Article ID: 884192
Article Last Modified on 5/21/2007
APPLIES TO
- Identity Integration Feature Pack for Microsoft Windows Server Active Directory
SUMMARY
Microsoft has released a cumulative hotfix package for Microsoft Identity Integration Feature Pack (IIFP). This article describes the following items about this hotfix package:
Issues that this hotfix package fixes
How to download the latest cumulative hotfix package
Prerequisites for applying this hotfix package
Whether you must restart your computer after you apply this hotfix package
The hotfix packages that this hotfix package replaces
INTRODUCTION
This article describes the Microsoft Identity Integration Feature Pack (IIFP) issues that are fixed in the latest IIFP hotfix rollup package. IIFP hotfix rollup packages are cumulative. Each build contains the hotfixes that are included with the earlier build. For example, build 3.1.1046 includes the hotfixes that are included with builds 3.1.1042, 3.1.1036, 3.1.1.1030, 3.1.1026, 3.1.1020, 3.1.1016, and with release Service Pack 1 (SP1) (build 3.1.287.0).
Issues that the build 3.1.1046 hotfix package fixes
- The CSEntry.ConnectionRule property may return "Unknown" or an error when it is referenced in the metaverse deletion rules or in the IMVSynchronization.ShouldDeleteFromMV method. This fix allows the CSEntry.ConnectionRule property to be called successfully from the ShouldDeleteFromMV method.
Issues that the build 3.1.1042 hotfix package fixes
The MIIS Key Management Utility (Miiskmu.exe) crashes on startup and generates the following event message:
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 12/27/2005
Time: 11:59:44 AM
User: N/A
Computer: MIIS
Description: Application popup: miiskmu.exe - Common Language Runtime Debugging Services : Application has generated an exception that could not be handled.
Process id=0x8fc (2300), Thread id=0xf74 (3956).This issue may occur if some applications, such as antivirus software, are running. This fix corrects the issue and prevents the MIIS Key Management Utility from crashing.
- When a run profile has multiple steps, and each step has thousands of objects, the run histories take a long time to clear. This fix optimizes the "clear run history" query. Our testing has shown that this fix significantly improves performance.
- When a Microsoft Active Directory Management Agent (ADMA) is configured to use partition-specific credentials, MIIS does not correctly parse and use the specified credentials when MIIS tries to contact a domain controller. In this configuration, when Microsoft Windows Management Instrumentation (WMI) makes a call to retrieve connector space object information by Account and by Domain, the lookup fails and not all WMI information is correctly filled in. This fix makes sure that MIIS uses the correct set of credentials for the partition.
Issues that the build 3.1.1036 hotfix package fixes
- The following error message is logged on the MIIS server when MIIS processes a password change notification:
This problem occurs when IIFP receives the new password. IIFP tries to look up the partition of the user object. However, the lookup operation fails. This problem typically occurs when placeholder objects appear in the connector space. These placeholder objects have the same anchor value as an incoming user object. This behavior causes MIIS to try to retrieve the domain context for the placeholder object. Therefore, MIIS returns the "Partition is NULL" error message.
Note Placeholder objects are special objects that IIFP uses only to reference other objects that IIFP will not own. You cannot use placeholder objects to synchronize password values.
This fix resolves this problem by causing MIIS to ignore the placeholder objects when MIIS processes password notifications.
- When you synchronize MIIS objects into the metaverse, an unexpected error message can be generated for an object during synchronization of the management agent. This problem may occur if a metaverse single-valued attribute lineage is present in the SQL Server database and the corresponding value column is set to a NULL value. When this problem occurs, the event log message may be different. However, the unexpected error message data will be similar to the following: After you apply this fix, the synchronization process will ignore the NULL attribute value until the import attribute flow tries to set that attribute. This behavior lets the synchronization process complete without generating an unexpected error message.
- MIIS may unexpectedly quit and may throw an application error message. This problem may occur if rules extensions try to access the LastContributingMA property and the management agent that is being accessed no longer exists in the system. When this problem occurs, the following error message may be logged in the Application log:
After you apply this fix, MIIS will not quit. However, because the operation is not valid, you receive the following error message:
Issues that the build 3.1.1030 hotfix package fixes
- This fix extends the SetPassword WMI interface to accept the following two optional flags:
- boolean ForceChangeAtLogon
- boolean UnlockAccount
- The MIIS server would incorrectly report a "stopped-out-of-memory" error if a management agent was configured to use a join rule that referenced a multi-valued metaverse attribute that contained hyphens in its name. With this fix, the MIIS server will now function correctly when it searches the metaverse using attributes that have hyphenated names.
Issues that the build 3.1.1026 hotfix package fixes
- The installation of MIIS now supports Microsoft SQL Server Service Pack 4 (SP4). Before this hotfix, the installation of later hotfixes or of the full version of MIIS was not successful, and you received the following error message: If you are installing MIIS for the first time by using SQL Server 2000 SP4, you must install a full version of MIIS SP1 with this hotfix. We are updating all the appropriate channels. If you have problems obtaining a full version through those channels, contact Microsoft Product Support Services for help.
Issues that the build 3.1.1020 hotfix package fixes
- When you are running a management agent (MA) in synchronization mode and you are processing group objects, you unexpectedly receive the following error message on a group object in the MIIS statistics pane:
Additionally, the following error messages will be displayed in the application event log on the MIIS server:
This problem occurs because reference attributes and renaming those reference attributes is mishandled. This hotfix improves this rename operation and helps avoid these error messages. - Before this hotfix, the account joiner did not let you create "match" filters where both the CS and the MV attributes were multivalued. The account joiner did let you create filters where only one of the attributes was multivalued. After you apply this hotfix, combinations of attribute mappings that are based on multivalues versus single values are not blocked. However, some combinations are still blocked based on attribute type. Instead, a check is performed when you apply the filter and an error is reported if the CS attribute has more than one value. You experience the following behavior:
- Multivalued CS to Single-valued MV
If the CS attribute has more than one value, an error is reported. Otherwise, behavior is the same as the single-valued CS to single-valued MV case. - Multivalued CS to Multivalued MV
If the CS attribute has more than one value, an error is reported. Otherwise, behavior is the same as the single-valued CS to multivalued MV case.
- Multivalued CS to Single-valued MV
- This hotfix corrects an issue in multiple MA types. This issue occurs when you select objects to process in the connected directory. The new selections may unintentionally cancel the objects that you had previously included.
- If "Full import" finishes with the status "completed-discovery-errors", a subsequent "Delta import" will stop with the status "No-start-full-import-required". This means that a delta import will not run until a "Full import" can run without generating this error message. This problem is caused by problems in the DN caching. This hotfix resolves the problem of a full import being required in this scenario.
Issues the build 3.1.1016 hotfix package fixes
- This fix enables certain distinguished name changes in imported objects to continue without error. Previously, some distinguished name changes failed, and you received the following error message:
- This fix corrects an issue in multiple management agent (MA) types. The issue occurred when selecting objects to process in the connected directory. The new selections could unintentionally cancel previously selected objects.
- This fix expands the list of search operators that available for Boolean attributes. This list now includes the following:
- Is present
- Is not present
- Is true
- Is false
- This fix increased performance when large subtrees are deleted in the connector space.
- This fix corrects a problem where you could not back up the system state when Password Change Notification Service (PCNS) is installed on a domain controller (DC).
For additional information about the contents of the IIFP 1a release, visit the following Web site:
MORE INFORMATION
Download information
To obtain the hotfix package, visit the following Microsoft Download Center Web site:
Release Date: March 17, 2006
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Note To verify that this hotfix package has been applied correctly, click Help, and then click About in IIFP. If this hotfix package has been applied correctly, the version number is 3.1.1042.0.
Prerequisites
When you apply this hotfix package, you are prompted for your IIFP 2003 installation media. Depending on how you originally installed IIFP 2003, insert the media in the See Comment or in the DVD drive, or specify a share location.
To apply this hotfix package, the currently logged-on user account must have the same SQL Server credentials as the account that was used to install the release version of IIFP 2003. Before you apply this hotfix package to your production environment, test this hotfix package in a Quality Assurance (QA) lab. Additionally, back up the IIFP 2003 SQL Server database and verify that you can fully recover your data from the backup version if this hotfix package does not apply correctly.
Restart information
Typically, you do not have to restart the server after you apply this hotfix package. However, the installer can determine whether you must restart the computer. If you must restart the computer, you are prompted to restart the computer. Frequently, you must restart the computer because the installer is trying to install a file that the computer is currently running.
Hotfix replacement information
This hotfix package replaces the following IIFP 2003 cumulative hotfix build:
- SP1 (3.1.1036.0)
REFERENCES
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Keywords: kbqfe kbbug kbfix kbidintactdirpresp1fix KB884192