FIMService Roll Up 2


  • Hi,

    After attempting to install the latest FIM hotfix Roll Up 2, we seem to hit an area where the database was upgraded half way through (i.e. fim.version table had version -1). 

    So we have restored FIMService database, from a backup taken just prior to the hotfix installation. After restoring the FIMService database we seem to encountered another error when starting FIM Serivce

    System.ServiceModel: System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'XXXXXXXXXXXXXXXXX'.
       at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
       at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
       at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, Object findValue)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHost.SetServiceHostCredentials(ServiceHostBase serviceHostBase)

    Reviewing the Local Computer > Personal > Certificate, we dont seem to find ForefrontIdentityManager certificate. Is there a way to re-generate this cert? 

    Thank you,


    vendredi 9 mars 2012 17:03


Toutes les réponses

  • Restore to previous FIMService, and a restore to FIM Service software did restore the certificate.
    • Marqué comme réponse L Ali vendredi 9 mars 2012 20:15
    vendredi 9 mars 2012 20:15
  • Hi,

    You can also try this. Take your current fimservice db full backup.

    Open the fim.version table from FIMService DB and update the value as 28 [failed installation will have -1]. (value 28 is update 2 value)

    Then Goto "uninstall a program" [control panel] and select Forefront Identity Manager Service and click "Change" and re-configure. 

    I had the similar issue, and the above fixed my Update 2 installation problem. 

    • Proposé comme réponse Prakaaz samedi 10 mars 2012 16:26
    samedi 10 mars 2012 16:26
  • Hi,

    Thanks for the reply. I think the underlying issue we are running into with Roll Up 2 is outlined in this thread,

    The issue seems to be related to SQL upgrade error.  During the installation of the hotfix, the FIMService binaries continued to state the previous hotfix version as oppose to 4.0.3606.2.

    Thank you.

    lundi 12 mars 2012 12:03
  • This resolved my issue with the same error:

    1. Run this ps cmd to get the thumbprint for the current certificate in use for FIM portal server
      Get-ChildItem -path Cert:\LocalMachine\My
    2. The open regedit and change the value data for CertificateThumbprint at this path :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMService\]

    Now the Forefront Identity Manager Service will start.

    Remember that the thumbprint has to be in HEX, Upper case only..


    mercredi 18 mars 2015 20:11
  • THANK YOU!!!

    The FIM installation in our QA environment has been broken for months now and this piece of advice fixed it perfectly. I'm really curious as to how some completely random thumbprint got in there. Pasting in the thumbprint from the output of the Get-ChildItem command and the FIM service started and stayed started.

    Shouldn't this thumbprint exist in a config file anywhere?

    vendredi 6 juillet 2018 22:01