Fixed feature and issues that relate to Credential Management
The following feature and issues are fixed in this hotfix package:
Feature
Feature 1The Password Reset registration wizard does not let organizations provide a link to their data policy. This hotfix adds a fix to provide a feature by which you can insert a link to an organization’s data policy and display that link in the Password Reset registration wizard. To enable this feature, you must set the
PrivacyLink (REG_SZ) registry value after you apply this hotfix. This fix is available in the Identity Manager 2010 Group Policy Templates. To obtain the Group Policy templates, visit the following Microsoft Download Center website:
Issues
Issue 1This hotfix enables the self-service password reset registration cache feature to work correctly.
When the registration cache feature is enabled, users who are registered for password reset will have their registration checked periodically to make sure that it is up to date. Users who are not registered will continue to be prompted to register for password reset every time that they log on to Windows.
Issue 2The type for the CacheInterval and MaxOffset registry values is set to REG_SZ in the Group Policy Templates. This hotfix corrects the type to REG_DWORD. This fix is available in the Identity Manager 2010 Group Policy Templates. To obtain the Group Policy templates, visit the following Microsoft Download Center website:
Issue 3The password reset portal returns the following error message after an IIS Reset:
An unexpected error has occurred.
Added feature that relates to Declarative Provisioning
The following feature is added in this hotfix package:
Feature 1This hotfix enables an outgoing synchronization rule to use a flow scope that accommodates more than two resource types.
Fixed issue that relates to Common UI
The following issue is fixed in this hotfix package:
Issue 1When there are more than seven UocListViews in a single Resource Control Display Configuration (RCDC), the UocListView is rendered in the wireframe view instead of in the graphical view.
Fixed issues and features that relate to Sync Engine
The following features and issues are fixed in this hotfix package:
Features
Feature 1The hotfix introduces a new registry key, MinimalObjectLogging. This lets less information be logged if an error has occurred during a run.
For more information about this registry key, visit the following Microsoft TechNet website:
Feature 2This hotfix writes an error message to the event log when a management agent run encounters staging errors.
Feature 3A management agent can have several partitions. For example, the management agent for Active Directory can have several partitions where every domain in a forest is a partition. When a whole partition is unselected, all previously imported objects are kept in the connector space. Then, a full import on any other partitions removes all objects that are in an unselected partition.
Issues
Issue 1In rare circumstances when the recycle bin is enabled on Windows Server 2008 R2, you receive error code 0x80230309. Also, you receive the following error message on the management agent for Active Directory:
The dimage indicates an update or replace operation. But the image does not exist.
A WMI query for MIIS_RunHistory returns no result.
Issue 3The Extensible Connectivity Management Agent (ECMA) has a CustomData property that is used to store the watermark for delta. When the MA encounters an export-not-reimported error, the watermark is not committed.
The hotfix commits the CustomData property even if the error occurs.
Issue 4When the last member is staged to be exported, a multi-mastered attribute generates the error “attribute not found.” This error occurs when the synchronization engine runs an import that brings in a new member instead of running an export as expected.
Issue 5The attribute precedence does not work as expected with Declarative Provisioning and the FIM Service Management Agent.
To resolve the issue, perform one of the following operations after you apply this hotfix:
- Only run full synchronization on the Active Directory Management Agent (MA), which has higher precedence than the FIM MA.
- Only run the preview commit for the linked CS objects of the bad Metaverse objects on the MA, which has higher precedence than the FIM MA.
Issue 6If you create a new mailbox by using the CreateMailbox method in ExchangeUtils, you may encounter an export-change-not-reimported on the nTSecurityDescriptor attribute.
This hotfix corrects the normalization of this attribute.
Issue 7In rare cases, the synchronization engine may crash with a multi-mastered member attribute.
Issue 8When you change an object type during scripted provisioning, you receive the following error message:
The dimage has a different anchor or primary object class from what is shown on the hologram.
When you run MAs in an unexpected order and remove the very last member of a group, you see the error “0x80070057 (The parameter is incorrect.)” on a multi-mastered, multivalued reference attribute, such as a member of a group.
Issue 10In rare cases, the sync engine may crash during a delta synchronization.
Fixed issues that relate to Workflow Engine
Issue 1When you change dynamic groups in FIM 2010, it takes a long time for the changes to take effect. This hotfix improves the performance when you make these changes.