none
Cannot load the MIMPAM module, when installing MIM roles on separate VMs. RRS feed

  • Question

  • Hi,

    I cannot load the MIMPAM module.

    First the program complains that it does not exist. When I pinpoint to it, I get the message the dotnet version is too new. Can someone explain it? My server is 'Azure 2012 R2' VM.

    PS C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\PAM\PowerShell\Modules\MIMPAM> Import-Module .\MIMPAM.psd1

    Import-Module : The assembly 'Microsoft.IdentityManagement.WinTools.dll' was not loaded because no assembly with that name was

    found. Verify the assembly name, and then try again.

    At line:1 char:1

    + Import-Module .\MIMPAM.psd1

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : InvalidOperation: (:) [Import-Module], DllNotFoundException

        + FullyQualifiedErrorId : FormatXmlUpdateException,Microsoft.PowerShell.Commands.ImportModuleCommand

    PS C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\PAM\PowerShell\Modules\MIMPAM> gacutil -i .\Microsoft.IdentityManagement.WinTools.dll

    Microsoft (R) .NET Global Assembly Cache Utility.  Version 3.5.30729.1

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Failure adding assembly to the cache:   This assembly is built by a runtime newer than the currently loaded runtime and cannot be loa

    ded.

    PS C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\PAM\PowerShell\Modules\MIMPAM>


    GH


    • Edited by Guy Horn Wednesday, November 30, 2016 3:43 PM
    Tuesday, November 29, 2016 5:08 PM

Answers

  • Yes. The answer is to install the Add ins Extensions PAM client. That solves this problem.

    GH

    • Marked as answer by Guy Horn Friday, February 2, 2018 1:35 PM
    Friday, February 2, 2018 1:34 PM

All replies

  • Guy please run the .net 4 gacutil , Maybe your system is using old version of the gacutil 

    Wednesday, November 30, 2016 2:18 PM
    Moderator
  • Hi,

    That's not the problem. It seams I cannot install PAM on separated servers and get the MIMPAM load. My plan is to separate these MIM roles:

    1. MIM Portal

    2. MIM Service + PAM Service

    3. PAM Portal sample web application.


    When I install all roles on the same server all works fine. This topology should be supported if I read it correctly. I already installed a lot of FIM and MIM installations so this feels buggy.

    I found at least 1 hidden feature.
    bug 1: to connect to remote service server, firewall rule allowing tcp port 5725 and 5726v is not enough. I Must define also TCP 100-1000 and then the installation goes on. I find it strange.

    I have a work-around: installing also the MIM Service + PAM Service on the VM hosting the MIM Portal while configuring the NLB name of the desired FIMService server. And then disabling the FIMService on the Portal servers. Then I can load the MIMPAM on the portal server. I guess I'll have to repeat that trick on the FIMService servers to ensure correct working PIM when it process requests.

    Environment:
    Windows 2012 R2 VMs in Azure, MIM 2016 with SP1, SharePoint foundation 2013.


    GH


    • Edited by Guy Horn Wednesday, November 30, 2016 4:41 PM
    • Marked as answer by Guy Horn Tuesday, December 27, 2016 9:59 AM
    • Unmarked as answer by Guy Horn Friday, February 2, 2018 1:35 PM
    Wednesday, November 30, 2016 3:42 PM
  • Guy

    sorry thought that was the question , having the extra details helps on context , so it would be nice to see a network trace of why you need TCP 100-1000 , I agree something seems off . Might be best to open a case to have this scenario check out and confirmed what ports if any extra are needed for the separation of the roles

    Wednesday, November 30, 2016 5:06 PM
    Moderator
  • Hi,

    The ports is just an oddity... I'm not such a network guy so I'll leave that one to others.

    The main problem is separating of the roles. Now with the suggested work-around I bump into the following problem. How to install the portal and get it working on a separate VM? Again the documentation is not there...

    Where can I open a case? Do you mean a support call? Cause we officially still develop. We didn't buy yet.


    GH


    • Edited by Guy Horn Thursday, December 1, 2016 9:06 AM
    Thursday, December 1, 2016 9:05 AM
  • Did you find a better workaround to solve this problem without having to install the Portal and the Service on the same server? I also have split my Portal and Service servers to meet client network zone requirements. Surely this is a bug, I have deployed many FIM / MIM solutions which have this topology, this is my first PAM instance.

    I tried:

    1. Adding all Microsoft.IdentityManager.*.dll to the Global Assembly Cache which were not installed on my Service Server but were installed on my Portal and Service Server, with no success
    2. Reviewed the DLL's in my installation path "C:\Program Files\Microsoft Forefront Identity Manager\2010" and found them to be the exact same, with exception to 2 DLL's in the Portal folder which I moved to the Service server, with no success.
    3. Looked at the Microsoft.IdentityManagement.WinTools.dll with application 'Dependency Walker', found DLL's in System32 where not available. In particular msvcr100.dll. Moved this from the Portal server to Service server, with no success. Also figured moving DLL's into System32 was not suitable for a workaround as might cause upgrade issues in the future.

    Regards

    Alex


    Tuesday, July 18, 2017 10:18 PM
  • Yes. The answer is to install the Add ins Extensions PAM client. That solves this problem.

    GH

    • Marked as answer by Guy Horn Friday, February 2, 2018 1:35 PM
    Friday, February 2, 2018 1:34 PM