FIM 2010 R2 Hotfix (4.1.3441.0) Available

On April 22, 2013, Microsoft released Hotfix 4.1.3441.0 for Forefront Identity Manager 2010 R2. This hotfix features a number of issue fixes, as well as a couple of new features around the MetadirectoryServicesEx.dll and the ECMA framework. The hotfix can be downloaded here.

Peter Geelen (Microsoft) has updated the FIM 2010 Build Overview wiki article with a summary of the changes in this release:

FIM Sync

  • Issues Fixed
    • AD MA) would stop if there was an issue during Exchange provisioning
    • PCNS, the setting for the password source
    • stopped-ma” error on FIMMA on delta import
    • ECMA2 Connectors empty reference attribute data could crash the Synchronization Service
    • error returned on object during add in ECMA2
    • Schema Refresh on an ECMA2 Connector
    • export-only ECMA2 did not correctly handle errors “The image or delta doesn’t have an anchor.”
    • When several exports are run without a confirming import and not all references could be exported, the Synchronization Service could report a “stopped-server” error.
    • Adding a value to a reference value by using scripted code throws an error “Object reference not set to an instance of an object” because of a regression in FIM 2010 R2 SP1
    • When a custom extension does not return control to the Synchronization Service in time, typically 5 minutes, the Synchronization Service crashes
  • New features
    • The Synchronization Service’s contract DLL MetadirectoryServicesEx is no longer dependent on the FIM Synchronization Service. It is now possible to load an ECMA2 Connector outside the Service which enables the ability to create unit tests for these Connectors in Visual Studio.
    • This release includes ECMA2.2 which has several new features added.


  • Fixed
    • Windows 8 TPM-based virtual smart cards could not be provisioned because of a change in Smart Card Minidriver Specification v.7.
    • The ability to print photos is added by using ID Works.
    • Advanced search in Bulk Client does not work as expected when more than 1,000 results is returned from Active Directory.


  • Fixed
    • If a new password has a string that might violate the ASP.NET request validator such as “<script>”, the operation would fail with the exception “A potentially dangerous Request.Form value was detected from the client”


  • Fixed
    • In a special case after the bhold connector was deleted in the FIM Synchronization Service and re-created, an import would be unable to see all objects in bhold.

Nothing too interesting in this release, unless you were having specific problems. However, the new ECMA 2.2 release is worth checking out, as there is a new “capabilities” page during configuration. According to Microsoft, it is now possible to ask the user for information and connect to the target directory and use that information for the Connector’s capabilities. It will be interesting to see how this can be applied. Increased LDAP DN support has also been added, as well as improved handling of delete/update operations during delta imports.Additional details can be found on the Microsoft Developer Network (MSDN) website for ECMA2.

Leave a comment