Applies ToMicrosoft Identity Manager 2016 SP2 Identity Manager 2016 Forefront Identity Manager 2010

Content provided by Microsoft  

Applies to: Microsoft Identity Manager 2016 SP2   

Introduction  

A hotfix rollup package (build 4.6.607.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package resolves some issues and adds some improvements that are described in the "Issues fixed and improvements added in this update" section.  

Update information  

Microsoft Download Center  

A supported update is available from the Microsoft Download Center. We recommend that all customers apply this update to their production systems.  

Download the update for Microsoft Identity Manager 2016 SP2 (KB55009981) now.  

Prerequisites  

To apply this update, you must have the following installed:  

Microsoft Identity Manager 2016 Service Pack 2 (SP2) build 4.6.34.0  or later 

Known Issues

MIM Service and Portal

MIM Service hotfix may fail to install with UpdateAppConfigSettingsInPatch custom action error reported if you have modified MIM Service configuration file and removed default sources from <diagnostics> section keeping <dynamicLogging mode="true"> enabled. Remove <dynamicLogging mode="true"> section from MIM Service configuration file if installer fails with this error and re-apply this hotfix.

MIM Service build 4.6.607.0 hotfix may fail to install when Group-Managed Service Account (gMSA) is used. To work around this issue, update the following registry key value to replace with "None" before running the update:  

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Service\MailServerType

After the update is successfully installed, change back to the original value.  

MIM Service and Portal Language Packs

When you install MIM Service and Portal language pack update, due to localization fixes, all default localized RCDC resource strings, constants, localized attribute names and localized binding names are overwritten with new values. Make sure to back up changes you made to default localized values before applying this hotfix and manually revert them back after the hotfix is installed, manually import them back and restart IIS.

Restart requirement  

You must restart the computer after you apply the add-ins and extensions package (MIMAddinsExtensions_x(64/86)_ 5009981.msp). You may also have to restart the server components. 

After installing this update, it's highly recommended to clear the browser cache on all systems that access the MIM Portal.  

File information  

 The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.  

File name

File size

Date

Time

MIMAddinsExtensions_x64_KB5009981.msp

11,833,344

28-January-2022

07:44 pm

MIMAddinsExtensions_x86_KB5009981.msp

4,775,936

28-January-2022

07:15 pm

MIMAddinsExtensionsLP_x64_KB5009981.msp

4,304,896

28-January-2022

07:47 pm

MIMAddinsExtensionsLP_x86_KB5009981.msp

3,104,768

28-January-2022

07:16 pm

MIMService_x64_KB5009981.msp

136,998,912

28-January-2022

07:45 pm

MIMServiceLP_x64_KB5009981.msp

13,766,656

28-January-2022

07:47 pm

MIMSyncService_x64_KB5009981.msp

28,008,448

28-January-2022

05:10 pm

Issues fixed and improvements added in this update    

MIM PAM

  • MIM PAM Monitor and MIM PAM Component services performance improvements.

  • Fixed an issue with incorrect calculation of Active Directory Domain Services Forest Functional Level.

  • Fixed an issue with SIDHistory-enabled Active Directory groups created by ‘new-PAMGroup’ cmdlet instead of ‘msDS-ShadowPrincipal’ objects.

  • Fixed an issue with ‘Remove-PAMRole’ cmdlet failures when expired PAM requests exist in MIM Service.

  • Fixed an issue with ‘Microsoft.ResourceManagement.DefaultPAMSource’ event log source not registered by MIM Service installer.

  • Fixed an issue with setup failures when Active Directory domain name case does not match Windows Server reported domain name case.

MIM Service and Portal 

  • Fixed rendering issues with Navigation Bar in selected browsers.

  • Fixed an issue with ‘Export-FIMConfig’ cmdlet failure when ‘-AllLocales’ switch is specified and language neutral attribute description is missing.

  • Fixed an issue with ‘ReplaceString’ synchronization rule expression failures when parentheses are specified as a part of the search pattern.

  • Fixed an issue with 448 characters limit of ‘UocCommonMultiValueControl’ element when unindexed strings are used.

  • Fixed an issue with identity picker control freezes when a large number of objects is selected.

  • Fixed an issue with MIM service requests stuck in ‘PostProcessing’ state when MIM Hybrid Reporting is enabled.

  • Improved MIM Hybrid Reporting data cleanup process.

  • Fixed an issue with installer failures when MIM Portal is installed on a separate machine from MIM Service.

  • Improved SQL Agent temporal jobs to maintain custom object types with dynamic membership.

  • Fixed an issue with delayed removal of static group members from ‘computed members’ property imported into MIM Synchronization Service.

  • Improved dynamic membership calculations to avoid race conditions resulting in performance issues.

  • Accessibility fixes.

MIM Self-Service Password portals

  • Fixed an issue with ‘About’ dialog broken link.

  • Fixed an issue with incorrectly rendered banners and logos.

  • Fixed an issue with authentication workflow failures when CRLF symbols are present in workflow settings.

  • Accessibility fixes.

MIM Service and Portal Language Packs 

  • Localization updates.

  • Fixed an issue with hotfix installer failure when default RCDC objects are missing.

MIM Synchronization Service 

  • SQL indexes performance improved.

  • Fixed an issue with MIM management agent stuck in endless loop when reading custom object types with dynamic membership.

  • Fixed an issue with MIM management agent incorrect schema detection of custom object types with dynamic membership.

Note: In order to reconfigure the MIM service for Office 365 application context authentication, you need to apply this hotfix first, then run Create-MIMMailboxApp.ps1 script to register MIM Service application in Azure AD and run change mode installation. More details could be found in MIM Service for Azure AD Premium customers deployment guide: Install MIM 2016 with SP2: MIM Service and Portal for Azure AD Premium customers

References  

Microsoft Identity Manager release history  

Learn about the terminology that Microsoft uses to describe software updates.  

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders