none
FIM database restore to new FIM app RRS feed

  • Question

  • Hi, Im pretty new to FIM2010.  I am attempting to do a FIM DR test, we have a copy of our PROD env (DC/DNS only) and moved it to an isoloated env.  Then we added a new server to host FIM and and SQL server.

    The plan is to restore the SQL databases from PROD (FIMSync,FIMService) to the SQL server and install FIM on the new server and point the new FIM install to the restored SQL databases on the SQL server.

    Does this sound like it would work?

    Thank you so much.

    JM

    Friday, May 4, 2012 11:21 PM

Answers

  • I ended up taking a different approach to the restore - this is what I did briefly -

    Install FIM Sync and Service from scratch - letting it create new databases.

    Install Hotfix 4.0.3576.2 - this hotfix includes all previous hotfixes as well as update1.  When you first install your FIM the fim.version will be 10, after the hotfix it will be 20.

    restore the prod FIM databases into the FIM DR test env.

    Now run the miisactivate command using the encryption key belonging to the prod databases- this will ensure the server.config table holds the correct name pretaining to the new server FIM

    I had to run the same Hotfix 4.0.3576.2 - otherwise I found the FIMSync app GUI would not open.

    Afterwards I was able to open FIM Sync and run MAs which were imported (of course first change your connection) without a problem.

    These are the basic steps to get it to work.

    • Marked as answer by jamzm101 Tuesday, May 22, 2012 5:20 PM
    Tuesday, May 22, 2012 5:19 PM

All replies

  • Hi,

    So you already have FIM in your production environment and just migrated the database from production to test? If you would then install FIM in the test environment and point to the test database, it would work, but you would need the encryption key that was created on the production installation process.

    This process is much like restoring a warm standby-server. Take a look at this post:

    http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/1855da73-4951-40da-9060-bd870da3fc5f/

    The answer from Carol states 2 options. The second option is suitable in your situation.

    Best regards,
    Pieter.


    Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/



    Saturday, May 5, 2012 10:06 AM
  • While not disagreeing with my own linked answer, that only covered the Sync service. The Sync service can easily be replicated using database transfer, however the FIM Service and Portal is problematic. There is no supported way to change the built-in Administrator account after installation (don't ask me why - I think it should be a question during the installation, same as the FIM MA service account is). So if you transfer the FIM Service database to another domain you will have locked out your built-in Administrator account.

    You may be able to get around this by simply not using it. Use the Sync Service to update the SIDs and domain of any accounts that exist in both environments and you can at least login with those. Just make sure that one of them is in the Administrators set first.

    I do have another alternative for you. This is completely unsupported but as you're just talking about making a dev environment the risk is low. Here is a script I wrote to change the administrator account in the FIMService DB: http://www.wapshere.com/missmiis/change-fimadmin-ps1

    Carol

    PS: having just re-read your question you may in fact have no problems with the built-in Admin account because you repliacted the DC and therefore should have the same SIDs, domain name and account name. So actually a straight DB transfer will work fine. I'm leaving the other pointers there in case anyone else needs them.


    http://www.wapshere.com/missmiis


    Sunday, May 6, 2012 5:26 AM
  • Thank you all for your replies, sorry to reply back so late.  I was able to restore the FIMSync Service and start it successfully, only after applying the hotfixes needed - FIMSyncService_x64_KB2272389 - listed here incase anyone else needs it as a reference.

    FIMService is actually a bit more challenging as you need to go into the SQL client and rename the original SQL job agents and FIMService database, then do a new install of the FIMService while naming the database something difference such as, FIMServiceTEMP database.  Then apply update1 - reinstall the FIMService using the splash screen but this time select "change" and point the application to the original FIMService database.  This is where I'm stuck, I get the following message right before the reinstall is about to finish: "Service ‘Forefront Identity Manger Service’ (FIMService) failed to start.  Verify that you have sufficient privileges to start system services".  At least this time is doesn't just rollback :)  Any ideas???

    If I can get past this step the next steps would be to:  Rename original SQL jobs back and delete the FIMServiceTEMP.

    Thanks again for your help!

    James

    Thursday, May 10, 2012 7:07 PM
  • I ended up taking a different approach to the restore - this is what I did briefly -

    Install FIM Sync and Service from scratch - letting it create new databases.

    Install Hotfix 4.0.3576.2 - this hotfix includes all previous hotfixes as well as update1.  When you first install your FIM the fim.version will be 10, after the hotfix it will be 20.

    restore the prod FIM databases into the FIM DR test env.

    Now run the miisactivate command using the encryption key belonging to the prod databases- this will ensure the server.config table holds the correct name pretaining to the new server FIM

    I had to run the same Hotfix 4.0.3576.2 - otherwise I found the FIMSync app GUI would not open.

    Afterwards I was able to open FIM Sync and run MAs which were imported (of course first change your connection) without a problem.

    These are the basic steps to get it to work.

    • Marked as answer by jamzm101 Tuesday, May 22, 2012 5:20 PM
    Tuesday, May 22, 2012 5:19 PM