none
FIM 2010 R2 to R2 SP1 update fails RRS feed

  • Question

  • Hi all,

    I hope you can help me with this issue. We have a FIM 2010 R2 Sync Engine, Service and Portal running. Now I'm trying to run to install SP1 for that but it fails.

     

    • FIM Sync Engine is no problem and patches correctly to R2 SP1
    • FIM Service and Portal ends prematurly during the upgrade, leaving the database corrupted(version-1) etc.

    I've run an MSI verbose logging, but that doesnt help much:

    -------------------------------------------------------------------------------------------------

    MSI (c) (E0:70) [10:59:25:371]: Transforming table Binary.

    MSI (c) (E0:70) [10:59:25:371]: Note: 1: 2262 2: Binary 3: -2147287038
    Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"XXXX" /FimServiceDatabaseName:"FIMService"
    MSI (s) (44:94) [10:59:28:877]: Product: Forefront Identity Manager Service and Portal -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"XXXXXX" /FimServiceDatabaseName:"FIMService"

    Action ended 10:59:28: InstallExecute. Return value 3.

    Rollback starts from here.

    -------------------------------------------------------------------------------------------------

    I've found the following in the Microsoft.IdentityManagement.DatabaseUpgrade_tracelog.txt and I guess this is what goes wrong:

    -------------------------------------------------------------------------------------------------

    Microsoft.ResourceManagement Verbose: 0 :  Executing Batch #: 1
        DateTime=2013-11-14T13:00:10.2511860Z
    Microsoft.ResourceManagement Verbose: 0 : --********************************************************
    --*                
        DateTime=2013-11-14T13:00:10.2511860Z
    Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Completed processing pre object import file DisableUsageKeywordCheck.sql.
        DateTime=2013-11-14T13:00:10.2570456Z
    Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Started processing object import file ConfigurationChange1113Attribute.xml.
        DateTime=2013-11-14T13:00:10.2580222Z
    Microsoft.ResourceManagement Verbose: 0 : PlatformBasics is starting. IsService = 'False'.
        DateTime=2013-11-14T13:00:11.0822726Z
    Microsoft.ResourceManagement Verbose: 0 : Application Registered as ServiceId '2', ServicePartitionId '2'.
        DateTime=2013-11-14T13:00:11.1564942Z
    Microsoft.ResourceManagement Verbose: 0 : Request '' status was updated in-memory from 'NotFound' to 'Validating'.
        DateTime=2013-11-14T13:00:11.7063200Z
    Microsoft.ResourceManagement Verbose: 0 : Request created: 'Create Resource:  'Deferred Evaluation' Request'
        <RequestParameter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xsi:type="CreateRequestParameter"><Calculated>false</Calculated><Target>35c27ca4-3925-468e-8e10-e68b5882b6b4</Target><PropertyName>UsageKeyword</PropertyName><Value xsi:type="xsd:string">Microsoft.ResourceManagement.WebServices</Value><Operation>Create</Operation></RequestParameter>
        <RequestParameter xmlns:xsi="http:
        DateTime=2013-11-14T13:00:13.0325428Z
    Microsoft.ResourceManagement Verbose: 0 : Entered RequestDispatcher with Request Object; RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'.
        DateTime=2013-11-14T13:00:13.0462152Z
    Microsoft.ResourceManagement Verbose: 0 : Add request '60f2fc53-de87-4837-8139-9f3efcec3b06' to cache with RequestStatus 'Validating'.
        DateTime=2013-11-14T13:00:13.0510982Z
    Microsoft.ResourceManagement Information: 1 : RequestDispatcher enter processing pipeline;  RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'; Operation 'Create'; Object 'Resource'; RequestStatus 'Validating'.
        DateTime=2013-11-14T13:00:13.0530514Z
    Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validating'.
        DateTime=2013-11-14T13:00:13.0550046Z
    Microsoft.ResourceManagement Information: 1 : ManagementPolicy: EvaluatingRights
        DateTime=2013-11-14T13:00:13.0579344Z
    Microsoft.ResourceManagement Information: 1 : ManagementPolicy: RightsEvaluated
        DateTime=2013-11-14T13:00:17.4897452Z
    Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validating' to 'Validated'.
        DateTime=2013-11-14T13:00:17.4897452Z
    Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' updates have been persisted to permanent storage.
        DateTime=2013-11-14T13:00:17.5854520Z
    Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validated'.
        DateTime=2013-11-14T13:00:17.5864286Z
    Microsoft.ResourceManagement Verbose: 0 : Executing initial authentication.
        DateTime=2013-11-14T13:00:17.5893584Z
    Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validated' to 'Authenticating'.
        DateTime=2013-11-14T13:00:17.5893584Z
    Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticating' to 'Authenticated'.
        DateTime=2013-11-14T13:00:17.5893584Z
    Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authenticated'.
        DateTime=2013-11-14T13:00:17.5903350Z
    Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticated' to 'Authorized'.
        DateTime=2013-11-14T13:00:17.5971712Z
    Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authorized'.
        DateTime=2013-11-14T13:00:17.5981478Z
    Microsoft.ResourceManagement Information: 1 : WS: Action.Create.Execute.Enter
        DateTime=2013-11-14T13:00:17.6010776Z
    Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".
        DateTime=2013-11-14T13:00:18.0327348Z
    Microsoft.ResourceManagement Error: 3 : Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".
       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
       at System.Data.SqlClient.SqlDataReader.get_MetaData()
       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
       at System.Data.SqlClient.SqlCommand.ExecuteReader()
       at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
       --- End of inner exception stack trace ---
        DateTime=2013-11-14T13:00:18.0405476Z

    -------------------------------------------------------------------------------------------------

     

    • I have admin rights in SQL, Sharepoint etc. Account belongs to the FIM administrators group.
    • I performed an upgrade from 2010 to 2010 R2 with the same account last week.
    • Sync Engine upgrades succesfully
    • I've run the following match:

    select * from FIMService.fim.BindingInternal INNER JOIN FIMService.fim.AttributeInternal on FIMService.fim.BindingInternal.AttributeName=FIMService.fim.AttributeInternal.Name

    All BindingInternal AttributeNames are present in AttributeInternal Names.

    Any of you has experienced this before?

    Kind regards, Robin



    • Edited by Robin Gaal Thursday, November 14, 2013 3:17 PM
    Thursday, November 14, 2013 1:45 PM

Answers

  • Just to let you all know, the issue is solved by Microsoft support. They have sended us a SQL script which does some magic FIMService DB stuff and after running the SP1 patch again it installs without any problems.


    Find me on linkedin: http://nl.linkedin.com/in/tranet

    • Marked as answer by Robin Gaal Monday, January 6, 2014 9:48 AM
    Monday, January 6, 2014 9:48 AM

All replies

  • Do you have FIM Reporting feature installed as well?

    I faced the issue once - when FIM Reporting was installed. It was not on Production environment - there it went fine (after Test env). But I've faced it on Test environment. In my case installation from command line helped. So please try this way.

    You could also try removing FIM Reporting from your current installation, patch the service and then add FIM Reporting feature again (there is no reporting data loss).


    Keep trying

    Thursday, November 21, 2013 7:44 AM
  • We have not installed FIM reporting yet so I guess this is a diffrent error. To what do you refer with command line installation? I've tried msiexec /update "pathtoupdate" /L*V "logpath". But that gave me the same error during patching.

    Find me on linkedin: http://nl.linkedin.com/in/tranet


    • Edited by Robin Gaal Monday, November 25, 2013 9:05 AM
    Monday, November 25, 2013 9:05 AM
  • I have some more info. I've run some traces and we found out the error above is occuring after the DB upgrade. After the DB upgrade a few tasks are performed by the FIM Service(you can find the in the 'search request' on FIM portal when hacking the FIM version tot 1117 after failed patch:)):

    -Create AttributeTypeDescription 'Deferred Evalution' (msidmdeferredevaluation). This is the one failing. For some reason, the FIMService gives the

    Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".

    error on this point.

    Has anyone an idea why the FIM service failes to create the msidmdeferredevaluation attribute during R2 => R2 SP1 patching?

    I have tried to create the attribute manually in the portal but that failes with a 'permission denied' telling me msidm is a system used prefix.


    Find me on linkedin: http://nl.linkedin.com/in/tranet

    Monday, November 25, 2013 2:03 PM
  • Hi,

    Make sure that you have the SQL recovery mode to "simple" on FIMService Database, and enable SQL Broker on the FIM Service DB with this command:

    ALTER DATABASE <FIM Service DB name> SET ENABLE_BROKER

    Try to reboot SQL instance before applying the update to be sure that no connection is open.

    Monday, November 25, 2013 4:27 PM
  • another point, you have to generate new certificate during the upgrade (don't use the same certificate).

    If you have using the "Reuse Existing Certificate" option may experience some errors. Try to re-run setup with the "Generate New Certificate" option selected in the Service and Portal setup.

    If you are using a custom certificate on FIM 2010, make sure that the certificate name is ForefrontIdentityManager, otherwise upgrade will fail. If your certificate is name differently, follow these steps:
    1. Issue a new certificate with the name ForefrontIdentityManager as the subject.
    2. On FIM 2010 (not FIM 2010 R2 ), run a re-install in Change mode.
    3. Point to the new certificate.
    4. Run the FIM 2010 R2 upgrade.

    Monday, November 25, 2013 4:34 PM
  • Hi Antho,

    Thanks for you reply. The point is we are already on FIM2010R2(we did an upgrade to that 2 weeks ago succesfully) and we just want to install the SP1 update using the Windows Update module, so we not doing an upgrade from non-R2 to R2.

    The FIM service DB is on recoverymode SIMPLE and the Broker is enabled. During the SP1 update no configuration options are shown, it's just one screen with an "update" button. When we did the RTM => R2 upgrade 2 weeks ago we enabled the "generate new certificate" option. So those 2 options you mention don't seem to be the problem in this case.

    The weird thing is that the FIM Service DB schema is succesfully upgraded from the R2 to R2 SP1 schema according to the DB tracelogs, so the SP1 installer can find the DB and actually do the nessacary schema upgrades in it. After the DB schema update, the SP1 installer(not directly in the DB but with using the FIM Service) does another 5/6 things(which I managed to find based on logs from a succesfull upgrade on our testsystem in the "Search requests" option on FIM Portal) and those seem to fail with the sql error mentioned in my previous posts:

    -Create attributedescription for msidmdefferredevalution.

    -Create a binding between msidmdefferedevalution and an MPR(administraters can edit/delete balbalba).

    -Create another attributedescription which is something like msidmdefaultdefferedevalutionsetting.

    -Create a binding between the msidmdefaultdefferedevalutionsetting and an MPR.

    -2 other things which consist of setting the msidmdefaultdefferedevalutionsetting on false.

    The SP1 update is failing in our PROD system at the first task which consists of creating the attributedescription for msidmdefferredevalution and I have no clue why it fails.. Manually creating attribute descriptions in the portal is not a problem(before upgrading or after a failed upgrade and modifiyng the FIM.version table from -1 to 1117), it's just the SP1 installer which can't create the attributedescription for some reason with SQL error:

    Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".


    Find me on linkedin: http://nl.linkedin.com/in/tranet


    • Edited by Robin Gaal Tuesday, November 26, 2013 10:58 AM
    Tuesday, November 26, 2013 10:57 AM
  • Do you have a correct FIM installation account (with well-known GUID 7fb2b853-24f0-4498-9534-4e10589723c4, and administrator rights) on FIM portal and WSS ?

    I never exprience this issue...

    The attribute msidmDeferredEvaluation has a binding with Group object (in order to evaluation de real time or diferred evaluation). Check if this binding is not present due to a precedent failed upgrade.

    Tuesday, November 26, 2013 12:20 PM
  • Hi Antho,

    Thanks for thinking with me.

    Yes, the installation account has access(and the correct objectsid, member of the administrator set, and has full rights in SP2010 foundation and has full rights in SQL. The succesfull non-R2 to R2 upgrade we performed 2 weeks ago was also done with this same account.

    The creation of those attributes and bindings are performed by the FIM Service itself(with the FIMService service account) according to the 'search requests' section in FIM Portal on our testing enviroment where we did manage to install the R2 to R2 SP1 patch, and not actually the FIM installation account.

    After every failed attempt we have recovered the FIM Service DB(on which we turn the broker on afterwards of course), and the binding is not present yet on the Group object. The attribute also doesn't excist yet, and the object Key of the attribute(fixed on 280 for the fim.AttributeInternal table and 281 for the other one which is msidmdefaultdefferedblabla) is not used yet.


    Find me on linkedin: http://nl.linkedin.com/in/tranet


    • Edited by Robin Gaal Tuesday, November 26, 2013 2:02 PM
    Tuesday, November 26, 2013 2:02 PM
  • Some people seems experience issues by using the KB2772429.

    http://www.fimspecialist.com/fim-r2-sp1-fim-service-and-portal-setup-wizard-ended-prematurely/

    Try to use the Full FIM R2 SP1 media. Make sure that you use the correct media (MSDN or VL) depending your environment.

    Tuesday, November 26, 2013 4:12 PM
  • Hi Antho,

    That is a different problem with a diffrent error in the logging which I actually experienced and solved before(the Robin Gaal mentioned in the blog is actually me...) but it might be a good idea trying to install with the Full FIM R2 SP1 media.


    Find me on linkedin: http://nl.linkedin.com/in/tranet

    Tuesday, November 26, 2013 4:43 PM
  • Hi,

    Yes i know that's different problem, but the solution to use the full installation media of FIM R2 SP1 is interesting ;)

    Wednesday, November 27, 2013 8:51 AM
  • Using the full FIM R2 SP1 media inclusief reinstall(with keeping the FIM Service DB) didn't solve the issue.

    Find me on linkedin: http://nl.linkedin.com/in/tranet

    Thursday, November 28, 2013 10:12 AM
  • Just to let you all know, the issue is solved by Microsoft support. They have sended us a SQL script which does some magic FIMService DB stuff and after running the SP1 patch again it installs without any problems.


    Find me on linkedin: http://nl.linkedin.com/in/tranet

    • Marked as answer by Robin Gaal Monday, January 6, 2014 9:48 AM
    Monday, January 6, 2014 9:48 AM
  • Hi, can anybody send me those scripts? I'm having the exact same problem while trying to upgrade and right now i run out of solutions!

    Thanks for your help!

    Monday, March 23, 2015 12:09 PM
  • Those where custom made scripts by microsoft specific for our database (we uploaded the complete SQL db to them). Let me see if I can find anything for you.. It's such a long time ago.
    Wednesday, March 25, 2015 2:03 PM
  • Well i've found the script. Its full with GUID's so I'm affraid it's not going to work for your specific installation (since your guids might be diffrent) and again it was a point solution for our specific corrupted DB problem. I would not advice you to run the script since it might make it even worse if you don't know what your doing. If you really insist I will post them so you can study them, but i do NOT advice you to run them.
    Wednesday, March 25, 2015 2:12 PM
  • Hi.

    I'm also struggling with the exact same error during an installation of a rollup for MIM2016. Could you send those SQL scripts to me so I can look at what they're doing? My best guess currently is that this has something to do with my custom attributes and bindings but I just can't see what...

    Thursday, April 13, 2017 8:38 AM