Service Pack 1 (build 4.1.3114.0) is available for Microsoft Forefront Identity Manager (FIM) 2010 R2. This service pack resolves the issues that are described in the "More Information" section. Additionally, this service pack contains all servicing fixes that were released since the release of FIM 2010 R2.
Service pack information
Hotfix Replacement Information
The hotfix that corresponds to KB 2772429 has been superseded with the hotfix KB 2814853, which contains all fixes that were previously included in KB 2772429. You should use the hotfix KB 2814853 to fix the issues described in KB 2772429. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2814853 A hotfix rollup package (build 4.1.3419.0) is available for Forefront Identity Manager 2010 R2
What's new in FIM 2010 R2 Service Pack 1
For more information about Service Pack 1 for Forefront Identity Manager 2010 R2, see the following topics in the Forefront Identity Manager 2010 R2 product documentation:
"What’s New in Forefront Identity Manager 2010 R2 SP1"
"Release Notes for FIM 2010 R2 SP1"
Known issues in this update
After you install this update, rules extensions and custom management agents (MAs) that are based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may produce a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file for MIISServer.exe, Mmsscrpt.exe.config, or Dllhost.exe.config. For example, you edited the MIISServer.exe.config file to change the default batch size for processing sync entries for the FIM Service MA.
In this case, the synchronization engine installer for this update intentionally does not replace the configuration file to avoid deleting your previous changes. Because the configuration file is not replaced, entries that are required by this update will not be present in the files, and the synchronization engine will not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.
To resolve this issue, follow these steps:
Make a backup copy of the MIIServer.exe.config file.
Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
Make sure that you open the text editor by using the Run as Administrator option so that Windows will let you save the changes.
If you do not open the text editor by using the Run as Administrator option, and if the UserAccountControl option is enabled, Windows will not let the file be saved to the \bin folder.
Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following:
<assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="184.108.40.206" newVersion="220.127.116.11" />
<bindingRedirect oldVersion="18.104.22.168" newVersion="22.214.171.124" />
<bindingRedirect oldVersion="126.96.36.199" newVersion="188.8.131.52" />
<bindingRedirect oldVersion="184.108.40.206" newVersion="220.127.116.11" />
<bindingRedirect oldVersion="18.104.22.168" newVersion="22.214.171.124" />
Save the changes to the file.
Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.
Restart the Forefront Identity Manager Synchronization Service (FIMSynchronizationService).
Verify that the rules extensions and custom management agents now work as expected.
Note Included in this update is a new version of the Microsoft.MetadirectoryServicesEx.dll file (also known as the interface DLL). This new version is 126.96.36.199. If you have MA extensions for ECMA1/XMA, ECMA 2.0, or rules extensions, you might have to take additional actions for these extensions to continue working. This is because your DLL will have references to an earlier version (4.0.x.0). There are three files that have binding redirect information. They are used as follows:
MIIServer.exe.config: All ECMA1 and ECMA2.0 management agents and all rules extensions that are running in-process
Mmsscrpt.exe.config: All rules extensions that are running out-of-process
Dllhost.exe.config: All ECMA1 and ECMA2.0 management agents that are running out-of-process
Identity Management Portal
To enable support for Internet Explorer 10, the following hotfixes for the ASP.NET browser definition files must be installed on the FIM 2010 R2 portal server:
Issues that are fixed in this update
This update fixes the following issues that were not previously documented in the Microsoft Knowledge Base.
FIM Synchronization Service
An upgrade to FIM 2010 R2 from an earlier version may be unsuccessful in certain scenarios if the imported changes from a management agent are not synchronized before the upgrade.
A connection to Active Directory Lightweight Directory Services (AD LDS) when SSL is enabled is unsuccessful.
When a connector is synced to a metaverse object that already has an un-synced connector in the same connector space, the sync on the object fails with stopped-server. In this case, the synchronization engine incorrectly considers this as an invalid state.
Multiple issues with ECMA 2.0 are fixed.
A reinstallation of the reporting components does not update the System Center registry value in the FIMService registry key (HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\FIMService).
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates