Update informationA supported update is available from Microsoft Support. We recommend that all customers apply this update to their production systems.
Microsoft SupportIf this update is available for download from Microsoft Support, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Additionally, you can obtain the update from Microsoft Update or from Microsoft Update Catalog.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Known issues in this updateSynchronization Service
After this update is installed, rules extensions and custom management agents (MAs) that are based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may produce a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file (.config) for one of the following processes:
In this situation, the synchronization engine installer for this update intentionally does not replace the configuration file to avoid deleting your previous changes. Because the configuration file is not replaced, entries that are required by this update will not be in the files, and the synchronization engine will not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.
To resolve this issue, follow these steps:
- Make a backup copy of the MIIServer.exe.config file.
- Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
- Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following:
<assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="126.96.36.199-188.8.131.52" newVersion="184.108.40.206" />
- Save the changes to the file.
- Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.
- Restart the Forefront Identity Manager Synchronization Service (FIMSynchronizationService).
- Verify that the rules extensions and custom management agents now work as expected.
FIM ReportingIf you want to install FIM Reporting on a new server that has Microsoft System Center 2012 Service Manager Service Pack 1 installed, follow these steps:
- Install the FIM 2010 R2 SP1 FIM Service component. To do this, clear the Reporting check box.
- Install this hotfix rollup to upgrade FIM Service to build 4.1.3733.0.
- Run the change-mode installation for FIM Service, and then add Reporting.
If reporting is enabled, and the change-mode installation is run for FIM Service and Portal components, you must be re-enable reporting. To do this in the FIM Identity Management portal, follow these steps:
- In the Administration menu, click All Resources.
- Under All Resources, click System Configuration Settings.
- Click the System Configuration Settings object, and then open the Properties windows for this object.
- Click Extended Attributes, and then select the Reporting Logging Enabled check box.
- Click OK, and then click Submit to save the change.
PrerequisitesTo apply this update, you must have Microsoft Forefront Identity Manager 2010 build 4.1.3419.0 or a later build installed.
For BHOLD deployments of the BHOLD FIM Integration, Access Management Connector or Reporting modules, you must have hotfix rollup package 2934816 (build 4.3.3510.0) or a later build installed on your FIM servers before you apply this update to the BHOLD modules.
Restart requirementYou must restart the computer after you apply the Add-ins and Extensions (Fimaddinsextensions_xnn_kb3134722.msp) package. Additionally, you may have to restart the server components.
Replacement informationThis update replaces update 3092178 (build 4.1.3671.0) for Forefront Identity Manager 2010 R2.
File informationThe global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
|Accessmanagementconnector.msi||Not Applicable||671,744||12-Feb-2016||09:43||Not Applicable|
|Bholdanalytics 5.0.3355.0_release.msi||Not Applicable||2,707,456||12-Feb-2016||09:32||Not Applicable|
|Bholdattestation 5.0.3355.0_release.msi||Not Applicable||3,280,896||12-Feb-2016||:20:20||Not Applicable|
|Bholdcore 5.0.3355.0_release.msi||Not Applicable||5,021,696||12-Feb-2016||09:21||Not Applicable|
|Bholdfimintegration 5.0.3355.0_release.msi||Not Applicable||3,534,848||12-Feb-2016||09:56||Not Applicable|
|Bholdmodelgenerator 5.0.3355.0_release.msi||Not Applicable||3,252,224||12-Feb-2016||:31:31||Not Applicable|
|Bholdreporting 5.0.3355.0_release.msi||Not Applicable||1,998,848||12-Feb-2016||:07:07||Not Applicable|
