Hotfix

Published on TNWIKI: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)

Published at: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)

Applies to

  • Window Server 2016

Issue

.Net Framework 3.5 installation fails on Windows Server 2016

Troubleshooting

Tried many solutions like below

.NET 3.5 Uninstall detected

See:
MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log

Windows Feature installation

See:
Windows Server 2012 R2 Troubleshooting: .NET Framework 3.5 installation failure (Offline/Online)

GPO Setting

See:
.Net Framework 3.5 Troubleshooting: installation errors (GPO)

Hotfix issue

See:
SharePoint 2013 Troubleshooting: NET 3.5 framework add feature error (the source files could not be found)

Solution

Grant read permission to the Everyone group on the installation files.

Check:
https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features

 

Important

When you are installing feature files from a remote source, the source path or file share must
grant Read permissions either to the
Everyone group (not recommended for security reasons), or to the computer (local system) account of the destination server; granting user account
access is not sufficient.

Servers that are in workgroups cannot access external file shares, even if the computer account for the workgroup server has
Read permissions on the external share. Alternate source locations that work for workgroup servers include installation media, Windows Update, and VHD or WIM files that are stored on the local workgroup
server.

See also

References

 

Note-To-Self: ICYMI, #MIM2016 Support for SQL Always On Availability groups

Based on a recent customer support experience with MIM (migrating from MIM 2016 RTM to SP1 latest hotfix), I ran into a few issues…

They have been documented here:

And also

While investigating the MIM Performance, we bumped into some SQL configuration issues, seriously impacting the MIM performance.
Finally ending up with staging the latest hotfix on MIM… (which is in general always a good idea and best practice).

But, talking the SQL performance, in that troubleshooting exercise another question popped up, again: Always on Availability groups.

And while this has been an issues for long time, the good news is : as of MIM 2016 SP1 (4.4.1459.0 or Later), Always On Availability groups are now supported.

You can find the announcement here: https://blogs.technet.microsoft.com/iamsupport/2017/03/22/microsoft-identity-manager-2016-sp14-4-1459-0-or-later-support-for-sql-2016-always-on-availability-groups/

Strangely enough it’s not mentioned in the KB article for the hotfix: SP1 March 2017 Hotfix (4.4.1459.0),

Still, the page on SQL Server availability solutions for Microsoft Identity Manager services databases, is not mentioning AoA, see here: https://support.microsoft.com/en-us/help/3200896/sql-server-availability-solutions-for-microsoft-identity-manager-servi

So, you need to keep that one in your MIM knowledge backpack.

Updated: 2020-12-29

Note-to-self: Hotfix rollup package (build 4.4.1459.0) is available for #MIM2016 SP1

Microsoft has released an hotfix for MIM2016 SP, with an awful lot of updates and improvements.. to much to list… but more to read:

See here: https://support.microsoft.com/en-us/help/4012498/hotfix-rollup-package-build-4-4-1459-0-is-available-for-microsoft-iden

Last update: 2020-12-30

Microsoft released #MIM2016 Service Pack 1 UPDATE package

Source: https://aka.ms/mim2016sp1upgrade

Since the release of MIM 2016 SP1 just a few weeks ago, Microsoft received significant feedback from the community, their partners and customers regarding the upgrade paths for the service pack.

8th of November, Microsoft announced the availability of the MIM 2016 SP1 Update MSP.

This MSP allows current customers on MIM 2016 RTM, or any hotfix build since 2016 RTM to perform an in-place upgrade to the current build of this MSP (4.4.1302.0).

The supported in-place upgrade scenarios are outlined in the table below. To obtain this update, please click here.

Please note, an updated MSI for new implementations is likely to be released soon.

Carefully check the upgrade paths, as this MSP cannot be applied to build 4.4.1296.0 (MIM 2016 SP1 RTM).

The download page explicitly mentions: “MIM 2016 RTM Versions to update their infrastructure to the latest SP1 Build without complete uninstall. Customers already on MIM 2016 SP1 (4.4.1237) can not install this patch. 

