hotfix

New #FIM2010 R2 SP1 hotfix released to fully support Windows Server 2012 R2 ADDS (Build 4.1.3634.0)

Microsoft has released a very important hotfix for FIM2010 R2 SP1: full details at https://support.microsoft.com/kb/3048056. (FIM Build 4.1.3634.0)

As indicated in the article, Microsoft recommends that all customers apply this update to their production systems.

The most important fix in this hotfix is that FIM2010 R2 (SP1) now fully supports Windows Server 2012 R2 Active Directory Domain Services, both for domain and forest level.

Still an important condition for this support is that the FIM Synchronization Service must be installed only on

  • Windows Server 2008,
  • Windows Server 2008 R2,
  • or Windows Server 2012 member server.

FIM 2010 Server components must NOT be installed on a Windows Server 2012 R2 member server.

Only the PCNS component can be installed on a Windows Server 2012 R2 domain controller.

More information:

New Hotfix rollup (build 4.1.3627.0) is available for #FIM2010 R2 Service Pack 1

Source: http://support2.microsoft.com/kb/3022704

A hotfix rollup package (build 4.1.3627.0) is available for Microsoft Forefront Identity Manager (FIM) 2010 R2 Service Pack 1 (SP1).

The build number for BHOLD components that are included in this release is 5.0.2959.0. This hotfix rollup resolves some issues and adds some features that are described in the “More Information” section of the article.

New hotfix rollup released for #FIM2010 R2 (now build 4.1.3613.0)

Source: http://support2.microsoft.com/kb/3011057

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

BHOLD Attestation

Issue 1

  • Symptoms: When a steward is added to an in-progress campaign, the steward receives the “New entries for Steward” email.Changes after the fix: When a steward is added to an in-progress campaign, the steward receives the “Instance Start” email.

BHOLD Core

Issue 1

  • Symptoms: When a user has conflicting ABA roles, and the user’s “EndDate” field is changed through the BHOLD Core UI, the user may be assigned an incorrect role.Changes after the fix: Changing the user’s “EndDate” field does not affect any other ABA role attributes.

BHOLD Core and FIM provisioning

Issue 1

  • When you use the Access Management Connector, and an import is performed immediately following an export that caused ABA role membership changes, the import may indicate that users have fewer permissions than are assigned by either their previous or new role memberships.After you install this fix: If an import is performed immediately following an export that caused ABA role membership changes, the import indicates that users have the permissions assigned by either their previous or new role memberships. After queue processing is completed, the import indicates that users have the permissions that are assigned by their new role memberships.

Issue 2

  • In some deployments, deletion of multiple groups through the Access Management Connector is not successful if there are two or more pending exports. After you install the fix, the deletion of multiple groups through the Access Management Connector is successful.

Issue 3

  • In some deployments, export of changes through the Access Management Connector to OU objects that specify a new parent OU do not take effect.
  • After you install the fix: A Parent OU can be changed from root to any other OU through the Access Management Connector.

FIM Service and IdentityManagement Portal

Issue 1

    • Some text that is displayed in the FIM Portal and added to email templates always uses the English language. For example, this issue occurs in the Display Name of Approval objects.
    • After you install the fix: The string translation for objects that are created by the FIM Service in the FIM Service database is performed according to the FIM Service account locale that was in effect when the object was created. Note that this functionality is not affected by the client browser locale.
    • To change the language that is used for string translation to a setting other than English, log on to each computer where the FIM Service is installed as the FIM Service account, and then set the locale for this account through Control Panel.

Issue 2

  • Creating synchronization rules in the FIM IdentityManagement Portal fails to load connected system object types in the External System Resource Type drop-down list. This behavior may occur if the size of the connector instance definition (ma-data) is larger than the 14 MB default WCF message size limit in the ResourceManagementClient configuration. This size is configured by using the maxReceivedMessageSizeInBytes property of the ResourceManagementClient.

Before you apply this fix, maxReceivedMessageSizeInBytes values that are configured in the web.config for the IdentityManagement Portal are ignored in favor of the default setting. After you apply this fix, the maxReceivedMessageSizeInBytes setting is applied.

Note that this setting is case-sensitive.

For more information about this setting, go to the following Microsoft website: Registry keys and configuration file settings in FIM 2010 (http://technet.microsoft.com/en-us/library/ff800821(v=ws.10).aspx)

FIM Certificate Management

Issue 1

    • Online certificate updates are failing because of a constraint violation.

Issue 2

  • The FIM Certificate Management (CM) exit module does not honor the CT_FLAG_DONOTPERSISTINDB flag on a certificate. This may cause many certificates to be written to the FIM CM database. This, in turn, causes performance issues.
  • After you install this fix, the FIM CM exit module honors the CT_FLAG_DONOTPERSISTINDB flag on certificates, and those certificates are not written to the FIM CM database.

FIM Clients (Portal, Outlook, Windows logon)

Issue 1

  • After you install the FIM Windows logon extension, and then you (or a user) try to log on to the computer through a remote desktop, you must enter your credentials two times.
  • After you apply the fix, remote desktop logons work as expected.

Synchronization Service

Issue 1

    • The Synchronization Service crashes during an Export run profile run on a SQL Server management agent.

 Issue 2

    • When you run a Delta Import on the FIM Service management agent, the MIIServer.exe process terminates with a CLR_EXCEPTION_SYSTEM.APPDOMAINUNLOADEDEXCEPTION exception.
    • After you install this fix, the race condition that triggers this exception no longer occurs.

 Issue 3

  • If a synchronization rule uses the NULL() function in an incoming attribute flow rule, returning NULL() is seen as a value instead of being blank, and attribute precedence does not continue to the next precedent incoming attribute flow. After you apply this fix, attribute flow precedence on incoming attribute flow rules that use the NULL() function works as expected.

Password Change Notification Service (PCNS)

Issue 1

  • The following error message is logged:
  • 6914 The connection from a password notification source failed because it is not a Domain Controller service account.
  • After you install this fix, adding a backslash character to a domain name causes the function to return the domain controller Security Identifier (SID) instead of an empty user SID.

FULL Detail at: http://support2.microsoft.com/kb/3011057

Note-to-self: @JsQForKnowledge – FIM Portals Die After Installing Rollup Package (Build 4.1.3599.0)

Source: http://jorgequestforknowledge.wordpress.com/2014/09/27/fim-portals-die-after-installing-rollup-package-build-4-1-3599-0-for-fim-2010-r2/

@JsQForKnowledge (aka Jorge de Almeida Pinto) posted an interesting fix on his blog to get FIM 2010 R2 back up and running after the 3599 fix broke the portal.

A hotfix rollup package (build 4.1.3496.0) is available for Forefront Identity Manager 2010 R2 (#FIM2010)

If you have seen the announcement of the three newly released Connectors for FIM2010R2, there is some more news in the technet documentation…

The Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference requires FIM 2010 R2 hotfix 4.1.3493.0 or later (2906832).

That requirement refers to a new KB article, announcing FIM Hotfix build 4.1.3496.0:  http://support.microsoft.com/kb/2906832

Update rollup 2 for FIM 2010 has been published

Source: Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010

Update Rollup 2 (build 4.0.3606.2) is available for Microsoft Forefront Identity Manager (FIM) 2010.
This hotfix package resolves several issues and adds several features that are described in the “More Information” section of the release note.
Additionally, this update contains all servicing fixes that were made since the release of FIM 2010.

One of the important ‘fixes’ is the recall of an earlier fix: the change in the previous hotfix release that treated SQL wildcard characters as literals

This fix also adds support for the new Extensible Connectivity Management Agent 2.0 (ECMA 2) framework.

For more detailed information of this release, please check http://support.microsoft.com/kb/2635086.