DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2502631 - Last Review: March 23, 2011 - Revision: 1.0

Hotfix Download Available
View and request hotfix downloads
 

On This Page

Introduction

A hotfix rollup package (build 4.0.3576.2) is available for Microsoft Forefront Identity Manager (FIM) 2010.

This hotfix rollup package includes all the previous hotfixes that are described in the following Microsoft Knowledge Base (KB) article:
2417774  (http://support.microsoft.com/kb/2417774/ ) A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010
2272389  (http://support.microsoft.com/kb/2272389/ ) A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
2028634  (http://support.microsoft.com/kb/2028634/ ) A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
978864  (http://support.microsoft.com/kb/978864/ ) Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010

This hotfix rollup package also resolves some issues and provides some features that were not documented in a previously released KB article. For more information about these issues and features, see the "More information" section.

RESOLUTION

Hotfix Rollup information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Notes
  • If you upgrade any of the FIM server components, you must also upgrade the following server components:
    • The FIM Certificate Management (CM) certification authority (CA) components to the same version as the FIM CM server.
    • The FIM Service to the same version as the FIM Synchronization Service.
  • To avoid a Bulk Client failure, you must also upgrade the FIM CM server and FIM CA server modules to the same version if you upgrade the FIM 2010 CM Bulk Client.

Prerequisites

To apply this hotfix rollup package, you must have Forefront Identity Manager (FIM) 2010 installed.

Restart requirement

You must restart the computer after you apply the Add-ins and Extensions hotfix rollup package. Additionally, you may have to restart the server components.

Hotfix replacement information

This hotfix rollup package replaces the following hotfix rollup packages:
2417774  (http://support.microsoft.com/kb/2417774/ ) A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010
2272389  (http://support.microsoft.com/kb/2272389/ ) A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
2028634  (http://support.microsoft.com/kb/2028634/ ) A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
978864  (http://support.microsoft.com/kb/978864/ ) Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
For all supported versions of FIM 2010
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Fim cm bulk client.zipNot applicable10,229,61615-Mar-201109:01
Fimaddinsextensionslp_x64_kb2502631.mspNot applicable4,626,43202-Mar-201122:24
Fimaddinsextensionslp_x86_kb2502631.mspNot applicable3,709,95202-Mar-201121:35
Fimaddinsextensions_x64_kb2502631.mspNot applicable3,261,95202-Mar-201122:24
Fimaddinsextensions_x86_kb2502631.mspNot applicable2,762,24002-Mar-201121:35
Fimcmclient_x64_kb2502631.mspNot applicable5,796,35202-Mar-201122:24
Fimcmclient_x86_kb2502631.mspNot applicable5,133,82402-Mar-201121:35
Fimcm_x64_kb2502631.mspNot applicable13,480,44802-Mar-201122:25
Fimcm_x86_kb2502631.mspNot applicable13,215,23202-Mar-201121:35
Fimservicelp_x64_kb2502631.mspNot applicable4,621,82402-Mar-201122:24
Fimservice_x64_kb2502631.mspNot applicable17,021,95202-Mar-201122:24
Fimsyncservice_x64_kb2502631.mspNot applicable117,904,38402-Mar-201122:25

MORE INFORMATION

Resolved issues and features that are related to Certificate Management

Issue 1
When the FIM CM Update Service and CM policy modules do not have the same version, the FIM CM auto-enroll policy module may process requests incorrectly.

Issue 2
If you use the FIM Certificate Management (CM) Client to set the ALLOW_SSO parameter to YES in the PIN rule for smart cards, you receive an error message that resembles the following:
The supplied PIN is incorrect.
Note To resolve this issue, you must install the update for the Forefront Identity Manager (FIM) CM server before you install the update for the FIM Certificate Management Client.

Feature 1

This hotfix rollup package adds support that uses key pairs for data encryption in FIM CM. The key pairs are stored by using a key storage provider.

Feature 2

This hotfix rollup package adds support that lets you run the FIM 2010 CM Bulk Client in Windows 7.

Resolved issues and features that are related to Synchronization Service

Issue 1
When a Management Agent (MA) is running in 32-bit mode, password reset operations do not work. For example, this issue occurs when you run an out-of-box SAP MA.

Issue 2
The performance of the SQL MA is slow. After you install this package, indexing operations are improved, and the performance of the SQL MA is 25 percent faster.

