Installing the Service Portal Server (Server 2008/R2)

Forefront Identity Manager 2010 Installation & Configuration

Installing the Service Portal Server (Server 2008/R2)

Anthony Marsiglia & Kristopher Tackett

Microsoft Premier Field Engineering

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, our provision of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers.

© 2013 Microsoft Corporation. All rights reserved. Any use or distribution of these materials without express authorization of Microsoft Corp. is strictly prohibited.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

1

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering

Forefront Identity Manager 2010 Installation & Configuration

Installing the Service Portal Server (Server 2008/R2)

It is now time to install the Forefront Identity Manager 2010 R2 Service Portal Server. Please note that, at this stage, you may choose to install only the FIM Service Portal, or the FIM Service Portal and the Self-Service Password Registration and Reset Portals. In this scenario, we will be installing the Service Portal and SSPR.

To begin, navigate to the install media and double-click “FIMSplash” to open the FIM 2010 R2 install window

From here, under “Identity Manager Service and Portal”, select “Install Service and Portal”. When the warning pops up, click “Run”

Again, click “Run”

This will open the Forefront Identity Manager Service and Portal Setup Wizard. To continue, click “Next”

After reading and accepting the End User License Agreement, click “Next” to continue

Make a decision about whether or not to participate in the Microsoft FIM Customer Experience Imporvement Program, and click “Next” to continue

At the “Custom Setup” window, deselect “FIM Reporting” (we will come back to this later). Again, please note, in this scenario, we are also installing SSPR. If you do not wish to install SSPR, also deselect “FIM Password Registration Portal” and “FIM Password Reset Portal”. To continue, click “Next”

Enter the name of the SQL database server to be used, as well as the name of the database. In this scenario, we will be creating a new database. However, in cases of disaster recovery, you may instead choose “Re-use the existing database”. Click “Next” to continue.

Enter the name of the mail server (or relay) you wish to use, then click “Next”

When prompted, select “Generate a new self-issued certificate” and click “Next”

Enter the name of the service account created earlier, as well as the password and domain in which it resides, along with the mail address you wish for it to use, then click “Next” to continue.

You will now receive the following warning. Please note that we will be returning to this later, so you may click “Next” to continue.

Enter the name of the Synchronization Engine server, as well as the domain and FIM Management Agent service account, then click “Next”

Enter the name of Service Portal Server in the box, then click “Next” to continue.

For the “Sharepoint site collection URL:”, you may leave this default and click “Next”

Now it is necessary to enter the URL for the Self-Service Password Registration Portal. As a best practice, you may want to create a DNS pointer (in this scenario, the pointer resolves to registration.blue.org). PLEASE NOTE that this step is only applicable if you are installing SSPR.

For the firewall configuration, please be sure to check the boxes next to “Open ports 5725 and 5726 in firewall” and “Grant authenticated users access to the FIM Portal site”, then click “Next” to continue.

Enter the previously created service account and password, as well as the URL for the registration portal and the port you wish to use, then click “Next”

You may receive the following warning. If so, please click “Next” to continue, as we will return to this later.

Enter the FIM Service Server address, and select either internal only or internal/external access to the Password Registration Portal, then click “Next” to continue

For the Reset Portal configuration, enter the same previously created service account and password, as well as the DNS pointer and port, then click “Next” to continue

Again, you may receive a warning. If so, click “Next” to continue as we will be revisiting this at a later time.

As before, enter the FIM Service Server address, and choose either internal only or internal/external, then click “Next” to continue.

To begin the installation, click “Install”

When the Forefront Identity Manager Service and Portal Setup Wizard completes successfully, click “Finish”

You should now be able to access the Forefront Identity Manager 2010 R2 Service Portal, as shown below:

However, in some cases, you may receive the following error:

If so, please navigate to the Microsoft SQL 2008 Server and be sure to start the associated SQL Agent.

Likewise, in some cases, you may also receive the following error:

If so, from the Service Portal Server, please open the services console (“Start” -> “Run” -> “services.msc”), and start the “Sharepoint 2010 Administration” service, then click “Retry”.

Page 1

Prepared by Anthony Marsiglia & Kristopher Tackett
Microsoft Premier Field Engineering