A hotfix rollup package (build 4.0.3627.2) is available for Forefront Identity Manager 2010

A következőkre vonatkozik: Forefront Identity Manager 2010


A hotfix rollup package (build 4.0.3627.2) is available for Microsoft Forefront Identity Manager (FIM) 2010. This hotfix rollup package resolves some issues and adds some features that are described in the "More Information" section.

Update information

This version of Forefront Identity Manager is affected by the issue that is described in Microsoft Security Advisory 2749655. In this issue, the digital signature on files that are produced and signed by Microsoft will expire prematurely. To resolve the issue for Forefront Identity Manager, install hotfix 2750673 .

Component update packages

The following table contains the component update packages that are available for download from Microsoft Support.
ComponentFile name
FIM 2010 Add-ins and ExtensionsFIMAddinsExtensions_x86_KB2737503.msp FIMAddinsExtensions_x64_KB2737503.msp
FIM 2010 Add-ins and Extensions Language PackFIMAddinsExtensionsLP_x86_KB2737503.msp FIMAddinsExtensionsLP_x64_KB2737503.msp
FIM 2010 Certificate ManagementFIMCM_x86_KB2737503.msp FIMCM_x64_KB2737503.msp
FIM 2010 Certificate Management ClientFIMCMClient_x86_KB2737503.msp FIMCMClient_x64_KB2737503.msp
FIM 2010 Certificate Management Bulk Issuance ClientFIMCMBulkClient_x86_KB2737503.msp
FIM 2010 Service and PortalFIMService_x64_KB2737503.msp
FIM 2010 Service Portal Language PackFIMServiceLP_x64_KB2737503.msp
FIM 2010 Synchronization Service FIMSyncService_x64_KB2737503.msp
FIM 2010 Password Change Notification ServiceFIMPCNS_x86_KB2737503.msp


To apply this update, you must have Forefront Identity Manager 2010 build 4.0.2592.0 or a later build installed.

Restart requirement

You must restart the computer after you apply this update. Additionally, you may have to restart the server components.

Replacement information

This update replaces the following updates:
2688078 A hotfix rollup package (build 4.0.3617.2) is available for Forefront Identity Manager 2010

2635086 Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010

2520954 A hotfix rollup package (build 4.0.3594.2) is available for Forefront Identity Manager 2010

2502631 A hotfix rollup package (build 4.0.3576.2) is available for Forefront Identity Manager 2010

2417774 A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010

2272389 A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010

2028634 A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010

978864 Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010

File information

The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File nameFile sizeDateTime

More Information

Issues that are fixed or features that are added in this update

Fixed issues in FIM Synchronization Service

Issue 1
 The ExchangeUtils:CreateMailbox method requires administrator permissions in Active Directory when the logon SID for an account is provided to the method.

Issue 2
When equal precedence is set on an attribute and a management agent's delta import encounters changes for an object multiple times during the same run, the management agent incorrectly blocks synchronization of the combined changes to the metaverse.

Issue 3
FIM synchronization cannot de-provision user objects in Active Directory when Microsoft Exchange Server has added Active Sync devices.

Issue 4
A management agent that has a large dataset reports "0 is not a valid DN depth" at the end of a full import when the agent processes object obsoletion.

Fixed issues and new features in FIM Service MA

Issue 1
When the Microsoft .NET Framework 4.0 is installed on a computer that is running FIM Sync Engine, FIM MA creation and configuration may fail.

Feature 1
Additional logging is added to the Application log if a nonrecoverable exception is thrown in the FIM MA. This was done to provide better diagnostics for stopped-server errors.

New features in Sets and Query

Feature 1
Adds support to configure the Query and Sets features to treat underscores as literals instead of as SQL wildcard characters.

To enable this feature, the site administrator has to change the Web.config file to include the TreatUnderscoresAsLiterals key at the following location:
<add key="TreatUnderscoresAsLiterals" value="true"/>

The site administrator must do this for each FIM portal that an organization may have configured.


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates