Friday, May 04, 2012 11:21 PM
Hi, Im pretty new to FIM2010. I am attempting to do a FIM DR test, we have a copy of our PROD env (DC/DNS only) and moved it to an isoloated env. Then we added a new server to host FIM and and SQL server.
The plan is to restore the SQL databases from PROD (FIMSync,FIMService) to the SQL server and install FIM on the new server and point the new FIM install to the restored SQL databases on the SQL server.
Does this sound like it would work?
Thank you so much.
Saturday, May 05, 2012 10:06 AM
So you already have FIM in your production environment and just migrated the database from production to test? If you would then install FIM in the test environment and point to the test database, it would work, but you would need the encryption key that was created on the production installation process.
This process is much like restoring a warm standby-server. Take a look at this post:
The answer from Carol states 2 options. The second option is suitable in your situation.
Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/
- Edited by Pieter de Loos Saturday, May 05, 2012 10:06 AM
Sunday, May 06, 2012 5:26 AM
While not disagreeing with my own linked answer, that only covered the Sync service. The Sync service can easily be replicated using database transfer, however the FIM Service and Portal is problematic. There is no supported way to change the built-in Administrator account after installation (don't ask me why - I think it should be a question during the installation, same as the FIM MA service account is). So if you transfer the FIM Service database to another domain you will have locked out your built-in Administrator account.
You may be able to get around this by simply not using it. Use the Sync Service to update the SIDs and domain of any accounts that exist in both environments and you can at least login with those. Just make sure that one of them is in the Administrators set first.
I do have another alternative for you. This is completely unsupported but as you're just talking about making a dev environment the risk is low. Here is a script I wrote to change the administrator account in the FIMService DB: http://www.wapshere.com/missmiis/change-fimadmin-ps1
PS: having just re-read your question you may in fact have no problems with the built-in Admin account because you repliacted the DC and therefore should have the same SIDs, domain name and account name. So actually a straight DB transfer will work fine. I'm leaving the other pointers there in case anyone else needs them.
- Edited by Carol WapshereMVP Sunday, May 06, 2012 5:29 AM
Thursday, May 10, 2012 7:07 PM
Thank you all for your replies, sorry to reply back so late. I was able to restore the FIMSync Service and start it successfully, only after applying the hotfixes needed - FIMSyncService_x64_KB2272389 - listed here incase anyone else needs it as a reference.
FIMService is actually a bit more challenging as you need to go into the SQL client and rename the original SQL job agents and FIMService database, then do a new install of the FIMService while naming the database something difference such as, FIMServiceTEMP database. Then apply update1 - reinstall the FIMService using the splash screen but this time select "change" and point the application to the original FIMService database. This is where I'm stuck, I get the following message right before the reinstall is about to finish: "Service ‘Forefront Identity Manger Service’ (FIMService) failed to start. Verify that you have sufficient privileges to start system services". At least this time is doesn't just rollback :) Any ideas???
If I can get past this step the next steps would be to: Rename original SQL jobs back and delete the FIMServiceTEMP.
Thanks again for your help!
Tuesday, May 22, 2012 5:19 PM
I ended up taking a different approach to the restore - this is what I did briefly -
Install FIM Sync and Service from scratch - letting it create new databases.
Install Hotfix 4.0.3576.2 - this hotfix includes all previous hotfixes as well as update1. When you first install your FIM the fim.version will be 10, after the hotfix it will be 20.
restore the prod FIM databases into the FIM DR test env.
Now run the miisactivate command using the encryption key belonging to the prod databases- this will ensure the server.config table holds the correct name pretaining to the new server FIM
I had to run the same Hotfix 4.0.3576.2 - otherwise I found the FIMSync app GUI would not open.
Afterwards I was able to open FIM Sync and run MAs which were imported (of course first change your connection) without a problem.
These are the basic steps to get it to work.
- Marked As Answer by jamzm101 Tuesday, May 22, 2012 5:20 PM