New hotfix rollup package (build 4.3.2266.0) is available for #MIM2016

Source: https://support.microsoft.com/en-us/kb/3171342

Quick overview below, full detail in KB article referenced.

Issues that are fixed and features that are added in this update

This update fixes the following issues and adds the following features that were not previously documented in the Microsoft Knowledge Base.

Privileged Access Management (PAM)

Issue 1: PAM monitor service error with PRIV only PAM USER

 

FIM add-ins and extensions

Issue 1: SSPR windows clients with high DPI have incorrect scaling of the final page

Issue 2: SSPR Windows client text message overlap

 

FIM Certificate Management

Issue 1: <span “text-base”=””>ExecuteOperations.Disable operation issue

Issue 2: Smart Card search issue

Issue 3: Profile summary issue

Issue 4: Duplicate revocation settings policy issue

Issue 5: Certificae Management portal issue with LDAP CN name

Issue 6: misplaced link in Certificate Management portal for certain languages

 

FIM Synchronization Service

Issue 1: MA config wizard issue

Issue 2: error messages logged in Event Viewer + Perf counter issue

Issue 3: Issue with Full sync vs Equal precedence

Issue 4: ECMA2 issue with incorrect page size

Issue 5 :error message from the Management Agent cannot be parsed if it contains some special symbols

Issue 6″Reference to undeclared entity ‘qt'” error message

Issue 7: <span “text-base”=””>New Functionality:/span> The ability to skip the Management Agent during the import of a server configuration is added.

Issue 8: A “MEMORY_ALLOCATION_FAILURE” error occurs in the Performance Monitoring tool.

 

FIM Portal

Issue 1: incorrect display of multivalue labels

Issue 2: RCDC update XML format not verified

Issue 3: cannot drag and drop user to remove box

Issue 4: Local date and time issue

Issue 5 RCDC additional attributed included

 

 

FIM Service

Issue 1: SharePoint Server 2013 and later , workflow issue, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

 

BHOLD

Issue 1: issue with incompatible permissions

Issue 2 attribute based AuthZ issues

Issue 3: Acces management connector issue

Issue 4: error during BHOLD installl in IIS

Issue 5: user role permission issue with extraction

Issue 6: email alias truncated if longer than 30 char.

Last update: 2020-12-30

Note-to-self: Sharepoint maintenance for FIMsters (#FIM2010 running out of disk space?)

When you’re taking care of your FIM Server, more specific the FIM Portal server running Sharepoint, you might encounter some events in the event viewer, where Sharepoint is complaining about the lack of disk space.

But it’s very likely that you have plenty of disk space …

If you don’t have plenty of disk space, (*) then stop reading and fix it, bookmark this page and come back.

 

So, you have plenty of diskspace…
Then it’s very likely you have enough memory in your system to run your FIM Server smoothly… (if not go back 2 lines, and execute *)

Now, plenty of memory and plenty of disk is the problem.

By default Sharepoint runs the health analyser and has gotten 2 rules that compare the amount of memory against the amount of free space.

See here for more explanation: Drives are running out of free space (SharePoint Foundation 2010)
“This rule checks disk space as a proportion of the RAM on the computer. When disk space is less than twice the RAM on the computer, the health rule triggers an error. When disk space is less than five times the RAM on the computer, the health rule triggers a warning. Accordingly, server computers with lots of RAM are more likely to experience a failure of this rule.”

So if you have a huge amount of memory, this rule can easily fill up your application event error log in your event viewer.

What can you do about it?

First of all, there are more and other rules, tools and checks that will warn you if you REALLY have a disk issue:

• the operating system will warn you if your hard drive is going below the usual free space thresholds
• Better make sure you’ve got a system monitoring active (like System Center Operations Manager)
• There are additional health rules in SharePoint that monitor the disk for % of free space

Secondly, you can disable the redundant error messages by the SharePoint Health Analyser.
Check out this post:
“SBS2011: The SharePoint Health Analyzer detected an error. Drives are running out of free space. Available drive space is less than twice the value of physical memory. [Solved]
http://www.vspbreda.nl/nl/2013/11/sbs2011-the-sharepoint-health-analyzer-detected-an-error-drives-are-running-out-of-free-space-available-drive-space-is-less-than-twice-the-value-of-physical-memory-solved/

Although the post is focusing on SBS2011, it does also apply to SharePoint Server 2010 (Foundation).

The post provides a step by step guide to disable the 2 disk analysis jobs:

• Disks are at risk of running out of free space. (free disk space < 5x your server’s RAM)
• Disk are running out of free space (free space < 2x your server RAM)

 

For WSS and SharePoint 2007, it’s slightly different, check this out:

http://blogs.microsoft.nl/blogs/premierfieldengineering/archive/2009/05/09/timer-jobs-in-sharepoint-2007.aspx

And also: SharePoint Timer job reference (Office SharePoint Server) at http://technet.microsoft.com/en-us/library/cc678870(v=office.12).aspx#section1

#FIM 2010 Quicktip: Troubleshooting the FIM 2010 portal loading a blank page

Working on a case where a FIM configuration has moved from development to production.
The customer’s production environment is a highly secured environment with a server security lockdown. The customer is using a custom tool for server profiling and local security lockdown.

After installing and configuring FIM, the FIM portal was loading blank.

 

The Application Pool account had changed. When adding the Application pool account to the local administrators group, the portal loaded again…

So we needed to investigate what was going wrong.

Some references we got from our Sharepoint colleagues…

Plan for administrative and service accounts (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx

How to change service accounts and service account passwords in SharePoint Server 2007 and Windows SharePoint Services 3.0
http://support.microsoft.com/kb/934838/en-us.

They also advised to run a security reset on the SharePoint portal, see: Command-line reference for the SharePoint Products and Technologies Configuration Wizard (Office SharePoint Server)http://technet.microsoft.com/en-us/library/cc263093(v=office.12).aspx

secureresources

Performs SharePoint Products and Technologies resource security enforcement on the server. For example, security is enforced on files, folders, and registry keys. Example psconfig.exe -cmd secureresources

Although very useful to reset the security, it didn’t change the behaviour on the portal (still loading blank page).

Using procmon (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx), we found out that we had quite some errors.
Just a hint: exclude ‘success’ messages and filter on the targeted application pool account.

We first checked the default WSS group memberships for the AppPoolAccount.

For reference: http://technet.microsoft.com/en-us/library/cc678863(v=office.15).aspx

 

Just to double check, during troubleshooting we removed the WSS_WPG group from the FIM Portal application pool (default Sharepoint Application pool).

This is the result:

HTTP Error 500.19 – Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.

So that made the situation even worse.

Back to the procmon results, as procmon threw errors on the impersonation of the application pool account we checked the local security policy. And the AppPool account appeared to be removed from the setting or was not member of the groups referenced in the setting.

Solution:

Do not make the Application pool account member of the local admins.

Make sure the Application Pool account has the “Impersonate a client after authentication” right in the local Security Policy.

 

Need more information? Check these articles …

Account permissions and security settings in SharePoint 2013
http://technet.microsoft.com/en-us/library/cc678863(v=office.15).aspx)

Plan for administrative and service accounts (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx