Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-06-22) A Hotfix Rollup Package (Build 4.1.3510.0) Is Available for Forefront Identity Manager 2010 R2

Posted by Jorge on 2014-06-22


Microsoft released a new hotfix for FIM 2010 R2 with build 4.1.3510.0. What it fixes can be found in this blog post. For additional or detailed info see MS-KBQ2934816

Download link

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM Service and Portal

Issue 1

If a FIMService instance loses connection to the FIMService database, it can may stop processing FIM Service MA export requests. This results in failed FIM Service MA exports with a run status of "stopped-server." Additionally, the following exception is logged in the Forefront Identity Manager event log:

System.Data: System.InvalidOperationException: The requested operation cannot be completed because the connection has been broken.

Issue 2

You use a multivalue attribute in a dynamic set. This dynamic set is used in a Transition Out management policy rule. If two or more elements are removed from the attribute in a single request, and if of the elements triggers the Transition-Out MPR, the request fails, and you receive the following exception:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other —> System.Data.SqlClient.SqlException: Reraised Error 2627, Level 14, State 1, Procedure DoEvaluateRequestInner, Line 1073, Message: Violation of PRIMARY KEY constraint ‘PK__#1B54B73__5330D0771D3CFFB1’. Cannot insert duplicate key in object ‘dbo.@transitionOutApplicableRuleBuffer’.

Issue 3

When an export run in the FIM Service MA includes updates to the Filter attribute of multiple dynamic groups, a "failed-modification-via-web-services" exception can be returned. When you review the details of the exception that is returned, you see that an SQL Deadlock occurred.

FIM Synchronization Service

Issue 1

In the Active Directory management agent, changes to a multivalue attribute such as proxyAddresses are not synchronized to the metaverse in the following scenario:

  • A change to proxyAddresses is exported to the Active Directory for User1.
  • A second change is made to proxyAddresses outside the synchronization service.
  • A Delta Import run profile is run to confirm the exported changes.

Issue 2

If an exception is thrown by the management agent’s password extension during password synchronization, the password interface at which the exception was thrown is discarded. This can cause high processor usage on the computer that is hosting the FIM Synchronization Service when the computer processes password synchronization to multiple management agents.
After you apply this update, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface. This enables the interface to be reused for another password operation to the connected data source.

BHOLD

Issue 1
If a regular expression policy rule is applied for an ABA role, all applied ABA roles are stuck in the pending state for the users and are never assigned.

Issue 2

If a user has an ABA role, and if you try to change a user attribute that is not related to the ABA role, all ABA roles are again marked for policy validation. Additionally, assigned permissions are removed and assigned back.

Issue 3

When you have more than 500 permissions in BHOLD and search permissions on the Supervised Permissions tab of Default Supervisor Role, no results are returned, and you are returned to the previous page.

Issue 4

When you configure an attribute-based role assignment for a role and then you try to click the Show Impact link in the policies section of a role, you receive the following error message:

Object reference not set to an instance of an object

Issue 5

The SP1 build does not let you re-create a permission that was removed from BHOLD earlier.

Issue 6

When you try to change and save a user without changing the end date, you receive the following error message:

Invalid date format

Issue 7

When you try to move an organization unit in the BHOLD Core Portal, you receive the following warning message:

Session ID missing: The Session ID is not found in URL. You can continue working using the menu at the left

Issue 8

The "User by Role" report cannot be generated after the limit of 50,000 users is reached. Additionally, you receive an "Out of memory" exception.

Issue 9

In the BHOLD Self-Service Portal, the role information screen under the Role Requests-Current Roles tab displays no role descriptions or permission details.

Issue 10

When you log on as a typical end-user in the BHOLD Service Portal, the "My Roles" screen is displayed as an empty page even though the user is assigned with both "active" and "proposed" roles.

Issue 11

The BHOLD – Access Management agent cannot perform full imports because of an SQL time-out issue that occurs when there is a load of more than 50,000 to 100,000 users.

Issue 12

BHOLD cannot add permissions to a user by using the BHOLD Connector after these permissions are denied.

Issue 13

When a steward in the BHOLD Attestation portal has multiple resources to attest and is working on approving or denying permissions for one user, other permissions for a different user are changed in the user interface.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: