none
FIMService Roll Up 2

    Question

  • Hi,

    After attempting to install the latest FIM hotfix Roll Up 2, we seem to hit an area where the database was upgraded half way through (i.e. fim.version table had version -1). 

    So we have restored FIMService database, from a backup taken just prior to the hotfix installation. After restoring the FIMService database we seem to encountered another error when starting FIM Serivce

    System.ServiceModel: System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'XXXXXXXXXXXXXXXXX'.
       at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
       at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
       at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, Object findValue)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHost.SetServiceHostCredentials(ServiceHostBase serviceHostBase)

    Reviewing the Local Computer > Personal > Certificate, we dont seem to find ForefrontIdentityManager certificate. Is there a way to re-generate this cert? 

    Thank you,

    Laith

    Friday, March 9, 2012 5:03 PM

Answers

  • Restore to previous FIMService, and a restore to FIM Service software did restore the certificate.
    • Marked as answer by L Ali Friday, March 9, 2012 8:15 PM
    Friday, March 9, 2012 8:15 PM

All replies

  • Restore to previous FIMService, and a restore to FIM Service software did restore the certificate.
    • Marked as answer by L Ali Friday, March 9, 2012 8:15 PM
    Friday, March 9, 2012 8:15 PM
  • Hi,

    You can also try this. Take your current fimservice db full backup.

    Open the fim.version table from FIMService DB and update the value as 28 [failed installation will have -1]. (value 28 is update 2 value)

    Then Goto "uninstall a program" [control panel] and select Forefront Identity Manager Service and click "Change" and re-configure. 

    I had the similar issue, and the above fixed my Update 2 installation problem. 

    • Proposed as answer by Prakaaz Saturday, March 10, 2012 4:26 PM
    Saturday, March 10, 2012 4:26 PM
  • Hi,

    Thanks for the reply. I think the underlying issue we are running into with Roll Up 2 is outlined in this thread, http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/7a8e7b0a-ba71-4f04-8081-a7a497e1e6d9

    The issue seems to be related to SQL upgrade error.  During the installation of the hotfix, the FIMService binaries continued to state the previous hotfix version as oppose to 4.0.3606.2.

    Thank you.

    Monday, March 12, 2012 12:03 PM
  • This resolved my issue with the same error:

    1. Run this ps cmd to get the thumbprint for the current certificate in use for FIM portal server
      Get-ChildItem -path Cert:\LocalMachine\My
    2. The open regedit and change the value data for CertificateThumbprint at this path :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMService\]

    Now the Forefront Identity Manager Service will start.

    Remember that the thumbprint has to be in HEX, Upper case only..


    Andre

    Wednesday, March 18, 2015 8:11 PM
  • THANK YOU!!!

    The FIM installation in our QA environment has been broken for months now and this piece of advice fixed it perfectly. I'm really curious as to how some completely random thumbprint got in there. Pasting in the thumbprint from the output of the Get-ChildItem command and the FIM service started and stayed started.

    Shouldn't this thumbprint exist in a config file anywhere?

    Friday, July 6, 2018 10:01 PM