FIM 2010 Update 1 Installation Issue

Published on Sunday, March 13, 2011 in

In the release notes of FIM 2010 Update 1 (KB978864), one of the things mentioned is that you have to make sure the Portal is reachable on http://localhost. Another known issue for things to go wrong seems to be the FIM Service Certificate. During the installation you get the following options:


From Microsoft PSS I heard that there’s a known issue to upgrade to FIM 2010 Update 1 if you choose a customized certificate. One of the requirements for the FIM Service certificate is, is that it has CN=ForefrontIdentityManager in it’s subject. My customer had generated a custom certificate from their internal CA, and of course the subject was different from the required one.

This caused the update to fail and rollback. The following errors were shown in the Application event log:

Entries from the event log, first line logged first:

  • Error : MicrosoftILMPortalCommonDlls.wsp already exists
  • An error occurred while deploying FIM portal solution packs.
  • Error : MicrosoftIdentityManagement.wsp already exists
  • An error occurred while deploying FIM portal solution packs.
  • Error : ILMPasswordPortal.wsp already exists
  • An error occurred while deploying FIM portal solution packs.

To resolve this situation you can run the RTM installer again, but now chose “change”. You’ll be prompted to fill in all setup questions again, but now you can choose “Generate a new self-signed certificate”. After running this successfully you can try to update again.

Some other items I found on my quest for a solution:

Installing update failed because sharepoint not installed on "localhost"?

In my opinion removing .WSP’s your self in WSS is not a great idea. The FIM Update installers really depend on the fact that they expect the .WSP’s to be in place. If you start messing with them you might break things completely. If you are having issues reaching your portal at http://localhost, verify the bindings for the SharePoint site in IIS. You could add:

  • 80
  • ::1 80

To ensure proper access to http://localhost. In case you don’t have “all available addresses 80” set as the binding.

Another possible solution: ILM 2 Beta 3 Premature Failure - ilmpasswordportal.wsp already exists Again, I would really advise against deleting .WSP’s yourself. Even if they are in error, try running the FIM Service & Portal setup in Change mode. You’ll see it will re-deploy the .WSP solutions.

P.S. If you want detailed information regarding a failure for an update, try running the update.msp file like this: msiexec /p update.msp /L*V c:\update.log

Related Posts

2 Response to FIM 2010 Update 1 Installation Issue

17 March, 2011 11:58

You need to flag this with Microsoft as they haven't updated there documentation or made a knowledge base article. I used a internal cCA as the microsoft docs tell you to.

Thanks for the heads up it fixed my issue too.

17 March, 2011 23:03


Glad I could help you. I'll see If I can bug someone at microsoft with this. I agree this should be included in the Update 1 KB. It does list other requirements such as the availability of the portal on http://localhost. Would be great to see it added.


Add Your Comment