Hotfix rollup package (build 4.5.286.0) is available for Microsoft Identity Manager 2016 Service Pack 1

Applies to: Microsoft Identity Manager 2016 SP1

Introduction


A hotfix rollup package (build 4.5.286.0) isavailable for Microsoft Identity Manager (MIM) 2016 Service Pack 1 (SP1). Thisrollup package resolves some issues and adds some improvements that aredescribed in the "Issues fixed and improvements added in this update"section.

Known issues in this update


Synchronization Service

After you install this update, rules extensions and custom management agents (MAs) based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may cause a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file (.config) for one of the following processes:

  • MIIServer.exe
  • Mmsscrpt.exe
  • Dllhost.exe

For example, you edit the MIIServer.exe.config file to change the default batch size for processing sync entries for the Forefront Identity Manager (FIM) Service MA. In this situation, the synchronization engine installer for this update can't replace the configuration file to avoid deleting your previous changes. This is because if the configuration file isn't replaced, entries that are required by this update aren't present in the files. Therefore, the synchronization engine does not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.

To fix this issue, follow these steps:

  1. Back up the MIIServer.exe.config file.
  2. Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
  3. Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following content:

<dependentAssembly>

<assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />

<bindingRedirect oldVersion="3.3.0.0-4.1.3.0" newVersion="4.1.4.0" />

</dependentAssembly>

  1. Save the changes to the file.
  2. Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.
  3. Restart the Forefront Identity Manager Synchronization Service (FIM Synchronization Service).
  4. Verify that the rules extensions and custom management agents now work as expected.

Service and Portal Setup

The 2013 x64 Visual C++ Redistributable Packages (vcresist_x64.exe) must be installed before you run MIM Service and Portal Setup.

Associated error:

Note There is a problem with the Windows Installer package. A DLL required for this installation to complete could not be run. Contact your support personnel or package vendor.

To fix this issue:

Download the Visual C++ Redistributable Package (vsresist_x64.exe) from the following Windows Download Center link.

Visual C++ Redistributable Package

Identity Management Portal

After you install this update, the Portal may not be displayed as expected in Internet Explorer. To fix this issue, follow these steps:

  1. Close all Internet Explorer instances.
  2. Open the Internet Options control panel.
  3. Delete all history and cached files.

If this issue persists, make sure that the version of Internet Explorer is 11 or a later version. If you are running versions that are earlier than 11, there may be display inconsistencies when you compare it to the Portal that is displayed in version 11.

Update information


Microsoft Download Center

A supported update is available from the Microsoft Download Center. We recommend that all customers apply this update to their production systems.

Download the update for Microsoft Identity Manager 2016 SP1 (KB4469694) now.

Prerequisites

To apply this update, you must have the following installed:

  • The 2013 x64 Visual C++ Redistributable Packages (vsresist_x64.exe)must be installed before you run MIM Service and Portal Setup.
  • Microsoft Identity Manager 2016 build 4.4.1302.0
  • .NET Framework 4.6 for the following components:
    • MIM Service
    • MIM Portals (Identity Management, Password Reset, Password Registration)
    • MIM PAM
    • MIM add-ins and extensions

Restart requirement

You must restart the computer after you apply the add-ins and extensions package (Mimaddinsextensions_x(64/86)_kb4469694.msp). You may also have to restart the server components.

Replacement information

This is a cumulative update that replaces all MIM 2016 SP1 updates, from 4.4.1302.0 up to build 4.5.202.0 for Microsoft Identity Manager 2016.

file information


The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File name

File version

File size

Date

Time

Mimaddinsextensions_x64_kb4469694.msp

Not Applicable

7,573,504

21-Nov-2018

03:24

Mimaddinsextensions_x86_kb4469694.msp

Not Applicable

3,272,704

21-Nov-2018

03:23

Mimcmbulkclient_x86_kb4469694.msp

Not Applicable

7,401,472

21-Nov-2018

03:23

Mimcmclient_x64_kb4469694.msp

Not Applicable

7,581,696

21-Nov-2018

03:24

Mimcmclient_x86_kb4469694.msp

Not Applicable

7,196,672

21-Nov-2018

03:26

Mimcm_x64_kb4469694.msp

Not Applicable

16,457,728

21-Nov-2018

03:24

Mimservice_x64_kb4469694.msp

Not Applicable

39,763,968

21-Nov-2018

03:27

Mimsyncservice_x64_kb4469694.msp

Not Applicable

22,237,184

21-Nov-2018

03:27

Issues fixed and improvements added in this update


Service and Portal

MIM Service

After installing MIM build 4.5.26.0 or 4.5.202.0, the ma-data objects are deleted and not recreated in the FIMService, causing all synchronization rules to fail.  After installing this update, this problem no longer happens.

Privileged Access Management

When you use the REST API against Privileged Access Management (PAM), an exception is returned: 

PAM REST API could not be started because it could not load file or assembly System.Net.Http.Formatting, Version=5.2.2.0

After you install this update, this issue is resolved. 

MIM Identity Management Portal

Prior to installing this update, a member might not be removed from the shadow principal object when a request is closed using the Clod-PAM Request PowerShell cmdlet before the role time to live had expired.

MIM Service and Azure MFA Server Integration

Prior to installing this update, requests make for SSPR with a MIM Service version 4.5.202.0 and SSPR authentication gate configured to use the Azure MFA Server would fail, with the following message in the event log:

          Event ID 3: Local MFA server is supported only for STANDART mode

Event ID 3: Exception: Value does not fall within the expected range.; StackTrace: at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AuthenticateLocal(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId)
at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AzureMfaAuthenticate(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId); InnerException null; callStatus=0, errorId=0, Certificate File Path:

Event ID 3: Azure MFA: Authentication Failed. Call Status='', ErrorID='0'

After installing this update, the MIM Service SSPR SMS authentication gate works as expected with the Azure MFA Server.

References


Microsoft Identity Manager release history

Learn about the terminology that Microsoft uses to describe software updates.