Applies ToForefront Identity Manager 2010

Introduction

A hotfix rollup package (build 4.00.3558.02) is available for Microsoft Forefront Identity Manager (FIM) 2010.This hotfix rollup package includes all the previous hotfixes that are described in the following Microsoft Knowledge Base (KB) articles:

978864 Update Package 1 for Microsoft Forefront Identity Manager (FIM) 20102028634 A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010The hotfix rollup package also resolves some issues and provides features that were not previously documented in a Knowledge Base article. For more information about these issues and features, see the "More information" section.

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:

http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must have Microsoft Forefront Identity Manager 2010 installed to apply this hotfix.

Restart information

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix rollup replaces the following hotfix rollup:

2028634 A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File name

File version

File size

Date

Time

Fimaddinsextensionslp_x64_kb2272389.msp

Not Applicable

4,358,144

09-Sep-2010

13:09

Fimaddinsextensionslp_x86_kb2272389.msp

Not Applicable

3,478,016

09-Sep-2010

12:48

Fimaddinsextensions_x64_kb2272389.msp

Not Applicable

3,051,520

09-Sep-2010

13:09

Fimaddinsextensions_x86_kb2272389.msp

Not Applicable

2,570,240

09-Sep-2010

12:48

Fimcmbulkclient_x86_kb2272389.msp

Not Applicable

2,256,384

09-Sep-2010

12:48

Fimcmclient_x64_kb2272389.msp

Not Applicable

5,793,280

09-Sep-2010

13:09

Fimcmclient_x86_kb2272389.msp

Not Applicable

5,127,680

09-Sep-2010

12:48

Fimcm_x64_kb2272389.msp

Not Applicable

10,140,160

09-Sep-2010

13:09

Fimpcns_x64_kb2272389.msp

Not Applicable

182,784

09-Sep-2010

13:09

Fimpcns_x86_kb2272389.msp

Not Applicable

142,848

09-Sep-2010

12:48

Fimservicelp_x64_kb2272389.msp

Not Applicable

4,605,440

09-Sep-2010

13:09

Fimservice_x64_kb2272389.msp

Not Applicable

16,491,008

09-Sep-2010

13:09

Fimsyncservice_x64_kb2272389.msp

Not Applicable

21,146,624

09-Sep-2010

13:09

More Information

Fixed issues that relate to Certificate Management

The following issue is fixed in this hotfix package:Issue 1The requests that are submitted by the Online Update Service cannot update the target attribute in Active Directory in Certificate Management of FIM 2010.

Fixed feature and issues that relate to Credential Management

The following feature and issues are fixed in this hotfix package:

Feature

Feature 1The Password Reset registration wizard does not let organizations provide a link to their data policy. This hotfix adds a fix to provide a feature by which you can insert a link to an organization’s data policy and display that link in the Password Reset registration wizard. To enable this feature, you must set the PrivacyLink (REG_SZ) registry value after you apply this hotfix. This fix is available in the Identity Manager 2010 Group Policy Templates. To obtain the Group Policy templates, visit the following Microsoft Download Center website:

Microsoft Forefront Identity Manager 2010 Group Policy Templates

Issues

Issue 1This hotfix enables the self-service password reset registration cache feature to work correctly.When the registration cache feature is enabled, users who are registered for password reset will have their registration checked periodically to make sure that it is up to date. Users who are not registered will continue to be prompted to register for password reset every time that they log on to Windows.Issue 2The type for the CacheInterval and MaxOffset registry values is set to REG_SZ in the Group Policy Templates. This hotfix corrects the type to REG_DWORD. This fix is available in the Identity Manager 2010 Group Policy Templates. To obtain the Group Policy templates, visit the following Microsoft Download Center website:

Microsoft Forefront Identity Manager 2010 Group Policy Templates Issue 3The password reset portal returns the following error message after an IIS Reset:

An unexpected error has occurred.

Added feature that relates to Declarative Provisioning

The following feature is added in this hotfix package:Feature 1This hotfix enables an outgoing synchronization rule to use a flow scope that accommodates more than two resource types.

Fixed issue that relates to Common UI

The following issue is fixed in this hotfix package:Issue 1When there are more than seven UocListViews in a single Resource Control Display Configuration (RCDC), the UocListView is rendered in the wireframe view instead of in the graphical view.

Fixed issues and features that relate to Sync Engine

The following features and issues are fixed in this hotfix package:

Features

Feature 1The hotfix introduces a new registry key, MinimalObjectLogging. This lets less information be logged if an error has occurred during a run. For more information about this registry key, visit the following Microsoft TechNet website:

Registry Keys and Configuration File Settings in FIM 2010 Feature 2This hotfix writes an error message to the event log when a management agent run encounters staging errors.Feature 3A management agent can have several partitions. For example, the management agent for Active Directory can have several partitions where every domain in a forest is a partition. When a whole partition is unselected, all previously imported objects are kept in the connector space. Then, a full import on any other partitions removes all objects that are in an unselected partition.

Issues

Issue 1In rare circumstances when the recycle bin is enabled on Windows Server 2008 R2, you receive error code 0x80230309. Also, you receive the following error message on the management agent for Active Directory:

The dimage indicates an update or replace operation. But the image does not exist.

Issue 2A WMI query for MIIS_RunHistory returns no result.Issue 3The Extensible Connectivity Management Agent (ECMA) has a CustomData property that is used to store the watermark for delta. When the MA encounters an export-not-reimported error, the watermark is not committed. The hotfix commits the CustomData property even if the error occurs.Issue 4When the last member is staged to be exported, a multi-mastered attribute generates the error “attribute not found.” This error occurs when the synchronization engine runs an import that brings in a new member instead of running an export as expected.Issue 5The attribute precedence does not work as expected with Declarative Provisioning and the FIM Service Management Agent.To resolve the issue, perform one of the following operations after you apply this hotfix:

  • Only run full synchronization on the Active Directory Management Agent (MA), which has higher precedence than the FIM MA.

  • Only run the preview commit for the linked CS objects of the bad Metaverse objects on the MA, which has higher precedence than the FIM MA.

Issue 6If you create a new mailbox by using the CreateMailbox method in ExchangeUtils, you may encounter an export-change-not-reimported on the nTSecurityDescriptor attribute. This hotfix corrects the normalization of this attribute.Issue 7In rare cases, the synchronization engine may crash with a multi-mastered member attribute.Issue 8When you change an object type during scripted provisioning, you receive the following error message:

The dimage has a different anchor or primary object class from what is shown on the hologram.

Issue 9When you run MAs in an unexpected order and remove the very last member of a group, you see the error “0x80070057 (The parameter is incorrect.)” on a multi-mastered, multivalued reference attribute, such as a member of a group.Issue 10In rare cases, the sync engine may crash during a delta synchronization.

Fixed issues that relate to Workflow Engine

Issue 1When you change dynamic groups in FIM 2010, it takes a long time for the changes to take effect. This hotfix improves the performance when you make these changes.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.