Manager 2010 test lab consists of the following:

  • Verify the Build Numbers of the FIM CM Policy Module

  • Verify the Build Numbers of the FIM CM binaries

  • Verify the CA is in the CertificateAuthorities SQL Table

  • Obtain a certificate for the Administrator

Verify the Build Numbers of the FIM CM Policy Module

To verifying the Build Number of the FIM CM Policy Module

  1. Log on to DC1 as CORP\Administrator.

  2. Click Start, click Administrative Tools, and then click Server Manager.

  3. In Server Manager, expand Roles, expand Active Directory Certificate Services, right-click corp-DC1-CA and select Properties. This will bring up the corp-DC1-CA properties.

  4. At the top, click the Policy Module tab. This may take a second or two to refresh.

  5. Look for Version: and note the value. It should be 4.0.3531.2. Click Cancel.

    Policy Module

Verify the Build Numbers of the FIM CM binaries

To verify the build numbers of the FIM CM binaries

  1. Log on to FIMCM1 as CORP\Administrator.

  2. Navigate to the following directory: c:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\Bin.

  3. Locate the Microsoft.Clm.Common.dll file, right-click and select Properties. This will bring up the Properties dialog box.

  4. At the top, click the Details tab.

  5. Look for Product Version and note the value. It should be 4.0.3531.2. Click Cancel.

    Microsoft.Clm.Common.dll Properties

  6. Locate the Microsoft.Clm.Service.exe file, right-click and select Properties. This will bring up the Properties dialog box.

    ImportantImportant
    This is the application file that we are checking the version of, not the config file.

  7. At the top, click the Details tab.

  8. Look for Product Version and note the value. It should be 4.0.3531.2. Click Cancel.

Verify the CA is in the CertificateAuthority SQL Table

To verify the CA is in the CertificateAuthority SQL Table

  1. Log on to APP1 as corp\Administrator.

  2. Click Start, click All Programs, click Microsoft SQL Server 2008, and then click SQL Server Management Studio. This will launch SQL Server Management Studio.

  3. On the Connect to Server dialog box, under Server Type select Database Engine.

  4. On the Connect to Server dialog box, under Server name select APP1.

  5. On the Connect to Server dialog box, under Authentication select Windows Authentication.

  6. Click Connect. This should be successful and the database information will be displayed on the left. The SQL Server Agent should have a green arrow.

  7. On the left, expand Databases, expand FIMCertificateManagement, expand Tables, right-click on dbo.CertificateAuthority and select Select Top 1000 Rows. This will populate the middle pane with the SQL query at the top and the results will be at the bottom.

  8. In results section, the column ca_server_name should have DC1.corp.contoso.com.

  9. In results section, the column ca_name should have corp-DC1-CA.

    CertificateAuthority Table

  10. Close SQL Server Management Studio.

    ImportantImportant
    If you do not see the certificate authority information populated, check your connection string on the Exit Module. See: Configure FIM CM Exit Module on DC1. Also verify that the permissions for DC1 are set correctly on the SQL Server. See: Allow DC1 to access the FIM CM database on APP1. Another thing, if you see an Event ID 0 in the Event Viewer, reboot DC1 and then stop and start the CA, then check the table again.

Obtain a certificate for the Administrator

In this last step we will verify that the Administrator is able to obtain a certificate using FIM CM.

To obtain a certificate for the Administrator

  1. Click Start, click All Programs, and then click Internet Explorer (64-bit).

  2. In Internet Explorer, in the address bar at the top, enter https://fimcm1/certificatemanagement and hit enter. This should bring up the Forefront Identity Manager 2010 page. Click on click to enter. This will bring you to the main FIM CM page. This may take a moment.

    Issue certificate

  3. Toward the top, on the left, click Manage my info.

  4. Under Common Tasks click Request a new set of certificates. This will take a moment and bring up the Enrollment Request Initiation screen.

    Issue certificate

  5. On the Enrollment Request Initiation screen, in the box under Sample Data Item enter Sample Data Item. Click Next.

    Issue certificate

  6. This will bring up a box that says The Web site is attempting to perform a digital certificate on your behalf.., Click Yes.

    Issue certificate

  7. This will bring up another box that says The Web site is attempting to perform a digital certificate on your behalf.., Click Yes. This will take a moment as the request is processed.

  8. This will bring up another box that says The Web site is attempting to perform a digital certificate on your behalf.., Click Yes. This is the third box with this message.

  9. At this point, you should see the Installing Certificates screen and there should be a check under Success.

    Issue certificate

  10. Close Internet Explorer.

Community Additions

ADD
Show: