Applying a Release Update to the MIM Synchronization Service and Offline Spare
Using This Guide:
Introduction:
This document is intended to be used as an operational procedure document for updating the Microsoft Identity Management 2016 Synchronization Server installation. You may perform search and replace on the variables listed below to create a detailed version update guide customized for your environment.
Document Variables:
Description |
Search and Replace Variable |
The Offline MIM Synchronization Server’s Common Name. |
[Offline Sync Server] |
Primary Synchronization Server’s Common Name. |
[Primary Sync Server] |
The Installation account used to perform installation and updates of the MIM Synchronization Service Software. |
[Install Account] |
Procedure Summary for Updating FIM / MIM:
The update process consists of the following steps:
Identify the Current Version:
- Identify the current version of the Synchronization Engine.
Identify the Update Version:
- Identify the release appropriate for your environment.
- Download the selected update file.
Synchronization Service:
- Stop Scheduled Tasks associated with MIM Run Profiles
- Confirm all Synchronization jobs are completed.
- Validate Configuration of Off-line Spare
- Stop the Primary Server Synchronization Service
- Install the update on the Offline Spare
- Install the update on the Primary Sync Server
Service, Portal, Password Registration and Reset:
- If applicable, update the Portal and FIM Service to same release.
- If applicable, update the Password Reset and Registration Sites
Final wrap up:
- Enable Scheduled Tasks
Identify the Current Version:
Identify the current version of the Synchronization Engine:
On the Primary Synchronization Server [Primary Sync Server]
Login using the Install Account [Install Account]
From the Windows Server select Start
Type MIIS, and select Synchronization Service
To verify the version, click Help and About.
While the trademark is stamped Microsoft Forefront Identity Manager 2010 R2, the MIM 2016 R1 versions start at 4.4.xxxx.x whereas FIM 2010 R2 begins at 4.1.xxxx version. The full number is the release number of the installed version.
Identify the Update Version:
Identify the update release appropriate for your environment:
You can find the latest update information for your release at the following URL: https://blogs.technet.microsoft.com/iamsupport/idmbuildversions/
Download the selected update file:
After reading the Release Notes and choosing an appropriate release for your environment, you can download the update by selecting the Microsoft Download Center link contained within the Release Note.
The update file for the Synchronization Service is likely to have a file name format resembling FIMSyncService_x64_KBxxxxxxx.msp. Download the file to the MIM 2016 Offline Spare and Primary Synchronization [Primary Sync Server] Servers.
Synchronization Service:
Stop scheduled Tasks associated with MIM Run Profiles :
The first step in the update process is to ensure all synchronization service scheduled tasks on the Primary Synchronization Server [Primary Sync Server] are completed or properly stopped before performing the update. Stop, or allow to complete, any currently running tasks associated with the Synchronization Service and its associated run profiles. Note the name of each task that is disabled.
To Open Task Scheduler:
From the Server select Start
Type task scheduler and run the task scheduler utility.
To Disable a task:
Select the task, right click and select Disable
To Stop a running task:
Select the running task, Right Click and select End.
Note: Stopping a scheduled task does not stop an import, export or synchronization job that is currently running in the Synchronization Engine.
Confirm all Synchronization jobs are completed :
On the Primary Synchronization Server [Primary Sync Server]
Launch the Synchronization Service Manager
Select the Operations Tab
Confirm all import, export and synchronization jobs have completed.
For any running jobs, you can allow the job to complete, or manually stop the job, which ever approach may be appropriate to your environment and associated change policies and service level agreements.
Validate Configuration of Off-line Spare
Now is a good time to verify that the run profiles, scheduled tasks, batch files, PowerShell and visual basic scripts associated with the scheduled tasks on the Primary Synchronization Server [Primary Sync Server] are present in the same path of the Off-line Spare Synchronization Server [Offline Sync Server] . This will ensure that the Off-line Spare can be brought into service successfully if needed.
Stop the Primary Server Synchronization Service
On the Primary Synchronization Server [Primary Sync Server]
Once all scheduled tasks are stopped and disabled,
Stop the Forefront Identity Manager Synchronization Service.
Launch Services
Double click the Forefront Identity Manager Synchronization Service
Stop the service by selecting the Stop button.
Change the Startup Type from Automatic or Automatic (Delayed Start) to Manual.
Install the update on the Off-line Spare.
The Update of the Off-Line Spare Synchronization Server [Offline Sync Server] is performed before the update of the Primary Synchronization server [Primary Sync Server] . This is because the update process will set the Primary Synchronization server as the current server [Offline Sync Server] in the shared SQL Database.
Switch to the Off-Line Spare Synchronization server.
Login using the Install Account [Install Account]
Launch Services by selecting Start and typing Services.msc
Double click the Forefront Identity Manager Synchronization Service
Change the Startup Type from Disabled to Manual.
From the server select Start
Type Command Prompt
Right Click Command Prompt and select Run as Administrator
If prompted to allow the program to make changes to the computer, select Yes.
Navigate to the directory location of the update file
Type the file name FIMSyncService_x64_KBxxxxxxx.msp and press [Enter]
Welcome to the Update for MIM Synchronization Service
Select Update
Once completed, select Finish
In most updates, the Forefront Identity Manager Synchronization Service will start after the update.
Launch the Synchronization Service Manager
Verify that the Synchronization Service Manager loads without error.
Close the Synchronization Service Manager
Launch Services
Double click the Forefront Identity Manager Synchronization Service
Stop the service, by selecting the Stop button.
Change the Startup Type from Manual to Disabled.
The update of the Off-Line Spare [Offline Sync Server] is now complete.
Install the update on the Primary Sync Server
The Update of the Primary Synchronization Server [Primary Sync Server] is performed after the update
of the Off-line Spare Synchronization server [Offline Sync Server] . This is because the last update executed will set the Primary Synchronization server as the current server [Primary Sync Server] in the shared SQL Database.
Switch to the Primary Synchronization server [Primary Sync Server] .
Login using the Install Account [Install Account]
From the server select Start
Type Command Prompt
Right Click Command Prompt and select Run as Administrator
If prompted to allow the program to make changes to the computer, select Yes.
Navigate to the directory location of the update file
Type the file name FIMSyncService_x64_KBxxxxxxx.msp and press [Enter]
Welcome to the Update for MIM Synchronization Service
Select Update
Once completed, select Finish
In most updates, the Forefront Identity Manager Synchronization Service will start after the update.
Launch the Synchronization Service Manager
Verify that the Synchronization Service Manager loads without error.
Close the Synchronization Service Manager
Launch Services
Double click the Forefront Identity Manager Synchronization Service
Stop the service, by selecting the Stop button.
Change the Startup Type from Manual to Automatic or Automatic (Delayed Start) .
You may optionally choose to restart the Primary Synchronization server after the update.
Service, Portal, Password Registration and Reset:
If applicable, update the Portal and FIM Service to same release.
These instructions are contained in a separate blog post located at the following url:
If applicable, update the Password Reset and Registration sites to same release.
These instructions are contained in a separate blog post located at the following url:
<<Document under construction>>
Final wrap up:
Enable Scheduled Tasks.
The final step in the update process is to ensure all synchronization service scheduled tasks are enabled on the Primary Synchronization Server [Primary Sync Server] after performing the update. Referring to the previously Noted disabled tasks, enable each of the scheduled tasks that were previously disabled.
Access the Primary Synchronization Server [Primary Sync Server]
Login using the Install Account [Install Account]
To Open Task Scheduler:
From the Server select Start
Type task scheduler and run the task scheduler utility.
To Enable a task:
Select the task, right click and select Enable