Step 8: Upgrade FIM 2010 to FIM 2010 R2

  • Article

Upgrading FIM 2010 to FIM 2010 R2 involves the following:

  • Create the FIM Password Service Account

  • Verify the SharePoint 2010 Administration Service is running

  • Upgrade the FIM Synchronization Service on FIM1

  • Upgrade the FIM Service and Portal on FIM1

Create the FIM Password Service Account

We will create one service account that will be used for SSPR in later test lab guides.

To create the FIM Password Service Account

  1. Log on to DC1.corp.contoso.com as Administrator.

  2. Click Start, select Administrative Tools, and then click Active Directory Users and Computers. This will open the Active Directory Users and Computers MMC.

  3. In the Active Directory Users and Computers MMC, from the tree-view on the left, expand corp.contoso.com.

  4. Now, right-click ServiceAccounts, select New, and then select User. This will bring up the New Object – User window.

  5. On the New Object – User screen, in the Full Name box, type the following text:
    FIM PW Service Account.

  6. On the New Object – User screen, in the User logon name box, type the following text, and then click Next:
    FIMPassword

  7. On the New Object – User screen, in the Password box, type the following text:
    Pass1word!

  8. On the New Object – User screen, in the Confirm Password box, type the following text:
    Pass1word!

  9. On the New Object – User screen, clear the User must change password at next logon check box.

  10. On the New Object – User screen, select Password never expires, and then click Next.

  11. Click Finish.

  12. Service Accounts

  13. Log off DC1.corp.contoso.com.

Verify the SharePoint 2010 Administration Service is running

Now we will verify that the SharePoint 2010 Administration Service is running. This is required to upgrade the FIM Service and FIM Portal.

To verify the SharePoint 2010 Administration Service is running

  1. Log on to FIM1.corp.contoso.com as Administrator.

  2. Click Start, select Administrative Tools, and then click Services. This will open the Services MMC.

  3. On the right, scroll down to the SharePoint Administration Service and verify that it is Started.

  4. If it is not Started, right-click on SharePoint Administration Service and select Start.

  5. Once it starts, close Services.

Upgrade the FIM Synchronization Service on FIM1

First we will upgrade the FIM Synchronization Service on FIM1.

To upgrade the FIM Synchronization Service on FIM1

  1. Log on to FIM1 as CORP\Administrator.

  2. Navigate to the directory that contains the binaries for Forefront Identity Manager 2010 R2 and double-click FIMSplash.htm. This will bring up the Forefront Identity Manager 2010 R2 splash screen.

  3. On the splash screen, click Install Synchronization Service. You will see a pop-up that says Do you want to run or save this file? Click Run. This will take a minute. Then you will see another pop-up asking Do you want to run this software? Click Run. This will start the Forefront Identity Manager 2010 R2 Setup Wizard.

  4. On the Welcome page, click Upgrade.

    Synch Service Upgrade 1

  5. On the End User License Agreement page, read the License Agreement, select I accept the terms in the License Agreement, and then click Next.

  6. On the Configure Forefront Identity Manager Synchronization Service page, enter the FIMSynchService password, Pass1word! And click Next.

    Synch Service Upgrade 2

  7. Leave the default groups, and click Next.

    Synch Service Upgrade 3

  8. Select Enable firewall rules for inbound RPC communications, and click Next.

    Sync Install 5

  9. On the Ready to Upgrade the Program page, click Upgrade.

    Synch Service Upgrade 5

  10. This will bring up a pop-up box that says the setup will now upgrade the database. Click Yes. This will continue the installation.

    Synch Service Upgrade 6

  11. Once this completes, click Finish.

    Synch Service Upgrade 7

Upgrade the FIM Service and Portal on FIM1

Next, we will upgrade the FIM Service and Portal on FIM1.

To Upgrade the FIM Service and Portal on FIM1

  1. Navigate to the directory that contains the binaries for Forefront Identity Manager 2010 R2 and double-click FIMSplash.htm. This will bring up the Forefront Identity Manager 2010 R2 splash screen.

  2. On the splash screen, click Install Service and Portal. You will see a pop-up that says Do you want to run or save this file? Click Run. This will take a minute. Then you will see another pop-up asking Do you want to run this software? Click Run. This will start the Forefront Identity Manager 2010 Service and Portal Setup Wizard.

  3. On the Welcome page, click Next.

  4. On the End User License Agreement page, read the License Agreement, select I accept the terms in the License Agreement, and then click Next.

  5. On the FIM Customer Experience Improvement Program page, select I don’t want to join the program at this time, and then click Next.

  6. On the Custom Setup page, click the drop-down list next to FIM Password Registration, select Entire feature will be unavailable.

  7. On the Custom Setup page, click the drop-down list next to FIM Password Reset Portal, select Entire feature will be unavailable.

  8. Click Next.

    FIM Service 2

  9. On the Configure Common Services page, next to Database Server, remove the FIM1 value, and then enter APP1. Select Re-use the existing database and click Next.

    FIM Service 3

  10. On the Database Backup Warning screen, click Next.

    FIM Service 4

  11. Next to Mail Server, type the following text, EX1.corp.contoso.com, clear the SSL box and check the Mail Server is Exchange 2007 or Exchange Server 2010 and Enable polling for Exchange Server 2007 or Exchange Server 2010 boxes, then click Next:

    FIM R2 Mail Server Location

  12. On the Configure service certificate page, select Select a certificate located in the local certificate store. Click Select Cert.

    FIM Service 5

  13. From the list select ForefrontIdentity Manager and click OK. Click Next.

    securitySecurity Note
    Be aware that FIM does not use this certificate for client authentication. This certificate is only used internally by the FIM Synchronization Service.

    FIM Service 6

  14. On the Configure FIM Service account page, next to Service Account Name, type the following text:
    FIMService.

  15. On the Configure FIM Service account page, next to Service Account Password, type the following text:
    Pass1word$

  16. On the Configure FIM Service account page, next to Service Account Domain, type the following text:
    CORP

  17. On the Configure FIM Service account page, next to Service Email Account, type the following text:
    FIMService@corp.contoso.com

    Configure FIM Service Account

  18. Click Next.

  19. On the Configure Common Services, leave the defaults for the Synchronization Server and the FIM Management Agent Account and click Next.

    Configure Synch Server

  20. On the Configure FIM Service and Portal, leave the defaults for the FIM Service Server address and click Next.

    Connection to FIM Service

  21. On the Configure connection to the FIM Service page, leave the default of https://localhost and click next.

    Sharepoint site collection

  22. On the Configure optional portal homepage configuration page, in the box next to Registration Portal URL: enter https://passwordregistration.corp.contoso.com and then click Next.

    Registration Portal URL

  23. On the Configure security changes configured by setup page, select Open ports 5725 and 5726 in firewall, select Grant authenticated users access to the FIM Portal site, and then click Next.

    Configure Firewall

  24. On the Enter optional password portal configuration page, place a check in FIM Password Registration Portal will be installed on another host and under Enter the existing account under which the password registration application pool will run in IIS, next to Account Name, type the following text:
    CORP\FIMPassword.

  25. On the Enter optional password portal configuration page, place a check in FIM Password Reset Portal will be installed on another host and under Enter the existing account under which the application pool will run in IIS, next to Account Name, type the following text:
    CORP\FIMPassword.

    FIM Password Portal Information

  26. Click Next.

  27. Click Install. This will begin the installation.

  28. Once the installation completes, click Finish.

  29. Close the Splash screen.

  30. Restart FIM1.