A hotfix rollup package (build 4.1.3508.0) is available for #FIM2010 R2

Source: http://support.microsoft.com/kb/2913228

Microsoft has released a hotfix rollup package (build 4.1.3508.0) for Microsoft Forefront Identity Manager (FIM) 2010 R2.

“Issues that are fixed or features that are added in this update

This update fixes the following issues that were not previously documented in the Microsoft Knowledge Base.

FIM Service and Portal

Issue 1

If a FIMService instance loses connection to the FIMService database, the FIMService instance may stop processing FIM Service MA export requests. This results in failed FIM Service MA exports that have a run status of stopped-server. Additionally, the following exception is logged in the Forefront Identity Manager event log:

System.Data: System.InvalidOperationException: The requested operation cannot be completed because the connection has been broken.
Issue 2

Consider the following scenario:

  • A Transition Out management policy rule is using a dynamic set together with a multivalued attribute.
  • Two or more elements are removed from the attribute in a single request.
  • One of the removed elements triggers the Transition-Out ManagementPolicyRule (MPR) resource. 

In this scenario, the request fails. Additionally, you receive the following exception:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other —> System.Data.SqlClient.SqlException: Reraised Error 2627, Level 14, State 1, Procedure DoEvaluateRequestInner, Line 1073, Message: Violation of PRIMARY KEY constraint ‘PK__#1B54B73__5330D0771D3CFFB1’. Cannot insert duplicate key in object ‘dbo.@transitionOutapplicableRuleBuffer’.
Issue 3

When an export that is run in the FIM Service MA includes updates to the Filter attribute of multiple dynamic groups, a failed-modification-via-web-services exception may be returned. When you review the details of the exception, you find that an SQL deadlock occurred.

FIM Synchronization Service

Issue 1

If a multivalued attribute is exported and then changed directly in the target system, the change is not evaluated during delta synchronization. For example, this issue occurs in the following scenario when the Active Directory Management Agent is used:

  1. A change to proxyAddresses is exported to the Active Directory for User1.
  2. A second change is made to proxyAddresses directly in Active Directory outside the synchronization service.
  3. A Delta Import run profile is run to confirm the exported changes.

In this scenario, the next delta sync will not process the change.

Issue 2

If an exception is thrown by the Connector’s password extension during password synchronization, the Connector will be unloaded from memory. This behavior may cause high processor usage on the computer that is hosting the FIM Synchronization Service when that computer processes password synchronization if it is under load or is synchronizing passwords to multiple Connectors.
After this update is installed, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface and unload the Connector. This lets the interface to be reused for another password operation to the connected data source. The password operation will not be retried and is removed from the queue. Any other exception will still unload the Connector and reload it at the next password operation.”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.