Upgrading from FIM 2010 to FIM 2010 R2 may encounter a problem upgrading the FIM Service. The FIM Service upgrade fails with a "Service 'Forefront Identity Manager Service' (FIMService) failed to start. Verify that you have sufficient privileges to start system services" error.
The service account and installation account have the required rights and permissions.
Looking in the application and system event logs finds some further details. The system event (ID 7009) offers something to try.
The following events are logged during the installation failure.
Log Name: Application Source: MsiInstaller Event ID: 11920 Task Category: None Level: Error Keywords: Classic User: Contoso\User Computer: FIM01.contoso.com Description: Product: Forefront Identity Manager Service and Portal -- Error 1920. Service 'Forefront Identity Manager Service' (FIMService) failed to start. Verify that you have sufficient privileges to start system services.
Log Name: System Source: Service Control Manager Event ID: 7009 Task Category: None Level: Error Keywords: Classic User: N/A Computer: FIM01.contoso.com Description: A timeout was reached (30000 milliseconds) while waiting for the Forefront Identity Manager Service service to connect.
The default timeout is 30 seconds. Setting this timeout to 60 seconds has resolved several issues with this error. The timeout may be related to .NET verifying the Authenticode signatures in the FIM Service code. Please see FIM Troubleshooting: FIM Service Start-up Timeout.
To change the timeout please add the following registry value on the FIM Service server and reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Name: ServicesPipeTimeout Type: REG_DWORD Value (decimal): 60000
For more information on ServicesPipeTimeout please see the link on Event ID 7009.