Hi,

After attempting to install the latest FIM hotfix Roll Up 2, we seem to hit an area where the database was upgraded half way through (i.e. fim.version table had version -1). 

So we have restored FIMService database, from a backup taken just prior to the hotfix installation. After restoring the FIMService database we seem to encountered another error when starting FIM Serivce

System.ServiceModel: System.InvalidOperationException: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'XXXXXXXXXXXXXXXXX'.
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target, Boolean throwIfMultipleOrNoMatch)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, Object findValue, EndpointAddress target)
   at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, Object findValue)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHost.SetServiceHostCredentials(ServiceHostBase serviceHostBase)

Reviewing the Local Computer > Personal > Certificate, we dont seem to find ForefrontIdentityManager certificate. Is there a way to re-generate this cert? 

Thank you,

Laith

Restore to previous FIMService, and a restore to FIM Service software did restore the certificate.

• Marked as answer by L Ali Friday, March 09, 2012 8:15 PM

Restore to previous FIMService, and a restore to FIM Service software did restore the certificate.

• Marked as answer by L Ali Friday, March 09, 2012 8:15 PM

Hi,

You can also try this. Take your current fimservice db full backup.

Open the fim.version table from FIMService DB and update the value as 28 [failed installation will have -1]. (value 28 is update 2 value)

Then Goto "uninstall a program" [control panel] and select Forefront Identity Manager Service and click "Change" and re-configure. 

I had the similar issue, and the above fixed my Update 2 installation problem. 

• Proposed as answer by Prakaaz Saturday, March 10, 2012 4:26 PM

Hi,

You can also try this. Take your current fimservice db full backup.

Open the fim.version table from FIMService DB and update the value as 28 [failed installation will have -1]. (value 28 is update 2 value)

Then Goto "uninstall a program" [control panel] and select Forefront Identity Manager Service and click "Change" and re-configure. 

I had the similar issue, and the above fixed my Update 2 installation problem. 

• Proposed as answer by Prakaaz Saturday, March 10, 2012 4:26 PM

Hi,

Thanks for the reply. I think the underlying issue we are running into with Roll Up 2 is outlined in this thread, http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/7a8e7b0a-ba71-4f04-8081-a7a497e1e6d9. 

The issue seems to be related to SQL upgrade error.  During the installation of the hotfix, the FIMService binaries continued to state the previous hotfix version as oppose to 4.0.3606.2.

Thank you.

This resolved my issue with the same error:

1. Run this ps cmd to get the thumbprint for the current certificate in use for FIM portal server
   Get-ChildItem -path Cert:\LocalMachine\My
   
2. The open regedit and change the value data for CertificateThumbprint at this path :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMService\]

Now the Forefront Identity Manager Service will start.

Remember that the thumbprint has to be in HEX, Upper case only..