Introduction
Microsoft has released update 1 for Microsoft Forefront Identity Manager (FIM) 2010. This update applies only to FIM 2010 RTM which is also known as build 4.0.2592.0.
This update is recommended for all installations of FIM 2010.Important notes about the cumulative update package
-
Update packages for each FIM component are distributed in separate update files.
-
Detailed information about this update is in the release notes linked in the More Information section.
More Information
How to Obtain Update 1 for FIM 2010
This update is available on the following services:
Download Method |
Components |
All Components |
|
Automatic Updates |
All Components |
For update on Windows XP only |
|
- FIM Add-ins and Extensions |
|
- FIM Add-ins and Extensions LP |
|
- FIM CM Bulk Issuance Client |
|
- FIM CM Client |
Note: We recommend that you test these updates before installing them on any production machines. Please test the update method in test that will be used in production. Important: For the FIM server components, there is a limitation when using Automatic Updates through the Microsoft Update service. Allowing the Windows Update service on Windows Server 2008 to both download and automatically install the update may cause problems with the install. If you choose to use the Windows Update service to download the update package we recommend that you configure the service to download and prompt for installation. This will work around the issue.
Component Update File Information
Component Update Packages
The following table contains the component update packages that are available for download.
Component |
Filename |
FIM 2010 Add-ins and Extensions |
FIMAddinsExtensions_KB978864.msp (Note: versions available for x86 and x64) |
FIM 2010 Add-ins and Extensions Language Pack |
FIMServiceLP_KB978864.msp (Note: versions available for x86 and x64) |
FIM 2010 Certificate Management |
FIMCM_KB978864.msp |
FIM 2010 Certificate Management Bulk Issuance Client |
FIMCMBulkClient_KB978864.msp |
FIM 2010 Certificate Management Client |
FIMCMClient_KB978864.msp (Note: versions available for x86 and x64) |
FIM 2010 Service and Portal |
FIMService_KB978864.msp |
FIM 2010 Service Portal Language Pack |
FIMServiceLP_KB978864.msp |
FIM 2010 Synchronization Service |
FIMSyncService_KB978864.msp |
FIM 2010 Password Change Notification Service |
FIMPCNS_KB978864.msp (Note: versions available for x86 and x64) |
Build Information
Update package 1 for FIM 2010 RTM is also known as build 4.0.3531.2.
Changes Included in This Update Package
This package contains multiple updates to the following FIM feature areas. Most of the updates were things that did not make it into the RTM build of the product but were considered important to address in the first update rollup package. For this reason, this update package contains many more updates than are usually released in a single update package.
This update addresses issues in the following feature areas:-
Setup
-
Synchronization Engine
-
Localization
-
FIM Portal user interface
-
Self-service Password Reset
-
Workflow
-
Sets
Detailed information about things changed can be found in the Changes listed by Component section below.
Before Installing This Update
FIM Service and Portal and FIM Synchronization Service
-
Back up all databases, configuration files, encryption keys, certificates, and custom components.
-
FIM Product Databases
-
FIMSynchronizationService database
-
FIMService database
-
-
Configuration Files
-
FIM Synchronization Service
-
All custom rules extensions for the Synchronization Service
-
All custom management agents for the Synchronization Service
-
All needed data from the MAData folder
-
MIIServer.exe.config file
-
Encryption keys (using the Synchronization Service Key Management tool)
-
-
FIM Service
-
Microsoft.ResourceManagement.Service.exe.config
-
Certificate specified during the FIM Service setup
-
Custom workflows
-
Custom clients
-
-
-
-
FIM Portals
-
Make sure the FIM Portals are available on http://localhost.
-
If you have enabled SSL or for some other reason have made a change so http://localhost isn’t accessible on the FIM Portal server, make the necessary configuration changes so this address is accessible before applying the update. After the update has been installed you can revert the temporary change.
-
-
Close the FIM Synchronization Service Manager before installing the update on the Synchronization server. This will avoid the need to reboot the machine after the update is installed.
-
It is highly recommended that you install the FIM Service and Portal and the FIM Synchronization Service using the UI. Configure Microsoft Update on those servers to either “Download updates but let me choose whether to install them” or “Check for updates but let me choose whether to download and install them.”
FIM Certificate Management
Follow the instructions documented in TechNet for backing up the FIM Certificate Management configuration.FIM CM Backup and Restore Guide
Post-Installation Steps
-
If the FIM Language Pack was installed when you applied this update you must also install the Update 1 Language Pack. If you don’t, a product version mismatch will cause the product to fall back to English.
-
If using the Certificate Management management agent in the FIM Synchronization Service, please update both the FIM Synchronization Service and the FIM Certificate Management Service to Update 1. http://support.microsoft.com/kb/2005585.
To avoid this requirement, please implement binding redirection settings as documented in -
Update 1 adds two new Management Policy Rules (MPRs). The new MPRs are:
-
“Users can create registration objects for themselves” (Action Type: Create)
-
“Users can modify registration objects for themselves” (Action Type: Modify)
-
In the FIM Portal, click Management Policy Rules.
-
Filter the list of MPRs by searching for the term “registration objects.”
-
If you have modified the old “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR, modify the two new MPRs accordingly.
-
Delete the old “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR.
-
Before Uninstalling the FIM Service and Portal Update
If
you must uninstall the Service and Portal update package, do the following:-
Copy the file [FIM Installation Folder]\Service\Microsoft.ResourceManagement.Service.exe.config to a different location so you can copy it back after completing the uninstall.
-
Stop the service FIMService.
-
If the FIM Portal is not located on the same server as the FIM Service, uninstall the update from the FIM Portal server.FIM Installation Guide.
If you have installed on a SharePoint farm, this step will most likely time out. To work around this issue, uninstall the FIM Portal and reinstall it as described in the -
Restore the FIM Service Database to the FIM RTM version. The RTM version of the FIM Service will not start if the database has been updated to FIM 2010 RTM Update 1.
-
Uninstall Update 1 from the Control Panel.
-
On the FIM Service server, in the FIM Service installation folder, open the Microsoft.ResourceManagement.Service.exe.Config file. Replace all occurrences of
•“4.0.3531.2” with “4.0.2592.0” to reconfigure for the RTM build. -
On the FIM Portal server, open the web.config file in the root folder of the web site. Replace all occurrences of
•“4.0.3531.2” with “4.0.2592.0” to reconfigure for the RTM build. -
Copy the file Microsoft.ResourceManagement.Service.exe.config back to its original location.
-
Start the FIM Service.
Changes Listed by Component
FIM Portal
-
In the object picker UOC control, clicking the selected items displays the item clicked in a popup window.
-
X-path lookups in email templates now properly resolve references to object ID that previously returned Display Name.
[//Target/ObjectID] -or- [//Request/ObjectID] -
In the dialog to create a binding object, the DisplayName value is properly retained when navigating forward and backwards in the dialog using the Next and Previous buttons.
-
Approval workflows where the approver is blank, as when a user does not have a manager value, will no longer gets stuck in an unresolved state. Now the workflow instance will fail with the remarks:
WorkflowInstance 'XXXX' could not resolve any of the defined approvers '[//Target/Manager]' -
Update 1 adds two new MPRs. For instructions on how to configure these new MPRs, see the Post-Installation Steps section of this article.
FIM Service
-
A problem in the FIM_DeleteExpiredSysetmObjectsJob SQL Agent that was returning a Primary Key Violation error was fixed.
FIM Certificate Management Bulk Issuance Client
-
The FIM CM Bulk Client has been updated to install and run on Windows 7 32-bit.