Step 8: Upgrade FIM 2010 to FIM 2010 R2
Upgrading FIM 2010 to FIM 2010 R2 involves the following:
Create the FIM Password Service Account
Verify the SharePoint 2010 Administration Service is running
Upgrade the FIM Synchronization Service on FIM1
Upgrade the FIM Service and Portal on FIM1
Create the FIM Password Service Account
We will create one service account that will be used for SSPR in later test lab guides.
To create the FIM Password Service Account
Log on to DC1.corp.contoso.com as Administrator.
Click Start, select Administrative Tools, and then click Active Directory Users and Computers. This will open the Active Directory Users and Computers MMC.
In the Active Directory Users and Computers MMC, from the tree-view on the left, expand corp.contoso.com.
Now, right-click ServiceAccounts, select New, and then select User. This will bring up the New Object – User window.
On the New Object – User screen, in the Full Name box, type the following text:
FIM PW Service Account.On the New Object – User screen, in the User logon name box, type the following text, and then click Next:
FIMPasswordOn the New Object – User screen, in the Password box, type the following text:
Pass1word!On the New Object – User screen, in the Confirm Password box, type the following text:
Pass1word!On the New Object – User screen, clear the User must change password at next logon check box.
On the New Object – User screen, select Password never expires, and then click Next.
Click Finish.
Log off DC1.corp.contoso.com.
Verify the SharePoint 2010 Administration Service is running
Now we will verify that the SharePoint 2010 Administration Service is running. This is required to upgrade the FIM Service and FIM Portal.
To verify the SharePoint 2010 Administration Service is running
Log on to FIM1.corp.contoso.com as Administrator.
Click Start, select Administrative Tools, and then click Services. This will open the Services MMC.
On the right, scroll down to the SharePoint Administration Service and verify that it is Started.
If it is not Started, right-click on SharePoint Administration Service and select Start.
Once it starts, close Services.
Upgrade the FIM Synchronization Service on FIM1
First we will upgrade the FIM Synchronization Service on FIM1.
To upgrade the FIM Synchronization Service on FIM1
Log on to FIM1 as CORP\Administrator.
Navigate to the directory that contains the binaries for Forefront Identity Manager 2010 R2 and double-click FIMSplash.htm. This will bring up the Forefront Identity Manager 2010 R2 splash screen.
On the splash screen, click Install Synchronization Service. You will see a pop-up that says Do you want to run or save this file? Click Run. This will take a minute. Then you will see another pop-up asking Do you want to run this software? Click Run. This will start the Forefront Identity Manager 2010 R2 Setup Wizard.
On the Welcome page, click Upgrade.
On the End User License Agreement page, read the License Agreement, select I accept the terms in the License Agreement, and then click Next.
On the Configure Forefront Identity Manager Synchronization Service page, enter the FIMSynchService password, Pass1word! And click Next.
Leave the default groups, and click Next.
Select Enable firewall rules for inbound RPC communications, and click Next.
On the Ready to Upgrade the Program page, click Upgrade.
This will bring up a pop-up box that says the setup will now upgrade the database. Click Yes. This will continue the installation.
Once this completes, click Finish.
Upgrade the FIM Service and Portal on FIM1
Next, we will upgrade the FIM Service and Portal on FIM1.
To Upgrade the FIM Service and Portal on FIM1
Navigate to the directory that contains the binaries for Forefront Identity Manager 2010 R2 and double-click FIMSplash.htm. This will bring up the Forefront Identity Manager 2010 R2 splash screen.
On the splash screen, click Install Service and Portal. You will see a pop-up that says Do you want to run or save this file? Click Run. This will take a minute. Then you will see another pop-up asking Do you want to run this software? Click Run. This will start the Forefront Identity Manager 2010 Service and Portal Setup Wizard.
On the Welcome page, click Next.
On the End User License Agreement page, read the License Agreement, select I accept the terms in the License Agreement, and then click Next.
On the FIM Customer Experience Improvement Program page, select I don’t want to join the program at this time, and then click Next.
On the Custom Setup page, click the drop-down list next to FIM Password Registration, select Entire feature will be unavailable.
On the Custom Setup page, click the drop-down list next to FIM Password Reset Portal, select Entire feature will be unavailable.
Click Next.
On the Configure Common Services page, next to Database Server, remove the FIM1 value, and then enter APP1. Select Re-use the existing database and click Next.
On the Database Backup Warning screen, click Next.
Next to Mail Server, type the following text, EX1.corp.contoso.com, clear the SSL box and check the Mail Server is Exchange 2007 or Exchange Server 2010 and Enable polling for Exchange Server 2007 or Exchange Server 2010 boxes, then click Next:
On the Configure service certificate page, select Select a certificate located in the local certificate store. Click Select Cert.
From the list select ForefrontIdentity Manager and click OK. Click Next.
Security Note Be aware that FIM does not use this certificate for client authentication. This certificate is only used internally by the FIM Synchronization Service. On the Configure FIM Service account page, next to Service Account Name, type the following text:
FIMService.On the Configure FIM Service account page, next to Service Account Password, type the following text:
Pass1word$On the Configure FIM Service account page, next to Service Account Domain, type the following text:
CORPOn the Configure FIM Service account page, next to Service Email Account, type the following text:
FIMService@corp.contoso.comClick Next.
On the Configure Common Services, leave the defaults for the Synchronization Server and the FIM Management Agent Account and click Next.
On the Configure FIM Service and Portal, leave the defaults for the FIM Service Server address and click Next.
On the Configure connection to the FIM Service page, leave the default of https://localhost and click next.
On the Configure optional portal homepage configuration page, in the box next to Registration Portal URL: enter https://passwordregistration.corp.contoso.com and then click Next.
On the Configure security changes configured by setup page, select Open ports 5725 and 5726 in firewall, select Grant authenticated users access to the FIM Portal site, and then click Next.
On the Enter optional password portal configuration page, place a check in FIM Password Registration Portal will be installed on another host and under Enter the existing account under which the password registration application pool will run in IIS, next to Account Name, type the following text:
CORP\FIMPassword.On the Enter optional password portal configuration page, place a check in FIM Password Reset Portal will be installed on another host and under Enter the existing account under which the application pool will run in IIS, next to Account Name, type the following text:
CORP\FIMPassword.Click Next.
Click Install. This will begin the installation.
Once the installation completes, click Finish.
Close the Splash screen.
Restart FIM1.