Hotfix rollup package (build 4.1.3733.0) is available for Forefront Identity Manager 2010 R2

Introduction
A hotfix rollup package (build 4.1.3733.0) is available for Forefront Identity Manager (FIM) 2010 R2. This rollup package resolves some issues and adds some features that are described in the "More Information" section.

Update information

A supported update is available from Microsoft Support. We recommend that all customers apply this update to their production systems.

Microsoft Support

If this update is available for download from Microsoft Support, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Additionally, you can obtain the update from Microsoft Update or from Microsoft Update Catalog.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Known issues in this update

Synchronization Service

After this update is installed, rules extensions and custom management agents (MAs) that are based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may produce a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file (.config) for one of the following processes:
  • MIIServer.exe
  • Mmsscrpt.exe
  • Dllhost.exe
For example, assume you edited the MIIServer.exe.config file to change the default batch size for processing sync entries for the FIM Service MA.
In this situation, the synchronization engine installer for this update intentionally does not replace the configuration file to avoid deleting your previous changes. Because the configuration file is not replaced, entries that are required by this update will not be in the files, and the synchronization engine will not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.

To resolve this issue, follow these steps:
  1. Make a backup copy of the MIIServer.exe.config file.
  2. Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
  3. Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following:

    <dependentAssembly><assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />        <bindingRedirect oldVersion="3.3.0.0-4.1.3.0" newVersion="4.1.4.0" /></dependentAssembly>
  4. Save the changes to the file.
  5. Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.
  6. Restart the Forefront Identity Manager Synchronization Service (FIMSynchronizationService).
  7. Verify that the rules extensions and custom management agents now work as expected.

FIM Reporting
If you want to install FIM Reporting on a new server that has Microsoft System Center 2012 Service Manager Service Pack 1 installed, follow these steps:
  1. Install the FIM 2010 R2 SP1 FIM Service component. To do this, clear the Reporting check box.
  2. Install this hotfix rollup to upgrade FIM Service to build 4.1.3733.0.
  3. Run the change-mode installation for FIM Service, and then add Reporting.

If reporting is enabled, and the change-mode installation is run for FIM Service and Portal components, you must be re-enable reporting. To do this in the FIM Identity Management portal, follow these steps:
  1. In the Administration menu, click All Resources.
  2. Under All Resources, click System Configuration Settings.
  3. Click the System Configuration Settings object, and then open the Properties windows for this object.
  4. Click Extended Attributes, and then select the Reporting Logging Enabled check box.
  5. Click OK, and then click Submit to save the change.

Prerequisites

To apply this update, you must have Microsoft Forefront Identity Manager 2010 build 4.1.3419.0 or a later build installed.

For BHOLD deployments of the BHOLD FIM Integration, Access Management Connector or Reporting modules, you must have hotfix rollup package 2934816 (build 4.3.3510.0) or a later build installed on your FIM servers before you apply this update to the BHOLD modules.

Restart requirement

You must restart the computer after you apply the Add-ins and Extensions (Fimaddinsextensions_xnn_kb3134722.msp) package. Additionally, you may have to restart the server components.

Replacement information

This update replaces update 3092178 (build 4.1.3671.0) for Forefront Identity Manager 2010 R2.

File information

The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File nameFile versionFile sizeDateTimePlatform
Accessmanagementconnector.msiNot Applicable671,74412-Feb-201609:43Not Applicable
Bholdanalytics 5.0.3355.0_release.msiNot Applicable2,707,45612-Feb-201609:32Not Applicable
Bholdattestation 5.0.3355.0_release.msiNot Applicable3,280,89612-Feb-2016:20:20Not Applicable
Bholdcore 5.0.3355.0_release.msiNot Applicable5,021,69612-Feb-201609:21Not Applicable
Bholdfimintegration 5.0.3355.0_release.msiNot Applicable3,534,84812-Feb-201609:56Not Applicable
Bholdmodelgenerator 5.0.3355.0_release.msiNot Applicable3,252,22412-Feb-2016:31:31Not Applicable
Bholdreporting 5.0.3355.0_release.msiNot Applicable1,998,84812-Feb-2016:07:07Not Applicable
Fimaddinsextensionslp_x64_kb3134722.mspNot Applicable3,917,82420-Mar-2016:19:19Not Applicable
Fimaddinsextensionslp_x86_kb3134722.mspNot Applicable1,600,00020-Mar-20160:15Not Applicable
Fimaddinsextensions_x64_kb3134722.mspNot Applicable5,218,81620-Mar-2016:19:19Not Applicable
Fimaddinsextensions_x86_kb3134722.mspNot Applicable4,667,39220-Mar-2016:14:14Not Applicable
Fimcmbulkclient_x86_kb3134722.mspNot Applicable9,148,92820-Mar-2016:14:14Not Applicable
Fimcmclient_x64_kb3134722.mspNot Applicable5,573,63220-Mar-2016:19:19Not Applicable
Fimcmclient_x86_kb3134722.mspNot Applicable5,197,31220-Mar-20160:14Not Applicable
Fimcm_x64_kb3134722.mspNot Applicable33,585,15220-Mar-2016:19:19Not Applicable
Fimcm_x86_kb3134722.mspNot Applicable33,205,76020-Mar-2016:14:14Not Applicable
Fimservicelp_x64_kb3134722.mspNot Applicable12,214,27220-Mar-2016:19:19Not Applicable
Fimservice_x64_kb3134722.mspNot Applicable31,535,61620-Mar-2016:19:19Not Applicable
Fimsyncservice_x64_kb3134722.mspNot Applicable36,318,20820-Mar-201604:19Not Applicable


More information

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM Certificate Management

Issue 1
The Profile Template Settings Report shows incorrect information. It shows that "PIN Rollover" is enabled and that the "Admin PIN" initial value is set even if this is not true. Also, if the Diversify Admin Key setting is enabled, this is not shown in the Profile Template Settings Report.

FIM Synchronization Service

Issue 1
The Export-only file-based ECMA2 connector fails to export deleted objects.

Issue 2
The msDS-UserPasswordExpiryTimeComputed attribute is displayed as an available attribute in the Select Attributes tab of the Active Directory Domain Services (AD DS) management agent. The msDS-UserPasswordExpiryTimeComputed is a computed attribute in AD DS, and it will not be detected by the import operation. As of this update, the attribute is removed from the list of available attributes.

Issue 3
After an authoritative restore of Active Directory objects, AD MA delta import mistakenly detects them as deleted.

Issue 4
Sometimes during "Import Server Configuration" in the FIM synchronization service (MIISClient), the Import Server Configuration dialog box appears to hang.

Issue 5
Running more than one run profile with a synchronization task at the same time is forbidden by documentation and may cause data corruption, but sync engine doesn't prevent it.

Issue 6
A Sync Service hang (high CPU usage) occurs when you stop a run profile for the ECMA connector.

Issue 7
In the GALSync MA, mail address validation fails unexpectedly.

Issue 8
In the GALSync MA, validating an email address from the proxyAddress attribute, prefix "SMTP:" is removed only when written by using capital letters, otherwise validation fails.

FIM add-ins and extensions

Issue 1
The Approval buttons of the Outlook Add-in disappear during certain UI workflows.

FIM Portal

Issue 1
This update enables customizations that have controls shown and hidden, depending on the state of the email enabling check box.

Issue 2
During the 4.1.3671.0 hotfix installation, the database upgrade fails if the FIM Service database name is not the default name of FIMService.

FIM Service

Issue 1
Deadlocks may occur during a request evaluation if a complex Set schema is implemented.

Issue 2
During the installation of build 4.1.3671.0, the database upgrade fails if the FIM Service database name is not set to the default name of FIMService.


BHOLD

Issue 1
There is no option in the UI to remove an alias. The applicationdeletealias function is added for the BHOLD web service.

The function name with ARGs may be passed as an argument for the ExecuteXml method.

Notes
  • userid and applicationid are mandatory arguments.
  • alias is an optional argument. Without the alias argument explicitly defined, the function deletes all aliases for an app-user pair.

Issue 2
BHOLD Core shows error in the LogItems table upon removing roles from a parent.

References
Learn about the terminology Microsoft uses to describe software updates.
Properties

Article ID: 3134722 - Last Review: 04/05/2016 16:22:00 - Revision: 3.0

Microsoft Forefront Identity Manager 2010 R2

  • kbqfe kbsurveynew kbautohotfix kbhotfixserver kbfix kbexpertiseinter kbbug atdownload KB3134722
Feedback