Supported Operating System

Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

MIM 2016 RTM or one of the following hotfix builds: 4.3.2064.0 4.3.2195.0 4.3.2266.0″

Initial Build Hotfix Applied Build after SP1 Update
RTM None 4.4.1302.0
RTM 4.3.2064.0 4.4.1302.0
RTM 4.3.2064.0, 4.3.2195.0 4.4.1302.0
RTM 4.3.2195.0 4.4.1302.0
RTM 4.3.2266.0 4.4.1302.0

Additionally, for customers running Office 2010 needing the x86 Add-ins and Extensions, do not update using this MSP, a forthcoming hotfix will be made available in the coming months.

If you have any comments for the Product Group, please send us an email at: mim2016@microsoft.com

(Last update: 2020-12-31)

A hotfix rollup package (build 4.1.3765.0) is available for #FIM2010

Source: https://support.microsoft.com/en-us/kb/3171318

Issues that are fixed and features that are added in this update

This update fixes the following issues and adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM Certificate Management

  • Issue 1 A smart card search takes 3.5 minutes on an idle server. Additionally, the search never ends if the server is stressed.
  • Issue 2 The Duplicate Revocation Settings policy is replaced because some users could not set it.
  • Issue 3 There is a redundant space in the “Profile Summary” string on the Request Complete page for some languages.

FIM Synchronization Service

  • Issue 1 In a metaverse search and when you view the object, there is a Last Modified field. But when you sort that field, it sorts as a generic text field instead of as a date field.
  • Issue 2 Error messages (such as Event ID 6313) are logged in the event log. Additionally, performance counters don’t work.
  • Issue 3 The Sync Service crashes when you run a Full Synchronization process that has Equal Precedence set for attributes that exist in IAF or EAF.
  • Issue 4 When an incorrect page size (either less than the minimum or more than the maximum) is used for the run profile of the ECMA2 management agent, the size value quietly changes to the minimum or the maximum after you click Finish.
  • Issue 5 An error message from the Management Agent cannot be parsed if it contains some special symbols. Therefore, the error message doesn’t appear in the error list as expected, and a non-informative error window appears.
  • Issue 6 You receive a “Reference to undeclared entity ‘qt'” error message when you run the history process and the history text contains the “greater than” symbol (>).
  • Issue 7 Under certain conditions, the file selection dialog box does not appear on the MA configuration wizard pages.
  • Issue 8 A “MEMORY_ALLOCATION_FAILURE” error occurs in the Performance Monitoring tool when the performance data .dll file cannot open the process.

FIM Portal

  • Issue 1 Multivalued labels are displayed incorrectly in a single line in the UI.

FIM Service

  • Issue 1 During an Export process between the Synchronization and FIM Service, the msidmCompositeType request may fail if some multivalued string attribute value is changed in the scope of the Export session. This behavior affects performance.
  • Issue 2 In SharePoint Server 2013 and later versions, if you change a workflow or update an email template by using the FIM Portal, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

BHOLD

  • Issue 1 When you add a user to an organizational unit (OU) that has some incompatible permissions in the OUs role, all the incompatible permissions are assigned.
  • Issue 2 Some issues are fixed for attribute-based authorization (ABA) roles that are assigned to a user when the roles have incompatible permissions.
  • Issue 3 When you use the Access Management Connector to provision new OUs with a parent OU, all the parent OU roles are inherited but are also disabled.
  • Issue 4 An error occurs in BHOLD during installation in Internet Information Services (IIS) 10.
  • Issue 5 If two or more roles assigned to a user who has the same permissions as the roles, and the roles use the endDate attribute, you cannot extract a user permission that has the latest date.
  • Issue 6 An email alias is truncated if it is longer than 30 characters.

Updated: 2020-12-30

New hotfix rollup package (build 4.3.2266.0) is available for #MIM2016

Source: https://support.microsoft.com/en-us/kb/3171342

Quick overview below, full detail in KB article referenced.

Issues that are fixed and features that are added in this update

This update fixes the following issues and adds the following features that were not previously documented in the Microsoft Knowledge Base.

Privileged Access Management (PAM)

Issue 1: PAM monitor service error with PRIV only PAM USER

 

FIM add-ins and extensions

Issue 1: SSPR windows clients with high DPI have incorrect scaling of the final page

Issue 2: SSPR Windows client text message overlap

 

FIM Certificate Management

Issue 1: <span “text-base”=””>ExecuteOperations.Disable operation issue

Issue 2: Smart Card search issue

Issue 3: Profile summary issue

Issue 4: Duplicate revocation settings policy issue

Issue 5: Certificae Management portal issue with LDAP CN name

Issue 6: misplaced link in Certificate Management portal for certain languages

 

FIM Synchronization Service

Issue 1: MA config wizard issue

Issue 2: error messages logged in Event Viewer + Perf counter issue

Issue 3: Issue with Full sync vs Equal precedence

Issue 4: ECMA2 issue with incorrect page size

Issue 5 :error message from the Management Agent cannot be parsed if it contains some special symbols

Issue 6″Reference to undeclared entity ‘qt'” error message

Issue 7: <span “text-base”=””>New Functionality:/span> The ability to skip the Management Agent during the import of a server configuration is added.

Issue 8: A “MEMORY_ALLOCATION_FAILURE” error occurs in the Performance Monitoring tool.

 

FIM Portal

Issue 1: incorrect display of multivalue labels

Issue 2: RCDC update XML format not verified

Issue 3: cannot drag and drop user to remove box

Issue 4: Local date and time issue

Issue 5 RCDC additional attributed included

 

 

FIM Service

Issue 1: SharePoint Server 2013 and later , workflow issue, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

 

BHOLD

Issue 1: issue with incompatible permissions

Issue 2 attribute based AuthZ issues

Issue 3: Acces management connector issue

Issue 4: error during BHOLD installl in IIS

Issue 5: user role permission issue with extraction

Issue 6: email alias truncated if longer than 30 char.

Last update: 2020-12-30

Note-to-self: Hotfix rollup package (build 4.3.2124.0) is available for #MIM2016

Source: https://support.microsoft.com/en-us/kb/3134725

Initially posted by Jeff Ingalls at the FIM 2010 FB group: https://www.facebook.com/groups/155109068156/10153501281698157/?notif_t=group_activity

Except for an important set of fixed, there are some very interesting features added to MIM 2016

MIM Synchronization Service

This update adds the ability to override the default Synchronization engine behavior of changing run profile GUID after export and import of the server configuration.

This update extends the functionality of the AD MA configuration cmdlets to be able to handle multiple partitions.

This update adds a new cmdlet Add-MIISADMARunProfileStep.

MIM Portal

This update adds the ability to fully customize the portal header.

Privileged Access Management (PAM)

Some group memberships may not be removed by the MIM component service after the PAM request expiration period. This hotfix addresses removal of expired group memberships.

Check it out in the detailed content of the KB article (https://support.microsoft.com/en-us/kb/3134725)

Last updated: 2020-12-30

Note-to-self: FIM/MIM hotfix download link failing

Some people reported that the download links to the recent hotfix failed…

The 4.3.2064.0 hotfix page is: https://support.microsoft.com/en-us/kb/3092179

MIMHotfixdownload

 

When you click the link, it forwards to

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=3092179&kbln=en-us (or similar language)

You need to accept the EULA. (After reading it ! 😉 )

accept eula

Next you need to select the hotfix (only one to select).

Fill in your email and you’ll get the download link.

request mim hotfi

The link you receive in the mail should look like…

Package:

———————————————————–

———————————————————–

KB Article Number(s): 3092179

Language: All (Global)

Platform: x64

Location: (/<blah>/http%3a%2f%2fhotfixv4.microsoft.com%2fMicrosoft%2520Identity%2520Manager%2flatest%2fKB3092179%2f4.3.2064.0%2ffree%2f488603_intl_x64_zip.exe/<blah/)

 

But when you click that link, in some cases the encoded URL seems to fail, where the spaces, slashes, dashes and underscores weren’t decoded correctly.

By clicking the link the %2520 code is not correctly translated to a space…

To solve this, copy the URL text and paste the URL in your favorite browser.

 

It should guide you to: http://hotfixv4.microsoft.com/Microsoft%20Identity%20Manager/latest/KB3092179/4.3.2064.0/free/488603_intl_x64_zip.exe

Be prepared, this hotfix takes 213 MB of your bandwidth and disk…

 

 

 

 

 

 

 

 

Hotfix rollup package (build 4.1.3671.0) for Forefront Identity Manager 2010 R2

Source: https://support.microsoft.com/en-us/kb/3092178

From the KB Article:

Issues that are fixed or features that are added in this update

This update also fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM add-ins and extensions

Issue 1

This hotfix addresses an issue in the password reset window that occurs on displays that have high DPI settings when the Windows display sizing of items is set to a custom size, such as 200% or more.

FIM Certificate Management

Issue 1

If you try to enroll a smart card that has the correct profile selected (and the correct adminKey), but the user PIN does not correspond to the smart card PIN policy, you receive the following error message:

The card cannot be accessed because the wrong PIN was presented.

 

FIM Synchronization Service

Issue 1

When you configure an ECMA2 run profile, you receive the following exception:

Value of ‘10’ is not a valid value

 

Issue 2

The Sync Engine reports a staging error during delta import when the Generic LDAP connector detects the renaming of the distinguished name for an object.

Issue 3

During the export run DN modification of a user, an object is deleted from a group membership in Oracle Directory Enterprise Edition (ODSEE) instead of changing the DN LDAP.

Issue 4

When you try to select an OU that contains more than 4,000 sub-OUs on the Directory Partitions tab, you receive the following error message:

The administrative size limit on the server was exceeded.

 

Issue 5

When you perform an Export, CS Search, or CS Deletion during ECMA2 Export Only, the MA displays the following error message:

The image or delta doesn’t have an anchor.

 

Issue 6

The Sync Service stops responding because of high CPU usage when you stop a run profile for the ECMA connector.

Issue 7

When you have characters in the SMTP address that are unsupported by Exchange Server, a GALSync Export operation stops, and you receive an ma-extension error. This triggers a provisioning loop that causes object duplication.

FIM Portal

Issue 1

This hotfix addresses an issue in the FIM Portal that affects sorting a customized list view that’s based on the columns specified in the ColumnsToDisplay field.

Issue 2

This hotfix updates HTML elements and attributes in the password registration portal and the FIM Portal.

Issue 3

The object picker does not search objects that contain special characters in their file names.

Issue 4

This hotfix updates the translation into Russian of the user interface strings that relate to “Password Reset AuthN Workflow” activity.

Issue 5

This hotfix addresses an issue that affects the Leave and Remove Member buttons when the group resource type is customized.

Issue 6

This hotfix adds a new search scope (All Groups) to enable searching for and joining groups if the user does not know whether the group is a security group or a distribution list.

FIM Service

Issue 1

This hotfix addresses an issue in which broker service conversations are not closed after an export from FIM Sync to the FIM Service database.

Issue 2

When there are too many negative conditions in the Group Criteria, the SQL & FIM service stop running.

Issue 3

SET filter definitions are unsuccessful during save after you upgrade to version 4.1.3634.0.

Issue 4

When you use the CustomExpression option, the Concatenate operator is replaced with the “+” character. This triggers an error when it saves.

Issue 5

This hotfix addresses an issue that affects FIM Service database stored procedures. Specifically, deadlocks might occur in approval workflows. This issue occurs particularly in deployments with complex or general Set definitions such as sets matching “/*” instead of with specific resource types.

BHOLD

Issue 1

There’s an inconsistency between the Permission name and the value if an attribute changes. After Export\Import\Export flow in FIM Sync, BHOLD receives duplicates of a renamed group and retains the original group in the database.”