Microsoft KB Archive/884192

From BetaArchive Wiki

Article ID: 884192

Article Last Modified on 5/21/2007



APPLIES TO

  • Identity Integration Feature Pack for Microsoft Windows Server Active Directory




SUMMARY

Microsoft has released a cumulative hotfix package for Microsoft Identity Integration Feature Pack (IIFP). This article describes the following items about this hotfix package:


  • Issues that this hotfix package fixes

  • How to download the latest cumulative hotfix package

  • Prerequisites for applying this hotfix package

  • Whether you must restart your computer after you apply this hotfix package

  • The hotfix packages that this hotfix package replaces


INTRODUCTION

This article describes the Microsoft Identity Integration Feature Pack (IIFP) issues that are fixed in the latest IIFP hotfix rollup package. IIFP hotfix rollup packages are cumulative. Each build contains the hotfixes that are included with the earlier build. For example, build 3.1.1046 includes the hotfixes that are included with builds 3.1.1042, 3.1.1036, 3.1.1.1030, 3.1.1026, 3.1.1020, 3.1.1016, and with release Service Pack 1 (SP1) (build 3.1.287.0).

Issues that the build 3.1.1046 hotfix package fixes

  • The CSEntry.ConnectionRule property may return "Unknown" or an error when it is referenced in the metaverse deletion rules or in the IMVSynchronization.ShouldDeleteFromMV method. This fix allows the CSEntry.ConnectionRule property to be called successfully from the ShouldDeleteFromMV method.

Issues that the build 3.1.1042 hotfix package fixes

  • The MIIS Key Management Utility (Miiskmu.exe) crashes on startup and generates the following event message:

    Event Type: Information
    Event Source: Application Popup
    Event Category: None
    Event ID: 26
    Date: 12/27/2005
    Time: 11:59:44 AM
    User: N/A
    Computer: MIIS
    Description: Application popup: miiskmu.exe - Common Language Runtime Debugging Services : Application has generated an exception that could not be handled.
    Process id=0x8fc (2300), Thread id=0xf74 (3956).

    This issue may occur if some applications, such as antivirus software, are running. This fix corrects the issue and prevents the MIIS Key Management Utility from crashing.

  • When a run profile has multiple steps, and each step has thousands of objects, the run histories take a long time to clear. This fix optimizes the "clear run history" query. Our testing has shown that this fix significantly improves performance.
  • When a Microsoft Active Directory Management Agent (ADMA) is configured to use partition-specific credentials, MIIS does not correctly parse and use the specified credentials when MIIS tries to contact a domain controller. In this configuration, when Microsoft Windows Management Instrumentation (WMI) makes a call to retrieve connector space object information by Account and by Domain, the lookup fails and not all WMI information is correctly filled in. This fix makes sure that MIIS uses the correct set of credentials for the partition.

Issues that the build 3.1.1036 hotfix package fixes

  • The following error message is logged on the MIIS server when MIIS processes a password change notification:

    Event Type: Error
    Event Source: MIIServer
    Event Category: Server
    Event ID: 6900
    Date: Date
    Time: Time
    User: N/A
    Computer: MIISServer
    Description:
    The server encountered an unexpected error while processing a password change notification:
    "BAIL: MMS(5396): pcnsmiis.cpp(75): 0x80004005 (Unspecified error)
    BAIL: MMS(5396): pcnslistener.cpp(992): 0x80004005 (Unspecified error)
    ERR: MMS(5396): server.cpp(9195): Partition is NULL
    BAIL: MMS(5396): server.cpp(9090): 0x80004005 (Unspecified error)

    This problem occurs when IIFP receives the new password. IIFP tries to look up the partition of the user object. However, the lookup operation fails. This problem typically occurs when placeholder objects appear in the connector space. These placeholder objects have the same anchor value as an incoming user object. This behavior causes MIIS to try to retrieve the domain context for the placeholder object. Therefore, MIIS returns the "Partition is NULL" error message.

    This fix resolves this problem by causing MIIS to ignore the placeholder objects when MIIS processes password notifications.

    Note Placeholder objects are special objects that IIFP uses only to reference other objects that IIFP will not own. You cannot use placeholder objects to synchronize password values.
  • When you synchronize MIIS objects into the metaverse, an unexpected error message can be generated for an object during synchronization of the management agent. This problem may occur if a metaverse single-valued attribute lineage is present in the SQL Server database and the corresponding value column is set to a NULL value. When this problem occurs, the event log message may be different. However, the unexpected error message data will be similar to the following:

    The server encountered an unexpected error in the synchronization engine:
    "ERR: MMS(2672): mvsqlsingle.cpp(1255): We should have an ATYPE configured for this attribute: singleValueAttribute
    BAIL: MMS(2672): mvsqlsingle.cpp(1256): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): mvsqlsingle.cpp(883): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): mvobj.cpp(227): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): nsmvimp.cpp(232): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): csobj.cpp(2182): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): synccore.cpp(555): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): synccoreimp.cpp(118): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): synccoreimp.cpp(5816): 0x80230406 (An error has occurred at the store)
    BAIL: MMS(2672): synccoreimp.cpp(2237): 0x80230406 (An error has occurred at the store)
    ERR: MMS(2672): synccoreimp.cpp(2253): 0x80230406 - CS to MV to CS synchronization failed 0x80230406: [00103313]
    BAIL: MMS(2672): synccoreimp.cpp(2089): 0x80230406 (An error has occurred at the store)
    ERR: MMS(2672): syncmonitor.cpp(2497): SE: Rollback SQL transaction for: 0x80230406

    After you apply this fix, the synchronization process will ignore the NULL attribute value until the import attribute flow tries to set that attribute. This behavior lets the synchronization process complete without generating an unexpected error message.
  • MIIS may unexpectedly quit and may throw an application error message. This problem may occur if rules extensions try to access the LastContributingMA property and the management agent that is being accessed no longer exists in the system. When this problem occurs, the following error message may be logged in the Application log:

    Event Type: Error
    Event Source: Application
    Error Event Category: (100)
    Event ID: 1000
    Date: 8/24/2005
    Time: 5:56:04 PM
    User: N/A
    Computer: MIISServer
    Description: Faulting application miiserver.exe, version 3.1.1026.0, faulting module miiserver.exe, version 3.1.1026.0, fault address 0x00115276.

    After you apply this fix, MIIS will not quit. However, because the operation is not valid, you receive the following error message:

    System.InvalidOperationException: The newest value was contributed by a management agent that has been deleted.

Issues that the build 3.1.1030 hotfix package fixes

  • This fix extends the SetPassword WMI interface to accept the following two optional flags:
    • boolean ForceChangeAtLogon
    • boolean UnlockAccount
    The first flag requires that the user to change the password at the next logon. The second flag unlocks the account if the account is locked. If the flags are not specified, they use False, which is the current behavior. These changes affect only the Active Directory Management Agent (ADMA). If any one of these flags are used for other Management Agents an option-not-supported is returned by Windows Management Instrumentation (WMI).
  • The MIIS server would incorrectly report a "stopped-out-of-memory" error if a management agent was configured to use a join rule that referenced a multi-valued metaverse attribute that contained hyphens in its name. With this fix, the MIIS server will now function correctly when it searches the metaverse using attributes that have hyphenated names.

Issues that the build 3.1.1026 hotfix package fixes

  • The installation of MIIS now supports Microsoft SQL Server Service Pack 4 (SP4). Before this hotfix, the installation of later hotfixes or of the full version of MIIS was not successful, and you received the following error message:

    Microsoft Identity Integration Server (SP1) requires a running instance of Microsoft SQL Server with Service Pack 3 (8.00.760) or later. Install the correct SQL server version or service pack and make sure the service is running before installing Microsoft Identity Integration Server SP1.

    If you are installing MIIS for the first time by using SQL Server 2000 SP4, you must install a full version of MIIS SP1 with this hotfix. We are updating all the appropriate channels. If you have problems obtaining a full version through those channels, contact Microsoft Product Support Services for help.

Issues that the build 3.1.1020 hotfix package fixes

  • When you are running a management agent (MA) in synchronization mode and you are processing group objects, you unexpectedly receive the following error message on a group object in the MIIS statistics pane:

    Unexpected Error

    Additionally, the following error messages will be displayed in the application event log on the MIIS server:

    Event Type: Error
    Event Source: MIIServer
    Event Category:
    Server Event ID: 6312
    Date: 07/02/2005
    Time: 00:01:50
    User: N/A
    Computer: MIISSRV1
    Description: The server encountered an unexpected error while performing an operation for a rules extension.
    "BAIL: MMS(2760): tripleholo.cpp(7691): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): tripleholo.cpp(7201): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): tower.cpp(5644): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): csobj.cpp(4003): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): csobj.cpp(1461): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): nscsimp.cpp(4509): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): mvobj.cpp(1385): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): scriptmanagerimpl.cpp(4256): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): scriptmanagerimpl.cpp(4218): 0x80004005 (Unspecified error)
    BAIL: MMS(2760): scripthost.cpp(3061): 0x80004005 (Unspecified error)

    Event Type: Error
    Event Source: MIIServer
    Event Category: Server
    Event ID: 6301
    Date: 07/02/2005
    Time: 00:01:50
    User: N/A
    Computer: MIISSRV1
    Description: The server encountered an unexpected error in the synchronization engine:
    "BAIL: MMS(2760): scripthost.cpp(11413): 0x80230703 (The extension threw an exception.) Microsoft.MetadirectoryServices.Impl.InternalError: 0x80004005 at Microsoft.MetadirectoryServices.Impl.ScriptHost.ThrowExceptionFromHRESULT(Int32 hr) at Microsoft.MetadirectoryServices.Impl.BaseMVServices.GetConnectorsFromServer() at Microsoft.MetadirectoryServices.Impl.BaseMVServices.GetOriginalConnectors() at Microsoft.MetadirectoryServices.Impl.CImageServices.IImageServices.GetOriginalConnectors() at Microsoft.MetadirectoryServices.Impl.MVEntryImpl.GetCountOfOriginalConnectors() at Microsoft.MetadirectoryServices.Impl.ScriptHost.InvokeMv_Provision(_OCTET octMVPreImage, _OCTET octMVDelta) BAIL: MMS(2760): scriptmanagerimpl.cpp(1428): 0x80004005 (Unspecified error)
    BAIL: MMS(1256): scriptmanagerimpl.cpp(1509): 0x80004005 (Unspecified error)
    BAIL: MMS(1256): ScriptManager.h(316): 0x80004005 (Unspecified error)
    BAIL: MMS(1256): provisioning.cpp(64): 0x80004005 (Unspecified error)
    ERR: MMS(1256): synccoreimp.cpp(1563): 0x80004005 - provisioning failed 0x80004005
    BAIL: MMS(1256): synccoreimp.cpp(1564): 0x80004005 (Unspecified error)
    ERR: MMS(1256): synccoreimp.cpp(4412): 0x80004005 - MV to CS synchronization failed 0x80004005: [{8E35FB4A-24EE-4C32-8BC6-C841E5C160AB}]
    BAIL: MMS(1256): synccoreimp.cpp(4415): 0x80004005 (Unspecified error)
    ERR: MMS(1256): syncmonitor.cpp(2497): SE: Rollback SQL transaction for: 0x80004005 MMS(1256): SE: CS image begin MMS(1256): SE: CS image end

    This problem occurs because reference attributes and renaming those reference attributes is mishandled. This hotfix improves this rename operation and helps avoid these error messages.
  • Before this hotfix, the account joiner did not let you create "match" filters where both the CS and the MV attributes were multi­valued. The account joiner did let you create filters where only one of the attributes was multivalued. After you apply this hotfix, combinations of attribute mappings that are based on multivalues versus single values are not blocked. However, some combinations are still blocked based on attribute type. Instead, a check is performed when you apply the filter and an error is reported if the CS attribute has more than one value. You experience the following behavior:
    • Multivalued CS to Single-valued MV
      If the CS attribute has more than one value, an error is reported. Otherwise, behavior is the same as the single-valued CS to single-valued MV case.
    • Multivalued CS to Multivalued MV
      If the CS attribute has more than one value, an error is reported. Otherwise, behavior is the same as the single-valued CS to multivalued MV case.
  • This hotfix corrects an issue in multiple MA types. This issue occurs when you select objects to process in the connected directory. The new selections may unintentionally cancel the objects that you had previously included.
  • If "Full import" finishes with the status "completed-discovery-errors", a subsequent "Delta import" will stop with the status "No-start-full-import-required". This means that a delta import will not run until a "Full import" can run without generating this error message. This problem is caused by problems in the DN caching. This hotfix resolves the problem of a full import being required in this scenario.

Issues the build 3.1.1016 hotfix package fixes

  • This fix enables certain distinguished name changes in imported objects to continue without error. Previously, some distinguished name changes failed, and you received the following error message:

    Unexpected error

  • This fix corrects an issue in multiple management agent (MA) types. The issue occurred when selecting objects to process in the connected directory. The new selections could unintentionally cancel previously selected objects.
  • This fix expands the list of search operators that available for Boolean attributes. This list now includes the following:
    • Is present
    • Is not present
    • Is true
    • Is false
  • This fix increased performance when large subtrees are deleted in the connector space.
  • This fix corrects a problem where you could not back up the system state when Password Change Notification Service (PCNS) is installed on a domain controller (DC).

For additional information about the contents of the IIFP 1a release, visit the following Web site:

MORE INFORMATION

Download information

To obtain the hotfix package, visit the following Microsoft Download Center Web site:

Release Date: March 17, 2006

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services


Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Note To verify that this hotfix package has been applied correctly, click Help, and then click About in IIFP. If this hotfix package has been applied correctly, the version number is 3.1.1042.0.

Prerequisites

When you apply this hotfix package, you are prompted for your IIFP 2003 installation media. Depending on how you originally installed IIFP 2003, insert the media in the See Comment or in the DVD drive, or specify a share location.

To apply this hotfix package, the currently logged-on user account must have the same SQL Server credentials as the account that was used to install the release version of IIFP 2003. Before you apply this hotfix package to your production environment, test this hotfix package in a Quality Assurance (QA) lab. Additionally, back up the IIFP 2003 SQL Server database and verify that you can fully recover your data from the backup version if this hotfix package does not apply correctly.

Restart information

Typically, you do not have to restart the server after you apply this hotfix package. However, the installer can determine whether you must restart the computer. If you must restart the computer, you are prompted to restart the computer. Frequently, you must restart the computer because the installer is trying to install a file that the computer is currently running.

Hotfix replacement information

This hotfix package replaces the following IIFP 2003 cumulative hotfix build:

  • SP1 (3.1.1036.0)


REFERENCES

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates


The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbqfe kbbug kbfix kbidintactdirpresp1fix KB884192