A few cases have come up this week and I wanted to shed some light on 400 errors that you may receive from the FIM CM Bulk issuance Client
This normally results from the IIS server hosting the FIM CM CertificateManagement website not allowing Double Escape Sequences. Doule Escape Sequences can be a bad thing if not managed properly by creating a hole in the IIS server that may allow malicious code to be run from inside a URL. If the server is behind a firewall and only being accessed by a single client, FIM CM Bulk Issuance Client, it is a much smaller threat vector than one would normally expect.
This error is often an indication that you have mismatched binary versioning between your FIM CM Bulk Issuance Client and the FIM CM Server. For example:
Depending on your scenario, the binaries should match so uninstall/upgrade etc… so the versions match correctly