To install FIM portal, the setup needs to run under SharePoint Farm administrator account with at least Open permission that allows users to open a Web site, list, or folder in order to access items inside that container

Scenario

When attempting to install or uninstall Forefront Identity Manager 2010 R2 (FIM) you receive the following error:

image

Textually:

To install FIM portal, the setup needs to run under SharePoint Farm administrator account with at least Open permission that allows users to open a Web site, list, or folder in order to access items inside that container.  Please make sure you are a SharePoint Farm administrator with Open permission and then click “Retry”.  Click “Cancel” to abort setup.

Issue

When you check the farm administrators group you are a member.  What you are not is a Site Collection Administrator.  The Site Collection Administrators are individual users – just two of them – not groups!  Here’s mine:

image

But I’m running the installation as *the* administrator account (because you need that to uninstall FIM SYNC from control panel!):

image

As soon as I add myself to the Primary or Secondary Site Collection Administrator (Central Administration | Application Management | Site Collections | Change site collection administrators) the process completes as expected.

Summary

The principal you use to uninstall FIM should be the installation account.  Smile

Being serious again…Specifically, to install or uninstall FIM Portal, you need to be a local administrator on the server (a domain user that is a direct or indirect member of builtin\administrators); a member of the SharePoint farm administrators group; and you need to be defined as either the primary or secondary site collection administrator.

References

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in FIM, FIM 2010 R2, SharePoint, Troubleshooting and tagged , , , , , , . Bookmark the permalink.

3 Responses to To install FIM portal, the setup needs to run under SharePoint Farm administrator account with at least Open permission that allows users to open a Web site, list, or folder in order to access items inside that container

  1. Dave Nesbitt says:

    Nice one, Paul! We just hit this today upgrading an install where we didn’t know the original install account.

  2. Dave Nesbitt says:

    Nice one, Paul. We just hit this upgrading an old installation where we didn’t know the original install account. Thanks

  3. Ross Currie says:

    What Dave said. Were doing a FIM 2010->FIM 2010 R2 SP1 upgrade and hit the same issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s