A hotfix rollup package (build 4.1.2515.0) is available for Forefront Identity Manager 2010 R2

Applies to: Forefront Identity Manager 2010 R2


A hotfix rollup package (build 4.1.2515.0) is available for Microsoft Forefront Identity Manager (FIM) 2010 R2. The hotfix rollup package resolves some issues and adds some features that are described in the "More Information" section. Additionally, this update contains all servicing fixes that were made since the release of FIM 2010 R2.


Update information

This version of Forefront Identity Manager is affected by the issue that is described in Microsoft Security Advisory 2749655. In this issue, the digital signature on files that are produced and signed by Microsoft expire prematurely. To resolve this issue for Forefront Identity Manager, install update 2750671.
2750671 A hotfix rollup package (build 4.1.2548.0) is available for Forefront Identity Manager 2010 R2
A supported update is available from Microsoft. We recommend that all customers apply this update to their production systems.

Microsoft Support

The following files are available for download from the Microsoft Download Center:
ComponentFile name
FIM 2010 R2 Add-ins and ExtensionsFIMAddinsExtensions_xnn_KB2734159.msp

Note Versions are available for x86 and for x64.
FIM 2010 R2 Add-ins and Extensions Language PackFIMAddinsExtensionsLP_xnn_KB2734159.msp

Note Versions are available for x86 and for x64.
FIM 2010 R2 Certificate ManagementFIMCM_xnn_KB2734159.msp

Note Versions are available for x86 and for x64.
FIM 2010 R2 Certificate Management ClientFIMCMClient_xnn_KB2734159.msp

Note Versions are available for x86 and for x64.
FIM 2010 R2 Service and PortalFIMService_x64_KB2734159.msp
FIM 2010 R2 Service Portal Language PackFIMServiceLP_x64_KB2734159.msp
FIM 2010 R2 Synchronization Service FIMSyncService_x64_KB2734159.msp


To apply this hotfix, you must have FIM 2010 R2 (build 4.1.2273.0) installed.

Restart requirement

You must restart the computer after you apply the FIM 2010 R2 Add-ins and Extensions component. Additionally, you may have to restart the server components.

File information

The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
File nameFile sizeDateTime

More Information

Issues that are fixed and features that are added in this update

Issues that are fixed in the FIM Portals

Issue 1
This update adds support to FIM Password Portals for user names that contain Unicode characters.
Issue 2
This update fixes a Sync Manager issue in which no results are returned when you search for all results by using the Advanced Filter.

Issues that are fixed in FIM Synchronization Service

Issue 1
This update adds support to the Sync Manager for folders and files names that contain Unicode characters.
Issue 2
When you perform an upgrade installation for FIM 2010 R2, the setup of the FIM 2010 R2 Synchronization Service fails during the database conversion stage.

When this issue occurs, contact Microsoft Support to obtain a tool that can be used to upgrade the database separately. Then, configure the FIM 2010 R2 installation so that the Synchronization Service setup installs a blank database. Finally, apply the tool to that database. When the upgrade of the database is complete, you can run the Setup program again and configure the installation to point to the upgraded database.

To resolve the issue, use the StoreChk.exe tool from the 4.1.2515.2 build of FIM 2010 R2 to upgrade the database. To do this, follow these steps:
  1. Perform a full installation of the FIM 2010 R2 Synchronization Service, and direct the Setup program to create a new FIMSynchronizationService database.

    Note You must install FIM 2010 R2 Synchronization Service so that you can run the StoreChk.exe tool on the original database in order to complete the database update.
  2. After the full installation is complete, run the StoreChk.exe tool to upgrade the FIM Synchronization Service database. The StoreChk.exe tool is located in the Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin folder.
  3. After the database upgrade is complete, perform the following actions:
    1. Stop the FIMSynchronizationService service.
    2. Point the FIMSynchronizationService service to the correct database in the registry. To do this, change the DBName value under the following registry subkey:
    3. Start the FIMSynchronizationService service.
Issue 3
Fixed an issue in which FIM sync cannot de-provision user's objects in Active Directory when Exchange 2010 has added Active Sync Devices.
Issue 4
In a large scale connector space, data in the obsoletion list becomes unsynchronized during a full import operation. When this issue occurs, the operation returns an error that resembles the following:
0 is not a valid DN depth

Issues that are fixed in the FIM Service

Issue 1
Assume that you have a set or a group that uses tabular functions in a FIM 2010 R2 environment. The set or group contains multiple condition statements that contain the "=" character and that are divided by the "or" word in an attribute (for example, the condition statement is /Person[(FirstName="John") or (FirstName =" Bill ")]). After you upgrade the environment to FIM 2010 R2, the nightly job that maintains sets and groups unexpectedly removes certain members from this set.

Issues that are fixed in the FIM Service SQL Server Agent job

Issue 1
This update changes the behavior of the FIM_TemporalEventsJob SQL Server Agent job. This SQL Server Agent job now has improved performance that reduces the possibility that other requests are blocked in SQL Server.

Issues that are fixed in FIM Certificate Management

Issue 1
This update fixes various issues in Certificate Management to improve error messages handling.

Issues that are fixed in the Password Change Notification Service

Issue 1
Assume that you run Password Change Notification Service (PCNS) setup together with the SCHEMAUPDATE=TRUE option, and the schema is updated successfully. In this situation, an error message is unexpectedly displayed at the end of the setup process.

After this update is installed, the Setup program does not display the error message when the schema update is successful.


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates