Hi all,

I hope you can help me with this issue. We have a FIM 2010 R2 Sync Engine, Service and Portal running. Now I'm trying to run to install SP1 for that but it fails.

 

• FIM Sync Engine is no problem and patches correctly to R2 SP1
• FIM Service and Portal ends prematurly during the upgrade, leaving the database corrupted(version-1) etc.

I've run an MSI verbose logging, but that doesnt help much:

-------------------------------------------------------------------------------------------------

MSI (c) (E0:70) [10:59:25:371]: Transforming table Binary.

MSI (c) (E0:70) [10:59:25:371]: Note: 1: 2262 2: Binary 3: -2147287038
Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"XXXX" /FimServiceDatabaseName:"FIMService"
MSI (s) (44:94) [10:59:28:877]: Product: Forefront Identity Manager Service and Portal -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"XXXXXX" /FimServiceDatabaseName:"FIMService"

Action ended 10:59:28: InstallExecute. Return value 3.

Rollback starts from here.

-------------------------------------------------------------------------------------------------

I've found the following in the Microsoft.IdentityManagement.DatabaseUpgrade_tracelog.txt and I guess this is what goes wrong:

-------------------------------------------------------------------------------------------------

Microsoft.ResourceManagement Verbose: 0 :  Executing Batch #: 1
    DateTime=2013-11-14T13:00:10.2511860Z
Microsoft.ResourceManagement Verbose: 0 : --********************************************************
--*                
    DateTime=2013-11-14T13:00:10.2511860Z
Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Completed processing pre object import file DisableUsageKeywordCheck.sql.
    DateTime=2013-11-14T13:00:10.2570456Z
Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Started processing object import file ConfigurationChange1113Attribute.xml.
    DateTime=2013-11-14T13:00:10.2580222Z
Microsoft.ResourceManagement Verbose: 0 : PlatformBasics is starting. IsService = 'False'.
    DateTime=2013-11-14T13:00:11.0822726Z
Microsoft.ResourceManagement Verbose: 0 : Application Registered as ServiceId '2', ServicePartitionId '2'.
    DateTime=2013-11-14T13:00:11.1564942Z
Microsoft.ResourceManagement Verbose: 0 : Request '' status was updated in-memory from 'NotFound' to 'Validating'.
    DateTime=2013-11-14T13:00:11.7063200Z
Microsoft.ResourceManagement Verbose: 0 : Request created: 'Create Resource:  'Deferred Evaluation' Request'
    <RequestParameter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xsi:type="CreateRequestParameter"><Calculated>false</Calculated><Target>35c27ca4-3925-468e-8e10-e68b5882b6b4</Target><PropertyName>UsageKeyword</PropertyName><Value xsi:type="xsd:string">Microsoft.ResourceManagement.WebServices</Value><Operation>Create</Operation></RequestParameter>
    <RequestParameter xmlns:xsi="http:
    DateTime=2013-11-14T13:00:13.0325428Z
Microsoft.ResourceManagement Verbose: 0 : Entered RequestDispatcher with Request Object; RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'.
    DateTime=2013-11-14T13:00:13.0462152Z
Microsoft.ResourceManagement Verbose: 0 : Add request '60f2fc53-de87-4837-8139-9f3efcec3b06' to cache with RequestStatus 'Validating'.
    DateTime=2013-11-14T13:00:13.0510982Z
Microsoft.ResourceManagement Information: 1 : RequestDispatcher enter processing pipeline;  RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'; Operation 'Create'; Object 'Resource'; RequestStatus 'Validating'.
    DateTime=2013-11-14T13:00:13.0530514Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validating'.
    DateTime=2013-11-14T13:00:13.0550046Z
Microsoft.ResourceManagement Information: 1 : ManagementPolicy: EvaluatingRights
    DateTime=2013-11-14T13:00:13.0579344Z
Microsoft.ResourceManagement Information: 1 : ManagementPolicy: RightsEvaluated
    DateTime=2013-11-14T13:00:17.4897452Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validating' to 'Validated'.
    DateTime=2013-11-14T13:00:17.4897452Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' updates have been persisted to permanent storage.
    DateTime=2013-11-14T13:00:17.5854520Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validated'.
    DateTime=2013-11-14T13:00:17.5864286Z
Microsoft.ResourceManagement Verbose: 0 : Executing initial authentication.
    DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validated' to 'Authenticating'.
    DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticating' to 'Authenticated'.
    DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authenticated'.
    DateTime=2013-11-14T13:00:17.5903350Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticated' to 'Authorized'.
    DateTime=2013-11-14T13:00:17.5971712Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authorized'.
    DateTime=2013-11-14T13:00:17.5981478Z
Microsoft.ResourceManagement Information: 1 : WS: Action.Create.Execute.Enter
    DateTime=2013-11-14T13:00:17.6010776Z
Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".
    DateTime=2013-11-14T13:00:18.0327348Z
Microsoft.ResourceManagement Error: 3 : Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader()
   at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
   --- End of inner exception stack trace ---
    DateTime=2013-11-14T13:00:18.0405476Z

