Applies ToForefront Identity Manager 2010

Introduction

Microsoft has released update 1 for Microsoft Forefront Identity Manager (FIM) 2010. This update applies only to FIM 2010 RTM which is also known as build 4.0.2592.0. This update is recommended for all installations of FIM 2010.

Important notes about the cumulative update package

  • Update packages for each FIM component are distributed in separate update files.

  • Detailed information about this update is in the release notes linked in the More Information section.

More Information

How to Obtain Update 1 for FIM 2010

This update is available on the following services:

Download Method

Components

Microsoft Update Catalog

All Components

Automatic Updates

All Components

Windows Update site

For update on Windows XP only

- FIM Add-ins and Extensions

- FIM Add-ins and Extensions LP

- FIM CM Bulk Issuance Client

- FIM CM Client

Note: We recommend that you test these updates before installing them on any production machines. Please test the update method in test that will be used in production.Important: For the FIM server components, there is a limitation when using Automatic Updates through the Microsoft Update service. Allowing the Windows Update service on Windows Server 2008 to both download and automatically install the update may cause problems with the install. If you choose to use the Windows Update service to download the update package we recommend that you configure the service to download and prompt for installation. This will work around the issue.

Component Update File Information

Component Update Packages

The following table contains the component update packages that are available for download.

Component

Filename

FIM 2010 Add-ins and Extensions

FIMAddinsExtensions_KB978864.msp(Note: versions available for x86 and x64)

FIM 2010 Add-ins and Extensions Language Pack

FIMServiceLP_KB978864.msp(Note: versions available for x86 and x64)

FIM 2010 Certificate Management

FIMCM_KB978864.msp

FIM 2010 Certificate Management Bulk Issuance Client

FIMCMBulkClient_KB978864.msp

FIM 2010 Certificate Management Client

FIMCMClient_KB978864.msp(Note: versions available for x86 and x64)

FIM 2010 Service and Portal

FIMService_KB978864.msp

FIM 2010 Service Portal Language Pack

FIMServiceLP_KB978864.msp

FIM 2010 Synchronization Service

FIMSyncService_KB978864.msp

FIM 2010 Password Change Notification Service

FIMPCNS_KB978864.msp(Note: versions available for x86 and x64)

Build Information

Update package 1 for FIM 2010 RTM is also known as build 4.0.3531.2.

Changes Included in This Update Package

This package contains multiple updates to the following FIM feature areas. Most of the updates were things that did not make it into the RTM build of the product but were considered important to address in the first update rollup package. For this reason, this update package contains many more updates than are usually released in a single update package. This update addresses issues in the following feature areas:

  • Setup

  • Synchronization Engine

  • Localization

  • FIM Portal user interface

  • Self-service Password Reset

  • Workflow

  • Sets

Detailed information about things changed can be found in the Changes listed by Component section below.

Before Installing This Update

FIM Service and Portal and FIM Synchronization Service

  1. Back up all databases, configuration files, encryption keys, certificates, and custom components.

    1. FIM Product Databases

      • FIMSynchronizationService database

      • FIMService database

    2. Configuration Files

      • FIM Synchronization Service

        • All custom rules extensions for the Synchronization Service

        • All custom management agents for the Synchronization Service

        • All needed data from the MAData folder

        • MIIServer.exe.config file

        • Encryption keys (using the Synchronization Service Key Management tool)

      • FIM Service

        • Microsoft.ResourceManagement.Service.exe.config

        • Certificate specified during the FIM Service setup

        • Custom workflows

        • Custom clients

  2. FIM Portals

    • Make sure the FIM Portals are available on http://localhost.

    • If you have enabled SSL or for some other reason have made a change so http://localhost isn’t accessible on the FIM Portal server, make the necessary configuration changes so this address is accessible before applying the update. After the update has been installed you can revert the temporary change.

  3. Close the FIM Synchronization Service Manager before installing the update on the Synchronization server. This will avoid the need to reboot the machine after the update is installed.

  4. It is highly recommended that you install the FIM Service and Portal and the FIM Synchronization Service using the UI. Configure Microsoft Update on those servers to either “Download updates but let me choose whether to install them” or “Check for updates but let me choose whether to download and install them.

FIM Certificate Management

Follow the instructions documented in TechNet for backing up the FIM Certificate Management configuration.FIM CM Backup and Restore Guide

Post-Installation Steps

  1. If the FIM Language Pack was installed when you applied this update you must also install the Update 1 Language Pack. If you don’t, a product version mismatch will cause the product to fall back to English.

  2. If using the Certificate Management management agent in the FIM Synchronization Service, please update both the FIM Synchronization Service and the FIM Certificate Management Service to Update 1. To avoid this requirement, please implement binding redirection settings as documented in http://support.microsoft.com/kb/2005585.

  3. Update 1 adds two new Management Policy Rules (MPRs).  The new MPRs are:

    • “Users can create registration objects for themselves” (Action Type: Create)

    • “Users can modify registration objects for themselves” (Action Type: Modify)

    These new MPRs are intended to replace the “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR. If you have modified the old “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR, you will need to apply those modifications to the new MPRs before you delete the old MPR. To do this, follow these steps:

    1. In the FIM Portal, click Management Policy Rules.

    2. Filter the list of MPRs by searching for the term “registration objects.”

    3. If you have modified the old “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR, modify the two new MPRs accordingly.

    4. Delete the old “Users can create registration objects for themselves” (Action Type: Create, Modify) MPR.

Before Uninstalling the FIM Service and Portal Update

Ifyou must uninstall the Service and Portal update package, do the following:

  1. Copy the file [FIM Installation Folder]\Service\Microsoft.ResourceManagement.Service.exe.config to a different location so you can copy it back after completing the uninstall.

  2. Stop the service FIMService.

  3. If the FIM Portal is not located on the same server as the FIM Service, uninstall the update from the FIM Portal server.If you have installed on a SharePoint farm, this step will most likely time out. To work around this issue, uninstall the FIM Portal and reinstall it as described in the FIM Installation Guide.

  4. Restore the FIM Service Database to the FIM RTM version. The RTM version of the FIM Service will not start if the database has been updated to FIM 2010 RTM Update 1.

  5. Uninstall Update 1 from the Control Panel.

  6. On the FIM Service server, in the FIM Service installation folder, open the Microsoft.ResourceManagement.Service.exe.Config file. Replace all occurrences of •“4.0.3531.2” with “4.0.2592.0” to reconfigure for the RTM build.

  7. On the FIM Portal server, open the web.config file in the root folder of the web site. Replace all occurrences of•“4.0.3531.2” with “4.0.2592.0” to reconfigure for the RTM build.

  8. Copy the file Microsoft.ResourceManagement.Service.exe.config back to its original location.

  9. Start the FIM Service.

Changes Listed by Component

FIM Portal

  • In the object picker UOC control, clicking the selected items displays the item clicked in a popup window.

  • X-path lookups in email templates now properly resolve references to object ID that previously returned Display Name.[//Target/ObjectID] -or- [//Request/ObjectID]

  • In the dialog to create a binding object, the DisplayName value is properly retained when navigating forward and backwards in the dialog using the Next and Previous buttons.

  • Approval workflows where the approver is blank, as when a user does not have a manager value, will no longer gets stuck in an unresolved state. Now the workflow instance will fail with the remarks:WorkflowInstance 'XXXX' could not resolve any of the defined approvers '[//Target/Manager]'

  • Update 1 adds two new MPRs.  For instructions on how to configure these new MPRs, see the Post-Installation Steps section of this article.

FIM Service

  • A problem in the FIM_DeleteExpiredSysetmObjectsJob SQL Agent that was returning a Primary Key Violation error was fixed.

FIM Certificate Management Bulk Issuance Client

  • The FIM CM Bulk Client has been updated to install and run on Windows 7 32-bit.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.