Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2009-06-02) ILM RollUp Hotfix Packages

Posted by Jorge on 2009-06-02


The latest ILM RollUp Hotfix Package updates both MSDN and Enterprise versions of ILM. This is good because previous hotfixes only update Enterprise versions of ILM. When talking about ILM I mean ILM Provisioning/Synchronization Services (a.k.a. MIIS) AND ILM Certificate Management Services (a.k.a. CLM). Separate fixes are available for both as in reality they are still separate products that can interact with each other. When talking about the interaction between MIIS and CLM [1] a management agent is required to be installed on both the MIIS side and the CLM side. Additionally, configurations are required to provision CLM requests through MIIS. Examples are: configuring an MA, CLM config files, registry permissions, etc.

This is the part where it goes wrong. When Microsoft creates a new hotfix for ILM, for whatever reason they only create the hotfix for MIIS and CLM, and NOT for the MA components of CLM. Is that important, you may think? Heck, yes! Why? Because the CLM MA component on the MIIS side checks DLL versions when talking to CLM. Is version mismatches occur between those two, the CLM MA becomes usesless! Which of course sucks! The error you might see in the Application Event Log is similar to:

——————————————————–

The extensible extension returned an unsupported error in MIIS.

The stack trace is:

"Microsoft.MetadirectoryServices.ExtensibleExtensionException: Could not load file or assembly ‘Microsoft.Clm.Common, Version=3.3.1087.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35′ or one of its dependencies. The located assembly’s manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

Server stack trace:

   at ExtensibleWfMA.ClmMaProxy.GetConnectionStringFromClm()

   at ExtensibleWfMA.ClmMaProxy.GetConnectionString(String sqlUserName, String sqlPassword, Boolean sqlAuth, String miisSpecifiedConnectionString)

   at ExtensibleWfMA.ClmMaProxy.GetSqlDatabaseTimeStamp(String sqlUserName, String sqlPassword, Boolean sqlAuth, String miisSpecifiedConnectionString)

   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)

   at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)

   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:

   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

   at ExtensibleWfMA.ClmMaProxy.GetSqlDatabaseTimeStamp(String sqlUserName, String sqlPassword, Boolean sqlAuth, String miisSpecifiedConnectionString)

   at ExtensibleWfMA.ImportWF.beginImportCode_ExecuteCode(Object sender, EventArgs e)

   at ExtensibleWfMA.MACallExport.GenerateImportFile(String filename, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fullImport, TypeDescriptionCollection types, String& customData)

Microsoft Identity Integration Server 3.3.1101.2"

——————————————————–

So what can you do in the scenario where you are using MIIS, CLM and the CLM MA?

You can update MIIS with its hotfix counterpart, but not the CLM with its hotfix counterpart. Assuming you installed ILM from the ILM media with build 3.3.1087.2, after applying the hotfix for MIIS you would have build 3.3.1101.2 for MIIS and still keep CLM at build 3.3.1087.2 so that the CLM MA, which is build 3.3.1087.2, works with CLM.

Or try to contact PSS and specifically mention you want NEW installation media for ILM with the latest build. I have not tried this myself, but it is worth the try!

[1] Using these names as there are shorter, only MSFT employees must always use the new full marketing names J

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: