MIM 2016 deployment on Windows 2016 Application Server deprecated

Install instructions are wrong for MIM deployment if deploying on Windows Server 2016, the best command line I have found which combines all the requirements for SharePoint and the MIM Portal is:

Add-WindowsFeature Web-Server, `
windows-identity-foundation, `
NET-Framework-45-ASPNET, `
Net-Framework-Features, `
Web-Mgmt-Console, `
Web-Mgmt-Compat, `
Web-Metabase, `
Web-Lgcy-Mgmt-Console, `
Web-Lgcy-Scripting, `
Web-Mgmt-Tools, `
Web-WMI, `
Web-Common-HTTP, `
Web-Windows-Auth, `
NET-HTTP-Activation, `
NET-Non-HTTP-Activ, `
NET-WCF-HTTP-Activation45,`
rsat-ad-powershell,`
Server-Media-Foundation,`
Xps-Viewer –includeallsubfeature -source D:\sources\sxs

You will need a Windows 2016 source specified as .net3.5 requires it.

Feature with Id ‘ca7bd552-10b1-4563-85b9-5ed1d39c962a’ is not installed in this farm, and cannot be added to this scope.

You may get the above error when trying to create the portal for FIM or MIM in SharePoint 2013, it seems like MS ay have messed around with the numbering of the templates……in the powershell script to create the web site try changing “STS#1” to “STS#0”


$t = Get-SPWebTemplate -compatibilityLevel 14 -Identity "STS#0"

It swaps the template from a blank site to a teams site which is has the features required for the FIM/MIM portal.

You also get this if you have not yet run the product configuration wizard, so if you have configured via command line then before the above section run the config wizard and that installs the templates etc. and sets up the config site.

Disable LoopBack Check

Common problem with deployments on SharePoint is that when you try to browse to the server loopback on any dns name that isn’t the server name itself the server will stop you and it looks like a Kerberos error initially. To disable these checks can be done easily and in true Ninja fashion by PowerShell script….check it out:

The first option is more secure as you only grant access to the host names specified, the second option gives access to the server on any hostname so is less secure.

 

New-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 -Name BackConnectionHostNames -Value "password.mim.ninja","portal.mim.ninja" -PropertyType MultiString -Force

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword

 

You can have as many host names as you like in the first script, MS recommends only using the 2nd option in development environments.

WordPress Appliance - Powered by TurnKey Linux