Article ID: 925709
Article Last Modified on 11/15/2007
APPLIES TO
- Microsoft Identity Integration Server 2003 Enterprise Edition
SYMPTOMS
When Microsoft Identity Integration Server 2003 (MIIS 2003) exports the group member information from multiple Lotus Notes Release 4.6 or 5.0 address book files, MIIS 2003 removes some members from the membership list of the Lotus Notes Release 4.6 or 5.0 group.
CAUSE
This problem occurs because the distinguished names of the reference attributes contain an incorrect NAB= suffix.
Note The distinguished names of the reference attributes are imported by the management agent for Lotus Notes Release 4.6 or 5.0.
RESOLUTION
To resolve this problem, follow these steps:
- Back up the MIIS 2003 database.
- Back up the MIIS 2003 encryption key .bin file.
Note You can export this encryption key by using the Microsoft Identity Integration Server Key Management Utility (Microsoft Identity Integration ServerKmu.exe). - Apply the hotfix that is described in this article.
- Re-create the existing management agents for Lotus Notes Release 4.6 or 5.0.
For more information about how to build a new management agent to replace an existing management agent, click the following article number to view the article in the Microsoft Knowledge Base:827117 How to build a new management agent to replace an existing management agent
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Prerequisites
When you apply this hotfix, you are prompted for the MIIS 2003 installation media. Depending on how you originally installed MIIS 2003, insert the media in the CD drive or in the DVD drive, or specify a share location. To apply this hotfix, the currently logged-on user account must have the same Microsoft SQL Server credentials as the account that was used to install the release version of MIIS 2003. Before you apply this hotfix to the production environment, test this hotfix in a quality assurance (QA) lab. Additionally, back up the MIIS 2003 SQL Server database, and verify that you can fully recover the data from the backup version if this hotfix does not apply correctly.
Restart requirement
Typically, you do not have to restart the computer after you apply this hotfix. However, the installer can determine whether you must restart the computer. If you must restart the computer, you are prompted to restart the computer. Frequently, you must restart the computer because the installer tries to install a file that the computer is currently running.
Hotfix replacement information
This hotfix replaces MIIS 2003 cumulative hotfix build 3.0.1046.0.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
| File name | File version | File size | Date | Time | Platform |
|---|---|---|---|---|---|
| Notessvc.dll | 3.1.1049.0 | 175,104 | 15-Sep-2006 | 10:11 | x86 |
| Mmsmaln.dll | 3.1.1049.0 | 128,000 | 15-Sep-2006 | 10:11 | x86 |
| NotesMaPropertyPages.dll | 3.1.1049.0 | 114,688 | 15-Sep-2006 | 10:11 | x86 |
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
When the management agent for Lotus Notes Release 4.6 or 5.0 imports the reference attribute of the reference objects from Lotus Notes Release 4.6 or 5.0, the management agent for Lotus Notes Release 4.6 or 5.0 always assumes that the reference objects exist in one address book. For example, the management agent for Lotus Notes Release 4.6 or 5.0 imports the group members attribute, the manager attribute, or the owner attribute. The management agent for Lotus Notes Release 4.6 or 5.0 imports the distinguished name of the reference attribute from the NAB= suffix of that address book. However, if the management agent for Lotus Notes Release 4.6 or 5.0 imports the reference attributes from multiple address books, the distinguished names of the reference attributes may have an incorrect NAB= suffix. Therefore, the reference attributes can never resolve to the corresponding reference objects.
For example, you have domain1 and domain2. In the Names1.nsf address book file, group1 may have members from any of the other address book files. When you examine the Names1.nsf file in domain2, you may find that group1 has members that are named user2\domain2 and user1\domain1. User1 is actually listed in the Names2.nsf file. Then, user1 can successfully resolve to domain1 in Lotus Notes Release 4.6 or 5.0 because Lotus Notes Release 4.6 or 5.0 searches for user1 in all the address books in the search list. However, MIIS 2003 sets the following group1 membership list when MIIS 2003 imports user1 and user2 in the directory list from the Names1.nsf file.
- CN=USER2\OU=DOMAIN2,NAB=names1.nsf - CN=USER1\OU=DOMAIN1,NAB=names1.nsf
This behavior causes MIIS 2003 not to maintain the reference object because user1\domain1 actually exists in the Names2.nsf file. Therefore, user1\domain1 is dropped from the group1 membership list. When you export the group1 membership list back to Lotus Notes Release 4.6 or 5.0, user1\domain1 is removed from group.
After you apply this hotfix, the distinguished names of the reference attributes do not contain the NAB= suffix in the Connector Space of the management agent for Lotus Notes Release 4.6 or 5.0. Therefore, all the distinguished names of the reference attributes correctly resolve to the corresponding reference objects.
MIIS 2003 hotfix packages are cumulative. This hotfix is build 3.0.1049.0. Every hotfix build contains the hotfixes that are included with the earlier builds. For example, build 3.1.1046.0 includes the hotfixes that are included in the following builds:
- 3.1.1042.0
- 3.1.1036.0
- 3.1.1030.0
- 3.1.1026.0
- 3.1.1020.0
- 3.1.1016.0
- MIIS 2003 Service Pack 1 (build 3.1.287.0)
This hotfix is a cumulative build of all previous hotfixes.
For more information about how to obtain the latest MIIS 2003 cumulative hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
842531 How to obtain the latest Microsoft Identity Integration Services 2003 cumulative hotfix package
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Additional query words: Notes MA reference attributes address books NAB members MIIS Identity Notes LN Lotus Notes IdM Group Member Address Book NSF
Keywords: kbfix kbbug kbhotfixserver kbqfe KB925709
