Resolved issues and features that are related to Certificate Management
Issue 1When the FIM CM Update Service and CM policy modules do not have the same version, the FIM CM auto-enroll policy module may process requests incorrectly.
Issue 2If you use the FIM Certificate Management (CM) Client to set the
ALLOW_SSO parameter to
YES in the
PIN rule for smart cards, you receive an error message that resembles the following:
The supplied PIN is incorrect.
To resolve this issue, you must install the update for the Forefront Identity Manager (FIM) CM server before you install the update for the FIM Certificate Management Client.
Feature 1This hotfix rollup package adds support that uses key pairs for data encryption in FIM CM. The key pairs are stored by using a key storage provider.
Feature 2This hotfix rollup package adds support that lets you run the FIM 2010 CM Bulk Client in Windows 7.
Resolved issues and features that are related to Synchronization Service
Issue 1When a Management Agent (MA) is running in 32-bit mode, password reset operations do not work. For example, this issue occurs when you run an out-of-box SAP MA.
Issue 2The performance of the SQL MA is slow. After you install this package, indexing operations are improved, and the performance of the SQL MA is 25 percent faster.
Issue 3When you try to rename an object that is re-created in the Sync Engine, you receive an error message that resembles the following:
trying to add with different anchor
When a metaverse object is removed, you receive the following exception if a detected rule entry (DRE) is not removed:
Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: 0x80230405
Additionally, you receive an error message that resembles the following in the Sync Engine:
The server encountered an unexpected error while performing an operation for a rules extension.
If the service account for FIM Sync is the same account that is used by an Active Directory MA (AD MA), the service account can be used for connecting to AD by leaving the password empty in the AD MA. Additionally, you do not have to update the password for the account in the AD MA when the password of the service account is changed.
Note Do not use this feature when you use the AD MA for Exchange provisioning.
Feature 2This hotfix adds support to let you export subattributes in Sun Directory Services LDAP.
Subattributes are managed in a second MA. The primary MA imports and exports all attributes except subattributes. If there are several subattributes that are in relation to an attribute, additional MAs may be necessary.
All object operations that are add or delete operations are performed from the primary MA only.
To configure the second MA to use subattributes, create the
iPlanetMAOptionExporting DWORD registry entry in the following registry subkey, and then set the value of the registry entry to
1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\<MA name>
When the
iPlanetMAOptionFiltering registry entry is defined and is not set to an empty string, the new export feature is enabled.
For more information about the iPlanetMAOptionFiltering registry entry, click the following article number to view the article in the Microsoft Knowledge Base: 842531 How to obtain the latest Microsoft Identity Integration Services 2003 cumulative hotfix package
If the value of
iPlanetMAOptionFiltering registry entry is not defined, or if the value is an empty string, the new export feature is disabled.
When the new export feature is enabled, all attributes except
objectClass and
DN are exported by appending a semicolon and the value of the
iPlanetMAOptionFiltering registry entry to the attributes. Other functionality remains the same, and errors for attributes that do not contain options are handled the same.
The filtering and exporting options are intended for a secondary instance of Sun MA. A join rule is required to make sure that multiple CS representations of a Sun directory object are joined to the same MV object. A join rule on the second MA is defined by using the
DN attribute. The primary MA must be configured to move from this attribute to an attribute in the metaverse.
Resolved issues that are related to the FIM Portal
Issue 1Consider the following scenario:
- You try to find users by using the Object Picker.
- You put the cursor into the text box by pressing Home or by using the mouse.
In this scenario, you receive an Internet Explorer script error.
Issue 2If you add multiple items into the Object Picker, you may receive an error.
Resolved issues and features that are related to FIM Service
Issue 1When you approve multiple requests by using a batch operation, the batch operation may time out.
Issue 2You run a stored procedure to process lots of requests that contain some collateral requests or to process some requests that contain lots of collateral requests. In this scenario, the procedure may stop responding. Additionally, the FIM SQL server or the computer that is running FIM service may use the CPU excessively. For example, this issue may occur when the stored procedure tries to cancel a collateral request.
Issue 3When a string attribute that has multiple values is changed, an error may occur if the Sets are defined by using the
starts-with function.
Issue 4When an object type that is referenced in Set filters is deleted or re-created, the Set memberships may be incorrect. After you apply this hotfix rollup package, the object types that are referenced in Set filters cannot be deleted.
Issue 5When multiple concurrent requests involve object set transitions, the requests may fail. This issue occurs because a duplicate key SQL exception is generated.
Resolved issue that is related to FIM Service MA
Issue 1When you run a delta import on the FIM service MA, the following exception occurs:
Microsoft.ResourceManagement.IdentityManagementException
Additionally, you receive an error that resembles the following:
Delta Import cannot be run as the change log has been detected to be in a corrupted state.
Also, the following event is logged in the Application log:
Resolved issue that is related to Setup
Issue 1After you install a hotfix that is a newer version than FIM 2010 version 4.0.3568.2, a FIM MA failure occurs if Update package 1 for FIM 2010 release version (build 4.0.3531.2) is not already installed.
Therefore, this issue occurs after you install hotfix 2417774 (build 4.0.3573.2) on the release version directly.