IntroductionA hotfix rollup package (build 4.0.3576.2) is available for Microsoft Forefront Identity Manager (FIM) 2010.
This hotfix rollup package includes all the previous hotfixes that are described in the following Microsoft Knowledge Base (KB) article:
This hotfix rollup package also resolves some issues and provides some features that were not documented in a previously released KB article. For more information about these issues and features, see the "More information" section.
Hotfix Rollup informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
- If you upgrade any of the FIM server components, you must also upgrade the following server components:
- The FIM Certificate Management (CM) certification authority (CA) components to the same version as the FIM CM server.
- The FIM Service to the same version as the FIM Synchronization Service.
- To avoid a Bulk Client failure, you must also upgrade the FIM CM server and FIM CA server modules to the same version if you upgrade the FIM 2010 CM Bulk Client.
PrerequisitesTo apply this hotfix rollup package, you must have Forefront Identity Manager (FIM) 2010 installed.
Restart requirementYou must restart the computer after you apply the Add-ins and Extensions hotfix rollup package. Additionally, you may have to restart the server components.
Hotfix replacement informationThis hotfix rollup package replaces the following hotfix rollup packages:
File informationThe global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
For all supported versions of FIM 2010
|File name||File version||File size||Date||Time|
|Fim cm bulk client.zip||Not applicable||10,229,616||15-Mar-2011||09:01|
Resolved issues and features that are related to Certificate ManagementIssue 1
When the FIM CM Update Service and CM policy modules do not have the same version, the FIM CM auto-enroll policy module may process requests incorrectly.
If you use the FIM Certificate Management (CM) Client to set the ALLOW_SSO parameter to YES in the PIN rule for smart cards, you receive an error message that resembles the following:
This hotfix rollup package adds support that uses key pairs for data encryption in FIM CM. The key pairs are stored by using a key storage provider.
This hotfix rollup package adds support that lets you run the FIM 2010 CM Bulk Client in Windows 7.
Resolved issues and features that are related to Synchronization ServiceIssue 1
When a Management Agent (MA) is running in 32-bit mode, password reset operations do not work. For example, this issue occurs when you run an out-of-box SAP MA.
The performance of the SQL MA is slow. After you install this package, indexing operations are improved, and the performance of the SQL MA is 25 percent faster.
When you try to rename an object that is re-created in the Sync Engine, you receive an error message that resembles the following:
When a metaverse object is removed, you receive the following exception if a detected rule entry (DRE) is not removed:
If the service account for FIM Sync is the same account that is used by an Active Directory MA (AD MA), the service account can be used for connecting to AD by leaving the password empty in the AD MA. Additionally, you do not have to update the password for the account in the AD MA when the password of the service account is changed.
Note Do not use this feature when you use the AD MA for Exchange provisioning.
This hotfix adds support to let you export subattributes in Sun Directory Services LDAP.
Subattributes are managed in a second MA. The primary MA imports and exports all attributes except subattributes. If there are several subattributes that are in relation to an attribute, additional MAs may be necessary.
All object operations that are add or delete operations are performed from the primary MA only.
To configure the second MA to use subattributes, create the iPlanetMAOptionExporting DWORD registry entry in the following registry subkey, and then set the value of the registry entry to 1:
For more information about the iPlanetMAOptionFiltering registry entry, click the following article number to view the article in the Microsoft Knowledge Base:
When the new export feature is enabled, all attributes except objectClass and DN are exported by appending a semicolon and the value of the iPlanetMAOptionFiltering registry entry to the attributes. Other functionality remains the same, and errors for attributes that do not contain options are handled the same.
The filtering and exporting options are intended for a secondary instance of Sun MA. A join rule is required to make sure that multiple CS representations of a Sun directory object are joined to the same MV object. A join rule on the second MA is defined by using the DN attribute. The primary MA must be configured to move from this attribute to an attribute in the metaverse.
Resolved issues that are related to the FIM PortalIssue 1
Consider the following scenario:
- You try to find users by using the Object Picker.
- You put the cursor into the text box by pressing Home or by using the mouse.
If you add multiple items into the Object Picker, you may receive an error.
Resolved issues and features that are related to FIM ServiceIssue 1
When you approve multiple requests by using a batch operation, the batch operation may time out.
You run a stored procedure to process lots of requests that contain some collateral requests or to process some requests that contain lots of collateral requests. In this scenario, the procedure may stop responding. Additionally, the FIM SQL server or the computer that is running FIM service may use the CPU excessively. For example, this issue may occur when the stored procedure tries to cancel a collateral request.
When a string attribute that has multiple values is changed, an error may occur if the Sets are defined by using the starts-with function.
When an object type that is referenced in Set filters is deleted or re-created, the Set memberships may be incorrect. After you apply this hotfix rollup package, the object types that are referenced in Set filters cannot be deleted.
When multiple concurrent requests involve object set transitions, the requests may fail. This issue occurs because a duplicate key SQL exception is generated.
Resolved issue that is related to FIM Service MAIssue 1
When you run a delta import on the FIM service MA, the following exception occurs:
Resolved issue that is related to SetupIssue 1
After you install a hotfix that is a newer version than FIM 2010 version 4.0.3568.2, a FIM MA failure occurs if Update package 1 for FIM 2010 release version (build 4.0.3531.2) is not already installed.
Therefore, this issue occurs after you install hotfix 2417774 (build 4.0.3573.2) on the release version directly.
Article ID: 2502631 - Last Review: Mar 23, 2011 - Revision: 1