Unattended Installation of FIM 2010 R2
Unattended installation of FIM 2010 R2
All components of the FIM 2010 R2 accept properties that allow unattended and silent installation. Those properties can either be set in a Windows Installer Transform (MST) file or specified at the command line during installation.
The FIM 2010 R2 installation packages do not support advertisement (msiexec /j) or administrative (msiexec /a) installations.
There are several different ways to install FIM 2010 R2 silently (unattended). Two methods are described in this section: pass-in parameters in a command line and MST files. It is outside the scope of this document to describe unattended installations in general.
Pass-in parameters on the command line
This can be used with Microsoft System Center Configuration Manager 2007. To install silently, use the command msiexec with an option, followed by properties, for example:
Msiexec /q /i NameofMSI.msi /Option ADDLOCAL=MSIFeatureName Property=Value
The possible values of MSIFeatureName and Property can be found in Features and properties later in this document. Note that all parameters are case sensitive.
The following is an example command for an installation of FIM Add-ins and Extensions from a file server where only the FIM Outlook add-in is installed:
msiexec /i “\\MyServer\Distribution\FIM\32\Add-ins and extensions.msi” /quiet ADDLOCAL=OfficeClient PORTAL_LOCATION=MyPortalServer PORTAL_PREFIX=https MONITORED_EMAIL=fimservice@contoso.com
Msiexec has several command line switches for silent installations. Of those, only a limited number are supported. The following table is a list of supported switches.
| Switch | Supported or Not Supported | Description |
|---|---|---|
/quiet/q:n |
Supported |
Installation with no UI at all |
/q:f |
Supported |
(Full UI) The usual User Interface Wizard behavior. |
/q:b |
Not supported |
(Basic) No pop-ups, except error messages. |
/q:r |
Not supported |
(Reduced) Similar to basic. |
/a |
Not supported |
(Admin) Will unpack an MSI to have all files external. Since this is how we deliver the MSI, no need to support this. Will run the Admin sequences, but no compelling scenario for this. |
/x |
Supported |
Uninstall of the product |
/j |
Not supported |
No scenarios. (We don’t have install on demand.) |
Note
Windows Installer has a limit of 256 characters in the path when for installation of applications. Ensure that you do not place the root of the tree in a very deep structure, or the installation might fail.
Create an MST file
Another solution is to use an MST file. MST files can be created with tools such as Orca (shipped with the Windows Software Development Kit (SDK)), and they contain the same settings as are passed in on the command line.
Troubleshoot an installation
If an unattended installation fails, add the option /l*v NameOfLogFile.txt to the command line. This option creates a log file that you can use for troubleshooting. You can identify an error in a Windows Installer log file by looking for the text Return Value 3.
Also, you can you the msiexec file without the /q switch. This will cause the UI to appear and the values you have specified in the msiexec command-line will be populated in their respective locations. This is good for determining if the correct value is being set or not.
Features and properties
The first table is listing the feature name in the UI and its feature name in the Synchronization Service.msi, Service and Portal.msi and the Add-ins and Extensions.msi. The second table is listing the feature name in the UI and its feature name in the Add-ins and Extensions.msi. The third table is the feature name in the UI and its feature name in the Service and Portal Language Pack.msi. These can all be used by the ADDLOCAL, REINSTALL, and REMOVE properties above.The tables in this section list the settings in the order that they appear during the user interface (UI) installation. Default values are in brackets.
Table 1 FIM 2010 R2 Windows Installer Features
| Name of the feature in the UI | Windows Installer feature name |
|---|---|
FIM Add-in for Outlook |
OfficeClient |
FIM Password and Authentication Extensions |
PasswordClient |
FIM Service |
CommonServices |
FIM Portal |
WebPortals |
FIM Password Reset Portal |
PwdPortals |
FIM Synchronization Service |
N/A (only one feature in the installer) |
Forefront Identity Manager Certificate Management (FIM CM) Update Service |
CLM_Service |
FIM CM Portal |
Web_Files |
FIM CM CA Modules |
CA_Modules |
FIM CM Smart Card PIN Reset Tool |
ChangePin |
FIM CM Smart Card Personalization Control |
AppletManagement |
FIM CM Smart Card Client |
SelfServiceControl |
FIM CM Update Client |
ProfileUpdateControl |
FIM CM Bulk Issuance Client |
ClientFiles |
Microsoft Password Change Notification Service |
PCNSSVC |
FIM Password and Authentication Extensions FIM Password and Authentication Extensions for Windows XP FIM Password and Authentication Extensions for Windows Vista |
PasswordClient |
FIM Password Registration Portal |
RegistrationPortal |
FIM Password Reset Portal |
ResetPortal |
Table 2 Service and Portal Language Pack Features
| Feature | Description |
|---|---|
FIMPortalLP |
Installs Languages for the FIM Portal |
FIMServiceLP |
Installs Languages for the FIM Service |
FIMResetPortalLP |
Installs Languages for the FIM Password Reset Portal |
FIMRegistrationPortalLP |
Installs Languages for the FIM Password Registration Portal |
PortalzhCN |
Chinese (Simplified) language pack for FIM Portal. |
PortalzhTW |
Chinese (Taiwan) language pack for FIM Portal. |
PortalcsCZ |
Czech language pack for FIM Portal. |
PortaldaDK |
Danish language pack for FIM Portal. |
PortalnlNL |
Dutch language pack for FIM Portal. |
PortalfiFI |
Finnish language pack for FIM Portal. |
PortalfrFR |
French language pack for FIM Portal. |
PortaldeDE |
German language pack for FIM Portal. |
PortalitIT |
Italian language pack for FIM Portal. |
PortaljaJP |
Japanese language pack for FIM Portal. |
PortalkoKR |
Korean language pack for FIM Portal. |
PortalnbNO |
Norwegian language pack for FIM Portal. |
PortalplPL |
Polish language pack for FIM Portal. |
PortalptBR |
Portuguese (Brazil) language pack for FIM Portal. |
PortalptPT |
Portuguese (Portugal) language pack for FIM Portal. |
PortalruRU |
Russian language pack for FIM Portal. |
PortalesES |
Spanish language pack for FIM Portal. |
PortalsvSE |
Swedish language pack for FIM Portal. |
PortaltrTR |
Turkish language pack for FIM Portal. |
MTzhCN |
Chinese (Simplified) language pack for FIM Service. |
MTzhTW |
Chinese (Taiwan) language pack for FIM Service. |
MTcsCZ |
Czech language pack for FIM Service. |
MTdaDK |
Danish language pack for FIM Service. |
MTnlNL |
Dutch language pack for FIM Service. |
MTfiFI |
Finnish language pack for FIM Service. |
MTfrFR |
French language pack for FIM Service. |
MTdeDE |
German language pack for FIM Service. |
MTitIT |
Italian language pack for FIM Service. |
MTjaJP |
Japanese language pack for FIM Service. |
MTkoKR |
Korean language pack for FIM Service. |
MTnbNO |
Norwegian language pack for FIM Service. |
MTplPL |
Polish language pack for FIM Service. |
MTptBR |
Portuguese (Brazil) language pack for FIM Service. |
MTptPT |
Portuguese (Portugal) language pack for FIM Service. |
MTruRU |
Russian language pack for FIM Service. |
MTesES |
Spanish language pack for FIM Service. |
MTsvSE |
Swedish language pack for FIM Service. |
MTtrTR |
Turkish language pack for FIM Service. |
ResetbgBG |
Bulgarian language pack for FIM Password Reset Portal. |
ResetzhCN |
Chinese (Simplified) language pack for FIM Password Reset Portal. |
ResetzhTW |
Chinese (Taiwan) language pack for FIM Password Reset Portal. |
ResethrHR |
Croatian language pack for FIM Password Reset Portal. |
ResetcsCZ |
Czech language pack for FIM Password Reset Portal. |
ResetdaDK |
Danish language pack for FIM Password Reset Portal. |
ResetnlNL |
Dutch language pack for FIM Password Reset Portal. |
ResetetEE |
Estonian language pack for FIM Password Reset Portal. |
ResetfiFI |
Finnish language pack for FIM Password Reset Portal. |
ResetfrFR |
French language pack for FIM Password Reset Portal. |
ResetdeDE |
German language pack for FIM Password Reset Portal. |
ResetelGR |
Greek language pack for FIM Password Reset Portal. |
ResethiIN |
Hindi language pack for FIM Password Reset Portal. |
ResethuHU |
Hungarian language pack for FIM Password Reset Portal. |
ResetitIT |
Italian language pack for FIM Password Reset Portal. |
ResetjaJP |
Japanese language pack for FIM Password Reset Portal. |
ResetkoKR |
Korean language pack for FIM Password Reset Portal. |
ResetlvLV |
Latvian language pack for FIM Password Reset Portal. |
ResetltLT |
Lithuanian language pack for FIM Password Reset Portal. |
ResetnbNO |
Norwegian language pack for FIM Password Reset Portal. |
ResetplPL |
Polish language pack for FIM Password Reset Portal. |
ResetptBR |
Portuguese (Brazil) language pack for FIM Password Reset Portal. |
ResetptPT |
Portuguese (Portugal) language pack for FIM Password Reset Portal. |
ResetroRO |
Romanian language pack for FIM Password Reset Portal. |
ResetruRU |
Russian language pack for FIM Password Reset Portal. |
ResetsrCS |
Serbian language pack for FIM Password Reset Portal. |
ResetskSK |
Slovak language pack for FIM Password Reset Portal. |
ResetslSI |
Slovenian language pack for FIM Password Reset Portal. |
ResetesES |
Spanish language pack for FIM Password Reset Portal. |
ResetsvSE |
Swedish language pack for FIM Password Reset Portal. |
ResetthTH |
Thai language pack for FIM Password Reset Portal. |
ResettrTR |
Turkish language pack for FIM Password Reset Portal. |
ResetukUA |
Ukranian language pack for FIM Password Reset Portal. |
RegistrationbgBG |
Bulgarian language pack for FIM Password Registration Portal. |
RegistrationzhCN |
Chinese (Simplified) language pack for FIM Password Registration Portal. |
RegistrationzhTW |
Chinese (Taiwan) language pack for FIM Password Registration Portal. |
RegistrationhrHR |
Croatian language pack for FIM Password Registration Portal. |
RegistrationcsCZ |
Czech language pack for FIM Password Registration Portal. |
RegistrationdaDK |
Danish language pack for FIM Password Registration Portal. |
RegistrationnlNL |
Dutch language pack for FIM Password Registration Portal. |
RegistrationetEE |
Estonian language pack for FIM Password Registration Portal. |
RegistrationfiFI |
Finnish language pack for FIM Password Registration Portal. |
RegistrationfrFR |
French language pack for FIM Password Registration Portal. |
RegistrationdeDE |
German language pack for FIM Password Registration Portal. |
RegistrationelGR |
Greek language pack for FIM Password Registration Portal. |
RegistrationhiIN |
Hindi language pack for FIM Password Registration Portal. |
RegistrationhuHU |
Hungarian language pack for FIM Password Registration Portal. |
RegistrationitIT |
Italian language pack for FIM Password Registration Portal. |
RegistrationjaJP |
Japanese language pack for FIM Password Registration Portal. |
RegistrationkoKR |
Korean language pack for FIM Password Registration Portal. |
RegistrationlvLV |
Latvian language pack for FIM Password Registration Portal. |
RegistrationltLT |
Lithuanian language pack for FIM Password Registration Portal. |
RegistrationnbNO |
Norwegian language pack for FIM Password Registration Portal. |
RegistrationplPL |
Polish language pack for FIM Password Registration Portal. |
RegistrationptBR |
Portuguese (Brazil) language pack for FIM Password Registration Portal. |
RegistrationptPT |
Portuguese (Portugal) language pack for FIM Password Registration Portal. |
RegistrationroRO |
Romanian language pack for FIM Password Registration Portal. |
RegistrationruRU |
Russian language pack for FIM Password Registration Portal. |
RegistrationsrCS |
Serbian language pack for FIM Password Registration Portal. |
RegistrationskSK |
Slovak language pack for FIM Password Registration Portal. |
RegistrationslSI |
Slovenian language pack for FIM Password Registration Portal. |
RegistrationesES |
Spanish language pack for FIM Password Registration Portal. |
RegistrationsvSE |
Swedish language pack for FIM Password Registration Portal. |
RegistrationthTH |
Thai language pack for FIM Password Registration Portal. |
RegistrationtrTR |
Turkish language pack for FIM Password Registration Portal. |
RegistrationukUA |
Ukranian language pack for FIM Password Registration Portal. |
Table 3 Add-ins and Extensions Language Pack Features
| Feature | Description |
|---|---|
FIMALP |
FIM Add-ins and Extensions Language Pack |
bgBG |
Bulgarian language |
zhCN |
Chinese (Simplified) language |
zhTW |
Chinese (Taiwan) language |
hrHR |
Croatian language |
csCZ |
Czech language |
daDK |
Danish language |
nlNL |
Dutch language |
etEE |
Estonian language |
fiFI |
Finnish language |
frFR |
French language |
deDE |
German language |
elGR |
Greek language |
hiIN |
Hindi language |
huHU |
Hungarian language |
itIT |
Italian language |
jaJP |
Japanese language |
koKR |
Korean language |
lvLV |
Latvian language |
ltLT |
Lithuanian language |
nbNO |
Norwegian language |
plPL |
Polish language |
ptBR |
Portuguese (Brazil) language |
ptPT |
Portuguese (Portugal) language |
roRO |
Romanian language |
ruRU |
Russian language |
srCS |
Serbian language |
skSK |
Slovak language |
slSI |
Slovenian language |
esES |
Spanish language |
svSE |
Swedish language |
thTH |
Thai language |
trTR |
Turkish language |
ukUA |
Ukranian language |
The following tables list the properties that are associated with the features from above.
Table 4 Synchronization Service properties
| Property Name | Description |
|---|---|
STORESERVER |
Name of SQL Server |
SQLDB |
Name of database (FIMSynchronization) |
SQLINSTANCE |
Name of database instance |
SERVICEACCOUNT |
(Required) Service account name |
SERVICEPASSWORD |
Required) Service account password |
SERVICEDOMAIN |
(Required) Service account domain |
GROUPADMINS |
Name of admin group (FIMSyncAdmins) |
GROUPOPERATORS |
Name of operators group (FIMSyncOperators) |
GROUPACCOUNTJOINERS |
Name of joiners group (FIMSyncJoiners) |
GROUPBROWSE |
Name of browse group (FIMSyncBrowse) |
GROUPPASSWORDSET |
Name of password set group (FIMSyncPasswordSet) |
FIREWALL_CONF |
0 – Do not configure firewall (default)1 – Configure firewall |
Table 5 FIM Service and FIM Portal properties
| Property name | Description |
|---|---|
SQMOPTINSETTING |
1 – opt in, 0 – opt out (default) |
SQLSERVER_SERVER |
(Required) Name of SQL Server instance |
SQLSERVER_DATABASE |
Name of database (FIMService) |
EXISTINGDATABASE |
0 – New database (default), 1 – Existing database |
MAIL_SERVER |
(Required) Name of mailserver |
MAIL_SERVER_USE_SSL |
0 – Disable SSL, 1 – Enable SSL (default) |
MAIL_SERVER_IS_EXCHANGE |
0 – SMTP, 1 – Exchange (default) |
SERVICE_MANAGER_SERVER |
Name of the FIM Reporting Service Manager management server. |
POLL_EXCHANGE_ENABLED |
0 – Server will not poll for e-mail messages1 – Server will poll for e-mail messages (default) |
CERTIFICATE_NAME |
Name of certificate to generate (ForefrontIdentityManager) |
SERVICE_ACCOUNT_NAME |
(Required) Service account name |
SERVICE_ACCOUNT_PASSWORD |
(Required) Service account password |
SERVICE_ACCOUNT_DOMAIN |
(Required) Service account domain |
SERVICE_ACCOUNT_EMAIL |
(Required) Service account e-mail address |
SYNCHRONIZATION_SERVER |
(Required) Address of FIM Synchronization Service server |
SYNCHRONIZATION_SERVER_ACCOUNT |
FIM Service Management Agent account in format domain\accountname |
SERVICEADDRESS |
Address used by clients to contact the server |
SHAREPOINT_URL |
URL used to contact the SharePoint server |
REGISTRATION_PORTAL_URL |
An optional URL of the FIM 2010 R2 password registration portal that the FIM portal will redirect to when the user clicks on the "Register for password reset" FIM portal homepage link. |
FIREWALL_CONF |
0 – Do not configure firewall (default)1 – Configure firewall |
SHAREPOINTUSERS_CONF |
0 – Do not add authenticated users (default1 – Add authenticated users |
PASSWORDUSERS_CONF |
0 – Do not add authenticated users (default1 – Add authenticated users |
REQUIRE_REGISTRATIONPORTAL_INFO |
0 – Do not require password registration information (default)1 – Require password registration information |
REGISTRATION_ACCOUNT |
Domain\AccountName of the application pool that will run the password registration portal |
RESET_ACCOUNT |
Domain\AccountName of the application pool account that will run the password reset portal |
REQUIRE_RESET_INFO |
0 – Do not require password reset information (default)1 – Require password reset information |
SHAREPOINTTIMEOUT |
Timeout in seconds the installer should wait for Office SharePoint to deploy the solution packs. |
Table 6 FIM 2010 R2 Certificate Management properties
| Property Name | Description |
|---|---|
WEBAPPNAME |
Name of the virtual folder for certificate Management. |
SITELOCK_DOMAIN |
List of sites used by FIM CM installations. This list is used for ActiveX controls to initiate. |
Table 7 Add-ins and Extensions properties
| Property name | Description |
|---|---|
SQMOPTINSETTING |
1 – opt in, 0 – opt out (default) |
PORTAL_LOCATION |
Address to the FIM Portal. Used by Outlook add-in. |
PORTAL_PREFIX |
Prefix used to contact the FIM Portal. http or https (default) |
MONITORED_EMAIL |
FIM Service e-mail address. Used by the Outlook add-in when sending e-mail messages. |
RMS_LOCATION |
Address to the FIM Service. Used by Password Reset extensions |
REGISTRATION_PORTAL_URL |
The URL of the FIM 2010 R2 password registration portal that the rich client will navigate to by default. As part of the rich client password registration, the rich client will invoke the user's default browser to navigate to that URL if password registration be required. As part of the rich client password registration, the rich client will invoke the user's default browser to navigate to this URL if password registration be required. |
BEST_EFFORT_INSTALL |
If both components are selected, but one cannot be installed due to failed prerequisites, silently continue installation with the other component. 0 – Fail installation (default) 1 – Silently continue |
The following is an example of installing the FIM 2010 R2 Synchronization Service:
msiexec /q /i “D:\Synchronization Service\Synchronization Service.msi" STORESERVER=LocalMachine SQLDB=FIMSynchronization SERVICEACCOUNT=FimSynchService SERVICEPASSWORD=Pass1word! SERVICEDOMAIN=CORP GROUPADMINS=FIMSyncAdmins GROUPOPERATORS=FIMSyncOperators GROUPACCOUNTJOINERS=FIMSyncJoiners GROUPBROWSE=FIMSyncBrowse GROUPPASSWORDSET=FIMSyncPasswordSet FIREWALL_CONF=1 /L*v C:\mylogfile.txt
The following is an example of installing the FIM 2010 R2 Service and Portal:
msiexec /q /i "D:\Service and Portal\Service and Portal.msi" ADDLOCAL=CommonServices,WebPortals SQMOPTINSETTING=0 SQLSERVER_SERVER=APP1 SQLSERVER_DATABASE=FIMService EXISTINGDATABASE=0 MAIL_SERVER=EX1.corp.contoso.com MAIL_SERVER_USE_SSL=0 MAIL_SERVER_IS_EXCHANGE=1 POLL_EXCHANGE_ENABLED=1 CERTIFICATE_NAME=ForefrontIdentityManager SERVICE_ACCOUNT_NAME=FIMService SERVICE_ACCOUNT_PASSWORD=abc123*2k SERVICE_ACCOUNT_DOMAIN=CORP SERVICE_ACCOUNT_EMAIL=FIMService@corp.contoso.com SERVICE_MANAGER_SERVER=APP2 SYNCHRONIZATION_SERVER=FIM1 SYNCHRONIZATION_SERVER_ACCOUNT=CORP\FIMMA SERVICEADDRESS=FIM1 SHAREPOINT_URL=https://localhost REGISTRATION_PORTAL_URL=https://passwordregistration.corp.contoso.com FIREWALL_CONF=1 SHAREPOINTUSERS_CONF=1 REQUIRE_REGISTRATION_INFO=1 REGISTRATION_ACCOUNT_NAME=FIMPassword REGISTRATION_ACCOUNT_DOMAIN=CORP REQUIRE_RESET_INFO=1 RESET_ACCOUNT_NAME=FIMPassword RESET_ACCOUNT_DOMAIN=CORP /L*v C:\fimservicelog.txt
The following is an example of a command-line installation for the Password Reset and Registration Portal.
msiexec /q /i “D:\Service and Portal\Service and Portal.msi" ADDLOCAL=RegistrationPortal,ResetPortal REGISTRATION_ACCOUNT=CORP\FIMPassword REGISTRATION_ACCOUNT_PASSWORD=Pass1word$ REGISTRATION_HOSTNAME=passwordregistration.corp.contoso.com REGISTRATION_PORT=80 REGISTRATION_FIREWALL_CONFIG=1 REGISTRATION_SERVERNAME=FIM1 IS_REGISTRATION_EXTRANET=Extranet RESET_ACCOUNT=CORP\FIMPassword RESET_ACCOUNT_PASSWORD=Pass1word$ RESET_HOSTNAME=passwordreset.corp.contoso.com RESET_PORT=81 RESET_FIREWALL_CONF=1 RESET_SERVERNAME=FIM1 IS_RESET_EXTRANET=Extranet /L*v C:\mylogfile.txt
The following is an example of a command-line installation for the FIM CM Web Portal and FIM CM Update Service of FIM 2010 Certificate Management
msiexec /q /i “D:\Certificate Management\x64\Certificate Management.msi" ADDLOCAL=CLM_Service,Web_Files WEBAPPNAME=CertificateManagement /L*v C:\mylogfile.txt
The following is an example of a command-line installation for the FIM CM CA Modules of FIM 2010 Certificate Management
msiexec /q /i “D:\Certificate Management\x64\Certificate Management.msi" ADDLOCAL=CA_Modules /L*v C:\mylogfile.txt
The following is an example of a command-line installation for the FIM CM Client of FIM 2010 Certificate Management
msiexec /q /i “D:\CM Client\x64\CM Client.msi" ADDLOCAL=CMClient,ChangePin,AppletManagement,SelfServiceControl,ProfileUpdateControl /L*v C:\mylogfile.txt
The following is an example of installing the Add-ins and Extensions:
msiexec /q /i “D:\Add-ins and extesnisons\x64\Add-ins and extensions.msi" ADDLOCAL=OfficeClient,PasswordClient PORTAL_LOCATION=FIM1 PORTAL_PREFIX=http RMS_LOCATION=FIM1 MONITORED_EMAIL=FIMService@corp.contoso.com REGISTRATION_PORTAL_URL=https://passwordregistratio.corp.contoso.com /L*v C:\mylogfile.txt
The following is an example of installing the Service and Portal Language Pack. It shows how to install the Japanese language pack for all of the components
msiexec /q /i “D:\Service and Portal Language Pack\Service and Portal Language Pack.msi" ADDLOCAL=FIMPortalLP,PortaljaJP,FIMServiceLP,MTjaJP, FIMResetPortalLP,ResetjaJP,FIMRegistrationPortalLP,RegistrationjaJP /L*v C:\mylogfile.txt
The following is an example of installing the Add-ins and Extensions Language Pack. It shows how to install the Japanese language.
msiexec /q /i “D:\Add-ins and Extensions Language Pack\Add-ins and Extensions Language Pack.msi" ADDLOCAL=FIMALP,jaJP /L*v C:\mylogfile.txt