Applies ToMicrosoft Identity Manager 2016 SP1

Introduction

A hotfix rollup package (build 4.5.202.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 1 (SP1). This rollup package resolves some issues and adds some improvements that are described in the "Issues fixed and improvements added in this update" section.

Known issues in this update

Note The MIM Synchronization Service and MIM Service MSP (installers) have been temporarily removed while we investigate an issue with the upgrade process for this hotfix rollup package. More information will be available shortly.

Synchronization Service

After you install this update, rules extensions and custom management agents (MAs) based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may cause a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file (.config) for one of the following processes:

  • MIIServer.exe

  • Mmsscrpt.exe

  • Dllhost.exe

For example, you edit the MIIServer.exe.config file to change the default batch size for processing sync entries for the Forefront Identity Manager (FIM) Service MA. In this situation, the synchronization engine installer for this update can't replace the configuration file to avoid deleting your previous changes. This is because if the configuration file isn't replaced, entries that are required by this update aren't present in the files. Therefore, the synchronization engine does not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.

To resolve this issue, follow these steps:

  1. Back up the MIIServer.exe.config file.

  2. Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.

  3. Find the <runtime> section in the MIIServer.exe.config file, and then replace the content of the <dependentAssembly> section with the following content:

<dependentAssembly>

<assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />

<bindingRedirect oldVersion="3.3.0.0-4.1.3.0" newVersion="4.1.4.0" />

</dependentAssembly>

  1. Save the changes to the file.

  2. Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.

  3. Restart the Forefront Identity Manager Synchronization Service (FIM Synchronization Service).

  4. Verify that the rules extensions and custom management agents now work as expected.

Service and Portal Setup

The 2013 x64 Visual C++ Redistributable Packages (vcresist_x64.exe) must be installed before you run MIM Service and Portal Setup.

Associated error:

Note There is a problem with the Windows Installer package. A DLL required for this installation to complete could not be run. Contact your support personnel or package vendor.

To resolve this issue:

Download the Visual C++ Redistributable Package (vcredist_x64.exe) from the following Windows Download Center link.

Visual C++ Redistributable Package

Identity Management Portal

After you install this update, the Portal may not be displayed as expected in Internet Explorer. To fix this issue, follow these steps:

  1. Close all Internet Explorer instances.

  2. Open the Internet Options control panel.

  3. Delete all history and cached files.

If this issue persists, make sure that the version of Internet Explorer is 11 or a later version. If you are running versions that are earlier than 11, there may be display inconsistencies when you compare it to the Portal that is displayed in version 11.

Update information

Microsoft Download Center

A supported update is available from the Microsoft Download Center. We recommend that all customers apply this update to their production systems.

Download the update for Microsoft Identity Manager 2016 SP1 (KB4346632) now

Prerequisites

To apply this update, you must have the following installed:

  • Microsoft Identity Manager 2016 build 4.4.1302.0

  • .NET Framework 4.6 for the following components:

    • MIM Service

    • MIM Portals (Identity Management, Password Reset, Password Registration)

    • MIM PAM

    • MIM add-ins and extensions

Restart requirement

You must restart the computer after you apply the add-ins and extensions package (Fimaddinsextensions_xnn_KB4073679.msp). You may also have to restart the server components.

Replacement information

This is a cumulative update that replaces all MIM 2016 SP1 updates, from 4.4.1302.0 up to build 4.5.26.0 for Microsoft Identity Manager 2016.

File information

The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File name

File version

File size

Date

Time

Platform

LANGUAGE Packs.zip

Not applicable

118,185

31-Aug-2018

10:00

Not applicable

MIMAddinsExtensions_x64_KB4346632.msp

Not applicable

7,436

29-Aug-2018

21:17

x64

MIMAddinsExtensions_x86_KB4346632.msp

Not applicable

3,212

29-Aug-2018

20:37

x64

MIMCMBulkClient_x86_KB4346632.msp

Not applicable

7,220

29-Aug-2018

16:07

x86

MIMCMClient_x64_KB4346632.msp

Not applicable

7,440

29-Aug-2018

17:09

x64

MIMCMClient_x86_KB4346632.msp

Not applicable

7,076

29-Aug-2018

16:06

x86

MIMCM_x64_KB4346632.msp

Not applicable

16,560

29-Aug-2018

17:37

x64

MIMService_x64_KB4346632.msp

Not applicable

38,960

29-Aug-2018

21:20

x64

MIMSyncService_x64_KB4346632.msp

Not applicable

21,764

29-Aug-2018

18:42

x64

Issues fixed and improvements added in this update

This update makes the following fixes and improvements that were not previously documented in the Microsoft Knowledge Base.

Service and Portal

MIM Service

The MIM Service now supports the use of the Azure MFA Server for MIM Azure MFA integration. 

With the release of this update, it’s recommended that all new MIM MFA integrations be done by using the Azure MFA Server instead of the Azure Direct MFA SDK. Support for Azure MFA Server is added in this update release.

This applies to both MIM Privileged Access Management (PAM) MFA integration and MIM Self Service Password Reset (SSPR) MFA integration.

This also includes functionality update to enable you to create custom MFA servers and integrate them with MIM. 

Working with MFA Server in MIM

Working with a custom MFA server in MIM

Working with Self-Service Password Reset (Updated)

Privileged Access Management

When you use the REST API against Privileged Access Management (PAM), an exception is returned: 

PAM REST API could not be started because it could not load file or assembly System.Net.Http.Formatting, Version=5.2.2.0

After you install this update, this issue is resolved. 

MIM Identity Management Portal

Issue 1

With build 4.5.26.0, some popups in the MIM Portal are displayed with an incorrect table length.  The table seems to be truncated on the left side of the popup.

After you install this update, the tables in the popups are displayed as expected. 

Issue 2

In the Advanced Search dialog of the Portal, the scrollbars don’t display properly.

After you install this update, the Advanced Search dialog scrollbars are displayed as expected.

MIM Service and Portal Language Pack

When you install the MIM Service and Portal language pack in hotfix update 4.5.26.0, an exception is returned, preventing the installation to complete.

Assembly Error:  Strong name signature verification failed for assembly Microsoft.IdentityManagement.Logging.resources.dll.  The assembly may have been tampered with, or it was delay signed, but not fully signed with the correct private key.

This issue has been fixed in this new hotfix release, allowing the installation of the MIM Service and Portal language pack update. 

Certificate Management

Starting with the MIM update version 4.5.26.0, a binding redirect statement was required, for use of the REST API.  This redirected the 4.5.6 build of Newtonsoft.Json.dll to use version 9.0.0.0. 

After you install this new version, the MIM Certificate Management REST API will work with, or without, the binding redirect statement in the web.config file. 

Important:  If upgrading from build 4.5.26.0, the binding redirect statement should be also updated, as the Newtonsoft.Json.dll also has a new revision – 9.0.1.0.  Alternately, the binding redirect information for the Newtonsoft.Json can be removed.

<runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30AD4FE6B2A6AEED" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="9.0.1.0"/> </dependentAssembly> </assemblyBinding> </runtime>

The web.config file for the Certificate Management Portal is located in the following path:

%programfiles%\Microsoft Forefront Identity Manager\2010\Certificate Management\web

References

Microsoft Identity Manager release history

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.