This morning I read about two new updates for the FIM Synchronization and FIM Service services on Brad Turners Blog: FIM 2010 - Update 1 Released to Windows Update
So I went forward. The update for the Synchronization Service installed fine, but the update for the FIM Service started with the following error:
Error 25070.Error connecting to database FIMSynchronizationService. Invalid class string
It went on, but eventually rolled back the second update… I wanted to verify the Sync Service by opening the Synchronization Service Manager:
In my event log DCOM was becoming unhappy and was complaining for both the sync service account and my account.
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user CORP\thomas SID (S-1-5-21-1739285864-795146598-2204218754-1104) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
The DCOM ID seems to be the “Forefront Identity Manager Synchronization Service”. Verifying it’s permissions I found out that the FIM groups (which the installer configured) were gone and replace by SID’s unknown to my domain.
My user his SID looks like:
After manually re-adding the groups it looked like this:
All I needed was a restart of the Forefront Identity Manager Synchronization Service and I could access the FIM Synchronization Manager again. Oef!
However the update wasn’t installed yet… So I tried again. Again the error popped up and my component services permissions screwed:
The funny thing is the SID’s now start at 1018… I have no clue what is going on. I have no time to go further on this. But I’m curious if there’s anyone out there experiencing the same.
[update] I posted this issue over at technet forums and Andreas Kjellman pointed me to the fact that if SQL is off-box from the Sync Engine, the Microsft SQL Server 2008 Native Client has to be installed. After installing the client the update went flawless.
A link to the client: SQL 2008 Native Client
I think it would be nice if they added this information to the Hardware and Software Requirements for FIM on technet.