Table of Contents
Purpose
The purpose of this document is to provide a detailed explanation of how to prepare and execute the installation of the Forefront Identity Manager 2010 R2 Add-ins and Extensions through Group Policy.
Software Requirements
- Orca – You will need this tool to be able to build a Windows Installer Transform file (MST). The tool is available in the Windows Installer SDK which you can download from https://msdn.microsoft.com/en-us/library/windows/desktop/aa370557(v=vs.85).aspx. Once downloaded, you will find it in the %programfiles%\Microsoft SDKs\Windows\v6.0a\Bin.
- Microsoft Windows Server 2008 Active Directory
- Microsoft Outlook 2007 Service Pack 2
Steps to prepare for deployment
We will cover the steps to prepare the Forefront Identity Manager 2010 Add-ins and Extensions package for deployment. It is a good idea to execute the steps in order, as it will allow things to flow more smoothly in your deployment process.
- Create a network installation share if you do not already have one.
- Create a Windows Installer Transform file
- Add the installation package to the Group Policy Management Editor and prepare it for deployment
- Verify the package install on the client
How to build the Windows Installer transform (MST)
A transform is a collection of changes applied to an installation. By applying a transform to a base installation package, the installer can add or replace data in the installation database. The installer can only apply transforms during an installation. You might want to add some custom information to the installation to help configure things as the product is installed.
Navigate to the installation folder for the Add-ins and Extensions (Forefront Identity Manager\Add-ins and extensions)
*NOTE* You will need to build a MST for each x64 and x32 if you have a mixed x64/x32 bit environment.
Right click on the Add-ins and extensions.msi file and select Edit in Orca
*NOTE* If you need to deploy to another language, you will need to build a MST file for each of the language packs.
From the Transform menu select New Transform
Select Property from the left hand column
At this point, you can work with Public Properties that you need to customize for your environment.
In this sample, we will be updating the following: (RMS_LOCATION, PORTAL_LOCATION, PORTAL_PREFIX, MONITORED_EMAIL, SITELOCK_DOMAIN, IE7TRUSTEDSITES, BEST_EFFORT_INSTALL)
*NOTE: For more information on the properties mentioned above, refer to the following links:
- Unattended installation of FIM 2010
- Unattended installation of FIM 2010 R2 Self-Service Password Reset
What to do when you do not see the property.
- From the tables menu select Add Row
- Enter the property name in all capital letters.
- Enter the value
- Click Ok
What to do when you see the property.
- Simply double click on the value and update the value.
- From the Transform menu select Generate Transform
- Save it to a good location.
- From the Transform menu select Close Transform
- *NOTE* You have to select the Close Transform menu option. If you do not you will not be able to associate the MST file with the MSI file.
- Close Orca
- You should now have an MST file.
For more information on Windows Installer Transforms
- http://technet.microsoft.com/en-us/library/cc181086.aspx
- http://msdn.microsoft.com/en-us/library/aa367447(VS.85).aspx
How to add the installation package to GPO
- Open Administrative Tools and double click on Group Policy Management
- Expand Domains and then your domain
- Select Default Domain Policy
- From the Action menu select Edit
- This will open the Group Policy Management Editor window
- Expand Computer Configuration > Policies > Software Settings
- Select Software Installation
- From the Action menu select New > Package
- Point to the network share installation point using the UNC path beginning with (e.g. \\machinename\installationshare)
- Select the Add-ins and extensions.msi file and click Open
- Select Advanced and click Ok
- Select Modifications and click Add
- Point to the MST file that you created and click Ok
- Open a command-window and type: gpupdate /force
- You will receive a prompt to restart the computer. Please press “N” and then press the Enter key.
- *NOTE* This restart option is for the DC and not the client computer. If you check “Y” here, the DC will prompt you that it is restarting and it will apply the installation policy to itself.
- The package is now ready to be deployed
Verify the installation package on the client
- Go to the client machine
- Restart the client machine
- Open Control Panel and then Programs and Features
- Notice the installed package
- Open Microsoft Outlook and start a new mail. You should see the Group information in the Office Ribbon.
Troubleshooting
Logging and troubleshooting ideas
- How to enable Windows Installer verbose logging: http://support.microsoft.com/kb/223300
- Fixing Group Policy problems with logging: http://technet.microsoft.com/en-us/library/cc775423(WS.10).aspx
- Troubleshooting Group Policy problems: http://technet.microsoft.com/en-us/library/cc787386(WS.10).aspx
- Troubleshooting Group Policy Application Problems: http://support.microsoft.com/kb/250842
- 1704 – indication that the group policy objects have been successfully deployed.
- 107 – indication that group policy failed on the software installation
- 1040 – indication that the MSIinstaller has began a transaction
- 1042 – indication that the MSIinstaller has ended a transaction
EVENT IDs to be aware of
Log Name: Application
Source: Software Installation
Date: 3/9/2010 3:20:34 PM
Event ID: 110
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: USARS.speedskaters.nttest.microsoft.com
Description:
Software Installation was unable to generate the script for \\usars\AandE\x64\Add-ins and extensions.msi. The following error was encountered: Another installation is already in progress. Complete that installation before proceeding with this install.
RESOLUTION
This means that you have not executed a GPUPDATE yet to fully configure the installation, or you have clicked the Ok button again before the properties window closes.
- Remove the item that added when the properties window closes.
- Open a command-prompt
- Type: gpupdate /force and press the <ENTER> key
- Go back to the Group Policy Editor and add the package