Issue 3
When you try to rename an object that is re-created in the Sync Engine, you receive an error message that resembles the following:
trying to add with different anchor
Issue 4
When a metaverse object is removed, you receive the following exception if a detected rule entry (DRE) is not removed:
Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: 0x80230405
Additionally, you receive an error message that resembles the following in the Sync Engine:
The server encountered an unexpected error while performing an operation for a rules extension.
Feature 1

If the service account for FIM Sync is the same account that is used by an Active Directory MA (AD MA), the service account can be used for connecting to AD by leaving the password empty in the AD MA. Additionally, you do not have to update the password for the account in the AD MA when the password of the service account is changed.

Note Do not use this feature when you use the AD MA for Exchange provisioning.

Feature 2

This hotfix adds support to let you export subattributes in Sun Directory Services LDAP.

Subattributes are managed in a second MA. The primary MA imports and exports all attributes except subattributes. If there are several subattributes that are in relation to an attribute, additional MAs may be necessary.

All object operations that are add or delete operations are performed from the primary MA only.

To configure the second MA to use subattributes, create the iPlanetMAOptionExporting DWORD registry entry in the following registry subkey, and then set the value of the registry entry to 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\<MA name>
When the iPlanetMAOptionFiltering registry entry is defined and is not set to an empty string, the new export feature is enabled.

For more information about the iPlanetMAOptionFiltering registry entry, click the following article number to view the article in the Microsoft Knowledge Base:
842531  (http://support.microsoft.com/kb/842531/ ) How to obtain the latest Microsoft Identity Integration Services 2003 cumulative hotfix package
If the value of iPlanetMAOptionFiltering registry entry is not defined, or if the value is an empty string, the new export feature is disabled.

When the new export feature is enabled, all attributes except objectClass and DN are exported by appending a semicolon and the value of the iPlanetMAOptionFiltering registry entry to the attributes. Other functionality remains the same, and errors for attributes that do not contain options are handled the same.

The filtering and exporting options are intended for a secondary instance of Sun MA. A join rule is required to make sure that multiple CS representations of a Sun directory object are joined to the same MV object. A join rule on the second MA is defined by using the DN attribute. The primary MA must be configured to move from this attribute to an attribute in the metaverse.

Resolved issues that are related to the FIM Portal

Issue 1
Consider the following scenario:
  • You try to find users by using the Object Picker.
  • You put the cursor into the text box by pressing Home or by using the mouse.
In this scenario, you receive an Internet Explorer script error.

Issue 2
If you add multiple items into the Object Picker, you may receive an error.

Resolved issues and features that are related to FIM Service

Issue 1
When you approve multiple requests by using a batch operation, the batch operation may time out.

Issue 2
You run a stored procedure to process lots of requests that contain some collateral requests or to process some requests that contain lots of collateral requests. In this scenario, the procedure may stop responding. Additionally, the FIM SQL server or the computer that is running FIM service may use the CPU excessively. For example, this issue may occur when the stored procedure tries to cancel a collateral request.

Issue 3
When a string attribute that has multiple values is changed, an error may occur if the Sets are defined by using the starts-with function.

Issue 4
When an object type that is referenced in Set filters is deleted or re-created, the Set memberships may be incorrect. After you apply this hotfix rollup package, the object types that are referenced in Set filters cannot be deleted.

Issue 5
When multiple concurrent requests involve object set transitions, the requests may fail. This issue occurs because a duplicate key SQL exception is generated.

Resolved issue that is related to FIM Service MA

Issue 1
When you run a delta import on the FIM service MA, the following exception occurs:
Microsoft.ResourceManagement.IdentityManagementException
Additionally, you receive an error that resembles the following:
Delta Import cannot be run as the change log has been detected to be in a corrupted state.
Also, the following event is logged in the Application log:

Log Name: Application
Source: FIMSynchronizationService
Date: <date><time>
Event ID: 6500
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <computer name>
Description:
The description for Event ID 6500 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

Resolved issue that is related to Setup

Issue 1
After you install a hotfix that is a newer version than FIM 2010 version 4.0.3568.2, a FIM MA failure occurs if Update package 1 for FIM 2010 release version (build 4.0.3531.2) is not already installed.

Therefore, this issue occurs after you install hotfix 2417774 (build 4.0.3573.2) on the release version directly.

MORE INFORMATION

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

APPLIES TO
  • Microsoft Forefront Identity Manager 2010
Keywords: 
kbautohotfix kbqfe kbhotfixserver kbfix kbexpertiseinter kbsurveynew KB2502631
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support