Microsoft recently released Service Pack 1 for Forefront Identity Manager 2010 R2. With the release of Service Pack 1 came some really good support for the latest elements that form the foundation of the FIM Portal, namely Windows Server 2012 and SharePoint Foundation 2013.

While basing the FIM 2010 R2 SP1 Portal on a SharePoint 2013 Foundation doesn’t offer any feature advantages over SharePoint 2010, it does provide compatibility with Windows Server 2012 which SharePoint 2010 won’t do until the release of Service Pack 2.

Many small-scale deployments of FIM are based on single instance deployments of WSS or SharePoint Foundation. Where redundancy is required, SharePoint Farms are still not often deployed, instead local WSS or SharePoint Foundation installations are deployed, which are then load balanced. While these deployment scenarios make the setup of the FIM Portal less technically challenging, as a centralised SharePoint Farm does not need to be considered, they sacrifice some of the advantages to deploying a Farm. Namely, the fact that only a single database is required and most importantly that a scale-out of the FIM Portal becomes as easy as adding a new SharePoint Foundation server.

Installing FIM 2010 R2 SP1 on SharePoint Foundation 2013 is well documented in Technet as is installing and configuring a SharePoint Farm. As long as you’re then installing FIM 2010 R2 SP1 to an existing SharePoint Foundation Farm you’ll experience a fairly smooth ride. Where you might experience issues is in adding additional nodes to a SharePoint 2013 Farm as the process requires a few additional steps that unless done will render your new nodes nonfunctional.

This article will run through the process of installing the new node and executing the additional steps to get FIM 2010 R2 SP1 working.

Installing the New Node

There are two primary mechanisms for installing the additional SharePoint 2013 node. One can either install via the SharePoint Products Configuration wizard or through a PowerShell interface.

Installing through the UI is as easy as entering the database server, configuration database name and the pass phrase used when creating the farm:

Once started the configuration wizard will add the new server to the farm and deploy any solution and/or feature packs to the new node. Alternatively, one can use PowerShell to complete the same task as below:

$passphrase = (ConvertTo-SecureString "Farm Passphrase" -AsPlainText -force)

Connect-SPConfigurationDatabase -DatabaseServer $databaseServer -DatabaseName $configDatabase -Passphrase $passphrase

Start-Service SPTimerV4

Install-SPHelpCollection -All
Install-SPFeature -AllExistingFeatures

Getting the FIM Portal Working

By now you should have a SharePoint Farm and an additional farm node configured and working. To test the scenario you can browse to your root site from either server and should receive a functioning site. If, however, you were to try browse to the FIM Portal on the new node at ‘/IdentityManagement’ you would be greeted with the following:


The error above is due to an incomplete deployment of the FIM 2010 R2 SP1 solution pack and features to the new node. When adding a new server to a SharePoint Farm, existing features are deployed to the new server to match the other servers in the farm. Likewise, the FIM Portal is ultimately a combination of a solution pack and features that get deployed to the SharePoint Farm servers.

One of these features ‘MSILM2Configuration’ is configured to deploy a resource file to nodes of the farm. When being installed on an existing farm the feature will be deployed correctly. However, when scaling out the farm and adding servers after the FIM Portal has already been installed. This feature will not deploy the resource file or update the configuration of the web.config for the web application.FIM-SP-FeatureError-1

To complete the deployment of the FIM Portal solution pack and features the following PowerShell command needs to be run.

Enable-SPFeature MSILM2Configuration -Url "http://[FQDN of FIM Portal]/IdentityManagement" -Force

The above command will force the missing components of the feature to deploy, resulting in a complete configuration of the FIM Portal on the new SharePoint 2013 Farm server.

I hope this post was helpful and saves others a bit of time configuring additional SharePoint Farm members.

FIM, Identity and Access Management
, , ,

Join the conversation! 3 Comments

  1. It’s probably worth noting that Paul Williams at Microsoft recently released a blog entitled “FIM Portal in a Sharepoint Farm – Why you should not do this ( Mind you, this is a great article if you have no choice but to ignore his advice.

    • Hi Ross,

      Paul’s blog, addressing the challenges supporting a SharePoint Farm is a great viewpoint and one that should definitely be considered. I don’t think every use case necessarily prevents the successful implementation of a farm nor is support of a SharePoint Farm the only challenge when upgrading FIM. For those that do end up seeing benefit in a farm scenario I hope the issues I noted are helpful.

  2. Hi Stefan great article. I had the exact error and a colleague pointed out this article because he stumbled across it for another reason. I googled JavaScriptDisabledError Text, but only found a TechNet article suggesting to un-install/reinstall the FIM portal. This answers the mystery as to why it happens and a much easier fix!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: