Known issues in this update
After you install this update, rules extensions and custom management agents (MAs) based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may cause a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file (.config) for one of the following processes:
For example, you edit the MIIServer.exe.config file to change the default batch size for processing sync entries for the Forefront Identity Manager (FIM) Service MA. In this situation, the synchronization engine installer for this update can't replace the configuration file to avoid deleting your previous changes. This is because if the configuration file isn't replaced, entries that are required by this update aren't present in the files. Therefore, the synchronization engine does not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.
To fix this issue, follow these steps:
- Back up the MIIServer.exe.config file.
- Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
- Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following content:
<assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="22.214.171.124-126.96.36.199" newVersion="188.8.131.52" />
- Save the changes to the file.
- Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.
- Restart the Forefront Identity Manager Synchronization Service (FIM Synchronization Service).
- Verify that the rules extensions and custom management agents now work as expected.
Service and Portal Setup
The 2013 x64 Visual C++ Redistributable Packages (vcresist_x64.exe) must be installed before you run MIM Service and Portal Setup.
Note There is a problem with the Windows Installer package. A DLL required for this installation to complete could not be run. Contact your support personnel or package vendor.
To fix this issue:
Download the Visual C++ Redistributable Package (vsresist_x64.exe) from the following Windows Download Center link.
Identity Management Portal
After you install this update, the Portal may not be displayed as expected in Internet Explorer. To fix this issue, follow these steps:
- Close all Internet Explorer instances.
- Open the Internet Options control panel.
- Delete all history and cached files.
If this issue persists, make sure that the version of Internet Explorer is 11 or a later version. If you are running versions that are earlier than 11, there may be display inconsistencies when you compare it to the Portal that is displayed in version 11.
Microsoft Download Center
A supported update is available from the Microsoft Download Center. We recommend that all customers apply this update to their production systems.
To apply this update, you must have the following installed:
- The 2013 x64 Visual C++ Redistributable Packages (vsresist_x64.exe)must be installed before you run MIM Service and Portal Setup.
- Microsoft Identity Manager 2016 build 4.4.1302.0
- .NET Framework 4.6 for the following components:
- MIM Service
- MIM Portals (Identity Management, Password Reset, Password Registration)
- MIM PAM
- MIM add-ins and extensions
You must restart the computer after you apply the add-ins and extensions package (Mimaddinsextensions_x(64/86)_kb4469694.msp). You may also have to restart the server components.
This is a cumulative update that replaces all MIM 2016 SP1 updates, from 4.4.1302.0 up to build 184.108.40.206 for Microsoft Identity Manager 2016.
The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Issues fixed and improvements added in this update
Service and Portal
After installing MIM build 220.127.116.11 or 18.104.22.168, the ma-data objects are deleted and not recreated in the FIMService, causing all synchronization rules to fail. After installing this update, this problem no longer happens.
Privileged Access Management
When you use the REST API against Privileged Access Management (PAM), an exception is returned:
PAM REST API could not be started because it could not load file or assembly System.Net.Http.Formatting, Version=22.214.171.124
After you install this update, this issue is resolved.
MIM Identity Management Portal
Prior to installing this update, a member might not be removed from the shadow principal object when a request is closed using the Clod-PAM Request PowerShell cmdlet before the role time to live had expired.
MIM Service and Azure MFA Server Integration
Prior to installing this update, requests make for SSPR with a MIM Service version 126.96.36.199 and SSPR authentication gate configured to use the Azure MFA Server would fail, with the following message in the event log:
Event ID 3: Local MFA server is supported only for STANDART mode
Event ID 3: Exception: Value does not fall within the expected range.; StackTrace: at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AuthenticateLocal(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId)
at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AzureMfaAuthenticate(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId); InnerException null; callStatus=0, errorId=0, Certificate File Path:
Event ID 3: Azure MFA: Authentication Failed. Call Status='', ErrorID='0'
After installing this update, the MIM Service SSPR SMS authentication gate works as expected with the Azure MFA Server.