Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A hotfix rollup package (build 4.0.3644.2) is available for Forefront Identity Manager 2010


View products that this article applies to.

Introduction

A hotfix rollup package (build 4.0.3644.2) is available for Microsoft Forefront Identity Manager (FIM) 2010. This hotfix rollup package resolves the issues and adds the features that are described in the "More Information" section.

↑ Back to the top


Update information

A supported update is available from Microsoft. We recommend that all customers apply this update to their production systems.

This update is available from the following Microsoft websites:

Microsoft Update

Microsoft Update Catalog

Microsoft Support

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the issues that are described in this article. Apply this hotfix only to systems that are experiencing the issues that are described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Component update packages

The following table contains the component update packages that are available for download from Microsoft Support.
ComponentFile name
FIM 2010 Add-ins and ExtensionsFIMAddinsExtensions_x86_KB2750673.msp FIMAddinsExtensions_x64_KB2750673.msp
FIM 2010 Add-ins and Extensions Language PackFIMAddinsExtensionsLP_x86_KB2750673.msp FIMAddinsExtensionsLP_x64_KB2750673.msp
FIM 2010 Certificate ManagementFIMCM_x86_KB2750673.msp
FIMCM_x64_KB2750673.msp
FIM 2010 Certificate Management ClientFIMCMClient_x86_KB2750673.msp
FIMCMClient_x64_KB2750673.msp
FIM 2010 Certificate Management Bulk Issuance ClientFIMCMBulkClient_x86_KB2750673.msp
FIM 2010 Service and PortalFIMService_x64_KB2750673.msp
FIM 2010 Service Portal Language PackFIMServiceLP_x64_KB2750673.msp
FIM 2010 Synchronization Service FIMSyncService_x64_KB2750673.msp
FIM 2010 Password Change Notification ServiceFIMPCNS_x86_KB2750673.msp
FIMPCNS_x64_KB2750673.msp

Prerequisites

To apply this update, you must have Forefront Identity Manager 2010 build 4.0.2592.0 or a later build installed.

Restart requirement

You must restart the computer after you apply this update. Additionally, you may have to restart the server components.

Replacement information

This update replaces the following updates:
  • 2737503 A hotfix rollup package (build 4.0.3627.2) is available for Forefront Identity Manager 2010
  • 2688078 A hotfix rollup package (build 4.0.3617.2) is available for Forefront Identity Manager 2010
  • 2635086 Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010
  • 2520954 A hotfix rollup package (build 4.0.3594.2) is available for Forefront Identity Manager 2010
  • 2502631 A hotfix rollup package (build 4.0.3576.2) is available for Forefront Identity Manager 2010
  • 2417774 A hotfix rollup package (build 4.0.3573.2) is available for Forefront Identity Manager 2010
  • 2272389 A hotfix rollup package (build 4.0.3558.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
  • 2028634 A hotfix rollup package (build 4.0.3547.2) is available for Microsoft Forefront Identity Manager (FIM) 2010
  • 978864 Update Package 1 for Microsoft Forefront Identity Manager (FIM) 2010

File information

The global version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
File nameFile sizeDateTime
Fimaddinsextensionslp_x64_kb2750673.msp5,517,31211-Oct-201222:20
Fimaddinsextensionslp_x86_kb2750673.msp4,417,53611-Oct-201222:04
Fimaddinsextensions_x64_kb2750673.msp3,611,13611-Oct-201222:20
Fimaddinsextensions_x86_kb2750673.msp2,999,80811-Oct-201222:04
Fimcmbulkclient_x86_kb2750673.msp5,136,89611-Oct-201222:04
Fimcmclient_x64_kb2750673.msp5,832,19211-Oct-201222:20
Fimcmclient_x86_kb2750673.msp5,160,44811-Oct-201222:04
Fimcm_x64_kb2750673.msp21,263,36011-Oct-201222:20
Fimcm_x86_kb2750673.msp21,072,38411-Oct-201222:04
Fimpcns_x64_kb2750673.msp202,24011-Oct-201222:20
Fimpcns_x86_kb2750673.msp166,91211-Oct-201222:04
Fimservicelp_x64_kb2750673.msp4,862,46411-Oct-201222:20
Fimservice_x64_kb2750673.msp18,599,93611-Oct-201222:20
Fimsyncservice_x64_kb2750673.msp121,633,28011-Oct-201222:20

↑ Back to the top


More Information

Known issues in this update

After you install this update, rules extensions and custom management agents (MAs) that are based on Extensible MA (ECMA1 or ECMA 2.0) may not run and may produce a run status of "stopped-extension-dll-load." This issue occurs when you run such rules extensions or custom MAs after you change the configuration file for MIISServer.exe, Mmsscrpt.exe.config, or Dllhost.exe.config. For example, you edited the MIISServer.exe.config file to change the default batch size for processing sync entries for the FIM Service MA.