-------------------------------------------------------------------------------------------------

 

• I have admin rights in SQL, Sharepoint etc. Account belongs to the FIM administrators group.
• I performed an upgrade from 2010 to 2010 R2 with the same account last week.
• Sync Engine upgrades succesfully
• I've run the following match:

select * from FIMService.fim.BindingInternal INNER JOIN FIMService.fim.AttributeInternal on FIMService.fim.BindingInternal.AttributeName=FIMService.fim.AttributeInternal.Name

All BindingInternal AttributeNames are present in AttributeInternal Names.

Any of you has experienced this before?

Kind regards, Robin

• Edited by Robin Gaal Thursday, November 14, 2013 3:17 PM

Do you have FIM Reporting feature installed as well?

I faced the issue once - when FIM Reporting was installed. It was not on Production environment - there it went fine (after Test env). But I've faced it on Test environment. In my case installation from command line helped. So please try this way.

You could also try removing FIM Reporting from your current installation, patch the service and then add FIM Reporting feature again (there is no reporting data loss).

We have not installed FIM reporting yet so I guess this is a diffrent error. To what do you refer with command line installation? I've tried msiexec /update "pathtoupdate" /L*V "logpath". But that gave me the same error during

I have some more info. I've run some traces and we found out the error above is occuring after the DB upgrade. After the DB upgrade a few tasks are performed by the FIM Service(you can find the in the 'search request' on FIM portal when hacking the FIM version tot 1117 after failed patch:)):

-Create AttributeTypeDescription 'Deferred Evalution' (msidmdeferredevaluation). This is the one failing. For some reason, the FIMService gives the

Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".

error on this point.

Has anyone an idea why the FIM service failes to create the msidmdeferredevaluation attribute during R2 => R2 SP1 patching?

I have tried to create the attribute manually in the portal but that failes with a 'permission denied' telling me msidm is a system used prefix.

Hi,

Make sure that you have the SQL recovery mode to "simple" on FIMService Database, and enable SQL Broker on the FIM Service DB with this command:

ALTER DATABASE <FIM Service DB name> SET ENABLE_BROKER

Try to reboot SQL instance before applying the update to be sure that no connection is open.

another point, you have to generate new certificate during the upgrade (don't use the same certificate).

If you have using the "Reuse Existing Certificate" option may experience some errors. Try to re-run setup with the "Generate New Certificate" option selected in the Service and Portal setup.

If you are using a custom certificate on FIM 2010, make sure that the certificate name is ForefrontIdentityManager, otherwise upgrade will fail. If your certificate is name differently, follow these steps:
1. Issue a new certificate with the name ForefrontIdentityManager as the subject.
2. On FIM 2010 (not FIM 2010 R2 ), run a re-install in Change mode.
3. Point to the new certificate.
4. Run the FIM 2010 R2 upgrade.

Hi Antho,

Thanks for you reply. The point is we are already on FIM2010R2(we did an upgrade to that 2 weeks ago succesfully) and we just want to install the SP1 update using the Windows Update module, so we not doing an upgrade from non-R2 to R2.

The FIM service DB is on recoverymode SIMPLE and the Broker is enabled. During the SP1 update no configuration options are shown, it's just one screen with an "update" button. When we did the RTM => R2 upgrade 2 weeks ago we enabled the "generate new certificate" option. So those 2 options you mention don't seem to be the problem in this case.

The weird thing is that the FIM Service DB schema is succesfully upgraded from the R2 to R2 SP1 schema according to the DB tracelogs, so the SP1 installer can find the DB and actually do the nessacary schema upgrades in it. After the DB schema update, the SP1 installer(not directly in the DB but with using the FIM Service) does another 5/6 things(which I managed to find based on logs from a succesfull upgrade on our testsystem in the "Search requests" option on FIM Portal) and those seem to fail with the sql error mentioned in my previous posts:

-Create attributedescription for msidmdefferredevalution.

-Create a binding between msidmdefferedevalution and an MPR(administraters can edit/delete balbalba).

-Create another attributedescription which is something like msidmdefaultdefferedevalutionsetting.

-Create a binding between the msidmdefaultdefferedevalutionsetting and an MPR.

-2 other things which consist of setting the msidmdefaultdefferedevalutionsetting on false.

The SP1 update is failing in our PROD system at the first task which consists of creating the attributedescription for msidmdefferredevalution and I have no clue why it fails.. Manually creating attribute descriptions in the portal is not a problem(before upgrading or after a failed upgrade and modifiyng the FIM.version table from -1 to 1117), it's just the SP1 installer which can't create the attributedescription for some reason with SQL error:

Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService", table "fim.BindingInternal".