|Fimaddinsextensionslp_x64_kb3134722.msp||Not Applicable||3,917,824||20-Mar-2016||:19:19||Not Applicable|
|Fimaddinsextensionslp_x86_kb3134722.msp||Not Applicable||1,600,000||20-Mar-2016||0:15||Not Applicable|
|Fimaddinsextensions_x64_kb3134722.msp||Not Applicable||5,218,816||20-Mar-2016||:19:19||Not Applicable|
|Fimaddinsextensions_x86_kb3134722.msp||Not Applicable||4,667,392||20-Mar-2016||:14:14||Not Applicable|
|Fimcmbulkclient_x86_kb3134722.msp||Not Applicable||9,148,928||20-Mar-2016||:14:14||Not Applicable|
|Fimcmclient_x64_kb3134722.msp||Not Applicable||5,573,632||20-Mar-2016||:19:19||Not Applicable|
|Fimcmclient_x86_kb3134722.msp||Not Applicable||5,197,312||20-Mar-2016||0:14||Not Applicable|
|Fimcm_x64_kb3134722.msp||Not Applicable||33,585,152||20-Mar-2016||:19:19||Not Applicable|
|Fimcm_x86_kb3134722.msp||Not Applicable||33,205,760||20-Mar-2016||:14:14||Not Applicable|
|Fimservicelp_x64_kb3134722.msp||Not Applicable||12,214,272||20-Mar-2016||:19:19||Not Applicable|
|Fimservice_x64_kb3134722.msp||Not Applicable||31,535,616||20-Mar-2016||:19:19||Not Applicable|
|Fimsyncservice_x64_kb3134722.msp||Not Applicable||36,318,208||20-Mar-2016||04:19||Not Applicable|
Issues that are fixed or features that are added in this updateThis update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
FIM Certificate Management
Issue 1The Profile Template Settings Report shows incorrect information. It shows that "PIN Rollover" is enabled and that the "Admin PIN" initial value is set even if this is not true. Also, if the Diversify Admin Key setting is enabled, this is not shown in the Profile Template Settings Report.
FIM Synchronization Service
Issue 1The Export-only file-based ECMA2 connector fails to export deleted objects.
Issue 2The msDS-UserPasswordExpiryTimeComputed attribute is displayed as an available attribute in the Select Attributes tab of the Active Directory Domain Services (AD DS) management agent. The msDS-UserPasswordExpiryTimeComputed is a computed attribute in AD DS, and it will not be detected by the import operation. As of this update, the attribute is removed from the list of available attributes.
Issue 3After an authoritative restore of Active Directory objects, AD MA delta import mistakenly detects them as deleted.
Issue 4Sometimes during "Import Server Configuration" in the FIM synchronization service (MIISClient), the Import Server Configuration dialog box appears to hang.
Issue 5Running more than one run profile with a synchronization task at the same time is forbidden by documentation and may cause data corruption, but sync engine doesn't prevent it.
Issue 6A Sync Service hang (high CPU usage) occurs when you stop a run profile for the ECMA connector.
Issue 7In the GALSync MA, mail address validation fails unexpectedly.
Issue 8In the GALSync MA, validating an email address from the proxyAddress attribute, prefix "SMTP:" is removed only when written by using capital letters, otherwise validation fails.
FIM add-ins and extensions
Issue 1The Approval buttons of the Outlook Add-in disappear during certain UI workflows.
Issue 1This update enables customizations that have controls shown and hidden, depending on the state of the email enabling check box.
Issue 2During the 4.1.3671.0 hotfix installation, the database upgrade fails if the FIM Service database name is not the default name of FIMService.
Issue 1Deadlocks may occur during a request evaluation if a complex Set schema is implemented.
Issue 2During the installation of build 4.1.3671.0, the database upgrade fails if the FIM Service database name is not set to the default name of FIMService.
Issue 1There is no option in the UI to remove an alias. The applicationdeletealias function is added for the BHOLD web service.
The function name with ARGs may be passed as an argument for the ExecuteXml method.
- userid and applicationid are mandatory arguments.
- alias is an optional argument. Without the alias argument explicitly defined, the function deletes all aliases for an app-user pair.
Issue 2BHOLD Core shows error in the LogItems table upon removing roles from a parent.
Article ID: 3134722 - Last Review: Apr 5, 2016 - Revision: 1