In this case, the synchronization engine installer for this update intentionally does not replace the configuration file to avoid deleting your previous changes. Because the configuration file is not replaced, entries that are required by this update will not be present in the files, and the synchronization engine will not load any rules extension DLLs when the engine runs a Full Import or Delta Sync run profile.

To resolve this issue, follow these steps:
  1. Make a backup copy of the MIIServer.exe.config file.
  2. Open the MIIServer.exe.config file in a text editor or in Microsoft Visual Studio.
    • Make sure that you open the text editor by using the Run as Administrator option so that Windows will let you save the changes.
    • If you do not open the text editor by using the Run as Administrator option, and if the UserAccountControl option is enabled, Windows will not let the file be saved to the \bin folder.
  3. Find the <runtime> section in the MIIServer.exe.config file. Replace the content of the <dependentAssembly> section with the following:
    <dependentAssembly>
    <assemblyIdentity name="Microsoft.MetadirectoryServicesEx" publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="3.3.0.0" newVersion="4.0.2.0" />
    <bindingRedirect oldVersion="4.0.0.0" newVersion="4.0.2.0" />
    <bindingRedirect oldVersion="4.0.1.0" newVersion="4.0.2.0" />
    </dependentAssembly>
  4. Save the changes to the file.
  5. Find the Mmsscrpt.exe.config file in the same directory and the Dllhost.exe.config in the parent directory. Repeat steps 1 through 4 for these two files.

    Note You might not have a file that is named Dllhost.exe.config in the parent directory. It is needed only for ECMA1 and ECMA 2.0 management agents that are running out-of-process. If you are running management agents in this mode, copy the MIIServer.exe.config file to the parent folder (..\Synchronization Service), and then rename it "Dllhost.exe.config."
  6. Restart the Forefront Identity Manager Synchronization Service (FIMSynchronizationService).
  7. Verify that the rules extensions and custom management agents now work as expected.

More information

Included in this hotfix package is a new version of the Microsoft.MetadirectoryServicesEx.dll file (also known as the interface DLL). This new version is 4.0.2.0. If you have MA extensions for ECMA1/XMA, ECMA 2.0, or rules extensions, you might have to take additional actions for these extensions to continue working. This is because your DLL will have references to an earlier version (4.0.x.0). There are three files that have binding redirect information. They are used as follows:
  • MIIServer.exe.config: All ECMA1 and ECMA2.0 management agents and all rules extensions that are running in-process
  • Mmsscrpt.exe.config: All rules extensions that are running out-of-process
  • Dllhost.exe.config: All ECMA1 and ECMA2.0 management agents that are running out-of-process

Issues that are fixed and features that are added by this update

General

Issue
This hotfix addresses an issue in which the digital signature on files that are produced and signed by Microsoft will expire prematurely, as described in Microsoft Security Advisory 2749655.

FIM Synchronization Service

Issue
The DB2 Management Agent cannot connect to a DB2 server that is running on an IBM iSeries v6 server or a later version.

↑ Back to the top


FIM Service

New feature
When the FIM password reset activity does not connect to the Active Directory, the WMI components returns a code. The code explains the reason for this failure.

Common Component (Microsoft.MetadirectoryServicesEx.dll)

Issue
Hotfix rollup build 4.0.3644.2 changed the version number of the Microsoft.MetadirectoryServicesEx.dll assembly file to 4.0.1.0. Then, hotfix rollup build 4.0.3617.2 made additional changes to the assembly file but did not change the file version number. Therefore, the file version numbers are mismatched when you try to update the file from version 4.0.3606.2 to later hotfix rollup builds.

When this issue occurs, you may experience the following symptoms:
  • You cannot load and run a custom management agent.
  • You cannot create a new FIM service management agent.
Note This assembly file is included in both the FIM Synchronization service and the FIM Service setup files.

↑ Back to the top


References

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top


Keywords: kbautohotfix, kbqfe, kbhotfixserver, kbfix, kbexpertiseinter, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2750673
Revision : 1
Created on : 1/7/2017
Published on : 11/15/2012
Exists online : False
Views : 267