Applying a Release Update to the MIM Synchronization Service and Offline Spare

Using This Guide:

Introduction:

This document is intended to be used as an operational procedure document for updating the Microsoft Identity Management 2016 Synchronization Server installation. You may perform search and replace on the variables listed below to create a detailed version update guide customized for your environment.

Document Variables:

Description

Search and Replace Variable

The Offline MIM Synchronization Server’s Common Name.

[Offline Sync Server]

Primary Synchronization Server’s Common Name.

[Primary Sync Server]

The Installation account used to perform installation and updates of the MIM Synchronization Service Software.

[Install Account]

Procedure Summary for Updating FIM / MIM:

The update process consists of the following steps:

Identify the Current Version:

- Identify the current version of the Synchronization Engine.

Identify the Update Version:

- Identify the release appropriate for your environment.

- Download the selected update file.

Synchronization Service:

- Stop Scheduled Tasks associated with MIM Run Profiles

- Confirm all Synchronization jobs are completed.

- Validate Configuration of Off-line Spare

- Stop the Primary Server Synchronization Service

- Install the update on the Offline Spare

- Install the update on the Primary Sync Server

Service, Portal, Password Registration and Reset:

- If applicable, update the Portal and FIM Service to same release.

- If applicable, update the Password Reset and Registration Sites

Final wrap up:

- Enable Scheduled Tasks

Identify the Current Version:

Identify the current version of the Synchronization Engine:

On the Primary Synchronization Server [Primary Sync Server]

Login using the Install Account [Install Account]

From the Windows Server select Start

Type MIIS, and select Synchronization Service

To verify the version, click Help and About.

While the trademark is stamped Microsoft Forefront Identity Manager 2010 R2, the MIM 2016 R1 versions start at 4.4.xxxx.x whereas FIM 2010 R2 begins at 4.1.xxxx version. The full number is the release number of the installed version.

Identify the Update Version:

Identify the update release appropriate for your environment:

You can find the latest update information for your release at the following URL: https://blogs.technet.microsoft.com/iamsupport/idmbuildversions/

Download the selected update file:

After reading the Release Notes and choosing an appropriate release for your environment, you can download the update by selecting the Microsoft Download Center link contained within the Release Note.

The update file for the Synchronization Service is likely to have a file name format resembling FIMSyncService_x64_KBxxxxxxx.msp. Download the file to the MIM 2016 Offline Spare and Primary Synchronization [Primary Sync Server] Servers.

Synchronization Service:

Stop scheduled Tasks associated with MIM Run Profiles :

The first step in the update process is to ensure all synchronization service scheduled tasks on the Primary Synchronization Server [Primary Sync Server] are completed or properly stopped before performing the update. Stop, or allow to complete, any currently running tasks associated with the Synchronization Service and its associated run profiles. Note the name of each task that is disabled.

To Open Task Scheduler:

From the Server select Start

Type task scheduler and run the task scheduler utility.

To Disable a task:

Select the task, right click and select Disable

To Stop a running task:

Select the running task, Right Click and select End.

Note: Stopping a scheduled task does not stop an import, export or synchronization job that is currently running in the Synchronization Engine.

Confirm all Synchronization jobs are completed :

On the Primary Synchronization Server [Primary Sync Server]

Launch the Synchronization Service Manager

Select the Operations Tab

Confirm all import, export and synchronization jobs have completed.

For any running jobs, you can allow the job to complete, or manually stop the job, which ever approach may be appropriate to your environment and associated change policies and service level agreements.

Validate Configuration of Off-line Spare

Now is a good time to verify that the run profiles, scheduled tasks, batch files, PowerShell and visual basic scripts associated with the scheduled tasks on the Primary Synchronization Server [Primary Sync Server] are present in the same path of the Off-line Spare Synchronization Server [Offline Sync Server] . This will ensure that the Off-line Spare can be brought into service successfully if needed.

