FIM 2010 Patch installation failed RRS feed

  • Question

  • I'm stuck while installation of FIM patches. Our current build is of 4.1.3419 and I'm trying to install the patch 4.1.3441.0 and getting error as "Forefront Identity Manager Service and Portal Setup Wizard ended prematurely because of an error." Even tried directly to install the patch 4.1.3451.0 but got the same error message.

    Additional Query : Is there need to install all the patches or we can directly jump over to the 4.1.3634.0?

    Manuj Khurana

    Wednesday, June 3, 2015 7:16 AM

All replies

  • You have to check msi installer logs, it contains detailed description on what's failing.

    Patches are cumulative.

    Thursday, June 4, 2015 6:59 AM
  • Additional Query : Is there need to install all the patches or we can directly jump over to the 4.1.3634.0?

    Any thought on this?

    Manuj Khurana

    Monday, June 8, 2015 11:57 AM
  • Patches are cumulative, you can install latest one.
    Monday, June 8, 2015 12:38 PM
  • MS says do not install FIM Patches if you have no need for them. FIM patches are not like OS Patches. They usually address specific issues raised by customers and whatever fix it was meant to address, it may not be applicable to you.  So, why did you want to install this Patch?

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 8, 2015 12:46 PM
  • Well Nosh,

    We are in a process to upgrade our DC from 2003 to 2012 R2, in leu of which we have a thought as suggested by MS to upgrade FIM to the build number 4.1.3634.0. If you have more information on AD upgrade in consideration with FIM 2010 R2 aspects, it would really be helpful.

    Manuj Khurana

    Monday, June 8, 2015 1:30 PM
  • Manuj,

    I don't have any suggestions on AD Upgrade, but I am not sure how this is related to FIM

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 8, 2015 1:37 PM
  • Have you got Sharepoint Administration service running during patch? Is user running patch a member of farm administrators?

    Try msiexec /p FIMService_x64_KBXXXXXXX.msp /l*v c:\temp\fimpatchlog.txt

    Monday, June 8, 2015 3:19 PM
  • I've always been lead to believe otherwise, is this something they've announced publicly? I think the reason this surprises me is that the hotfix release pages often state:

    A supported update is available from Microsoft Support. We recommend that all customers apply this update to their production systems.

    Monday, June 8, 2015 3:22 PM
  • FIM-EN,

    Here is the official page for this patch.

    I am not seeing the verbiage you mention.  If you are referring to Windows and security patches, then that is a different story. To the best of my knowledge, the recommendation has been to exclude FIM from "automatically updates".

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 8, 2015 3:35 PM
  • On the link you sent, the first line below "Update Information", below "Introduction" is the line I quoted. 

    I agree completely in that I wouldn't jump in and perform the update on release day, I do tend to update after a couple of months assuming no talk of problems. But judging by that line it seems the recommendation is to apply this hotfix regardless of issues. 

    Monday, June 8, 2015 3:41 PM
  • I probably would upgrade too, but since there are issues with it, I question the need.

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 8, 2015 3:43 PM
  • 4.1.3634.0 provides 2012 R2 for PCNS and ADMA so updating to that should be all you need to do from a FIM point of view.
    Monday, June 8, 2015 3:56 PM
  • I found, with the help of Raffe Felts and about a week of banging my head against the wall, that one of two things (I'm not sure which - maybe both) was causing this exact error with FIM Service and Portal installations:

    1. Our security policy requires that we disable the creation of 8 dot 3 filenames. We do so by setting the registry value  NtfsDisable8dot3NameCreation located within the key HKLM\SYSTEM\CurrentControlSet\Control\FileSystem to REG_DWORD 1. Try temporarily changing it to the default value of 2.

    2. Most of the User Account Control settings in the server's local policy are modified because of our Security Policy. There are ten of them located in GPO/Local Policy at Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options. Temporarily revert all of them to their default settings (found on the "Explain" tab of each one).

    After making both of these changes, which for us meant to block GPO inheritance AND to manually edit the registry, we were able to make that error go away. After installation, it is safe to put these settings back to their original values.

    Saturday, October 10, 2015 4:19 PM