Stop the Primary Server Synchronization Service

On the Primary Synchronization Server [Primary Sync Server]

Once all scheduled tasks are stopped and disabled,

Stop the Forefront Identity Manager Synchronization Service.

Launch Services

Double click the Forefront Identity Manager Synchronization Service

Stop the service by selecting the Stop button.

Change the Startup Type from Automatic or Automatic (Delayed Start) to Manual.

Install the update on the Off-line Spare.

The Update of the Off-Line Spare Synchronization Server [Offline Sync Server] is performed before the update of the Primary Synchronization server [Primary Sync Server] . This is because the update process will set the Primary Synchronization server as the current server [Offline Sync Server] in the shared SQL Database.

Switch to the Off-Line Spare Synchronization server.

Login using the Install Account [Install Account]

Launch Services by selecting Start and typing Services.msc

Double click the Forefront Identity Manager Synchronization Service

Change the Startup Type from Disabled to Manual.

From the server select Start

Type Command Prompt

Right Click Command Prompt and select Run as Administrator

If prompted to allow the program to make changes to the computer, select Yes.

Navigate to the directory location of the update file

Type the file name FIMSyncService_x64_KBxxxxxxx.msp and press [Enter]

Welcome to the Update for MIM Synchronization Service

Select Update

Once completed, select Finish

In most updates, the Forefront Identity Manager Synchronization Service will start after the update.

Launch the Synchronization Service Manager

Verify that the Synchronization Service Manager loads without error.

Close the Synchronization Service Manager

Launch Services

Double click the Forefront Identity Manager Synchronization Service

Stop the service, by selecting the Stop button.

Change the Startup Type from Manual to Disabled.

The update of the Off-Line Spare [Offline Sync Server] is now complete.

Install the update on the Primary Sync Server

The Update of the Primary Synchronization Server [Primary Sync Server] is performed after the update

of the Off-line Spare Synchronization server [Offline Sync Server] . This is because the last update executed will set the Primary Synchronization server as the current server [Primary Sync Server] in the shared SQL Database.

Switch to the Primary Synchronization server [Primary Sync Server] .

Login using the Install Account [Install Account]

From the server select Start

Type Command Prompt

Right Click Command Prompt and select Run as Administrator

If prompted to allow the program to make changes to the computer, select Yes.

Navigate to the directory location of the update file

Type the file name FIMSyncService_x64_KBxxxxxxx.msp and press [Enter]

Welcome to the Update for MIM Synchronization Service

Select Update

Once completed, select Finish

In most updates, the Forefront Identity Manager Synchronization Service will start after the update.

Launch the Synchronization Service Manager

Verify that the Synchronization Service Manager loads without error.

Close the Synchronization Service Manager

Launch Services

Double click the Forefront Identity Manager Synchronization Service

Stop the service, by selecting the Stop button.

Change the Startup Type from Manual to Automatic or Automatic (Delayed Start) .

You may optionally choose to restart the Primary Synchronization server after the update.

Service, Portal, Password Registration and Reset:

If applicable, update the Portal and FIM Service to same release.

These instructions are contained in a separate blog post located at the following url:

https://blogs.msdn.microsoft.com/connector_space/2018/06/12/applying-a-release-update-to-the-mim-service-and-portal/

If applicable, update the Password Reset and Registration sites to same release.

These instructions are contained in a separate blog post located at the following url:

<<Document under construction>>

Final wrap up:

Enable Scheduled Tasks.

The final step in the update process is to ensure all synchronization service scheduled tasks are enabled on the Primary Synchronization Server [Primary Sync Server] after performing the update. Referring to the previously Noted disabled tasks, enable each of the scheduled tasks that were previously disabled.

Access the Primary Synchronization Server [Primary Sync Server]

Login using the Install Account [Install Account]

To Open Task Scheduler:

From the Server select Start

Type task scheduler and run the task scheduler utility.

To Enable a task:

Select the task, right click and select Enable