locked
Rollup fix for ILM 2007 available - Win2008 support for CLM and more...

    General discussion

  • Rollup Fix for Identity Lifecycle Manager 2007 FP1 released

     

    With the release of Identity Lifecycle Manager 2007 FP1 version 3.3.1087 we now support all components running on Windows Server 2008 32 bit as well as using Windows Server 2008 32 bit certificate authorities including clustered CA support. You can also set up multiple CLM servers using Network Load Balancing for redundancy on this layer as well. Running the ILM 2007 metadirectory services features on Windows Server 2008 has been supported for some time but we wanted to wait for CLM to support this as well before updating the system requirements pages on our ILM 2007 product pages. If you want all updates below you should download and apply the updates in KB946797

     

     

    We have just released two rollup packages.

    ·         KB957181 - ILM 2007 FP1 version 3.3.1080.2

                    Examples of updates in this version: Updates to how Lotus Notes Management agent as well as password synchronization honors the use of "Run this management agent in separate process".

    ·         KB946797 - ILM 2007 FP1 version 3.3.1087.2

                    Examples of updates in this version: fix for issue with export only MA's and deprovisioning, fix for issue with creating strong-named extensible MA's and rules extensions, fixes to four issues with CLM including support for Windows Server 2008 32 Bit

     

     

    Since the release of Featurepack 1 for Identity Lifecycle Manager 2007 there has been a few updates.

    ·         KB952308 - ILM 2007 FP1 version 3.3.1051.2

    Examples of updates in this version: Updates with attribute flows as well as some specific issues around connecting to SunOne Directory

    ·         KB952327 - ILM 2007 FP1 version 3.3.1067.2

    Examples of updates in this version: Update for how access checks in AD are performed by Certificate Lifecycle Manager

     

    Monday, December 8, 2008 10:59 AM
    Moderator

All replies

  • I am attempting to apply the patch from KB article KB946797 to a fresh install of ILM 2007 (v3.3.118.0); however, I am getting the following error message:

    The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded my be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch."

    Any idea what version this patch is for?


    Erich Karch - Senior Solution Architect, EMC Microsoft Practice (Federal)
    Monday, December 15, 2008 2:13 PM
  • Eric,

    I just attempted this myself on the retail version of 3.3.118(ILM FP1). Can you go to Help->About and verify version and let me know what your product ID is? From product ID, I should be able to determine if the fix is meant to patch the version that you have. Thx.

    Monday, December 15, 2008 3:08 PM
  • I am running versin 3.3.118.0. My product ID is: 91375-640-0000007-60095


    Thanks!


    Erich Karch - Senior Solution Architect, EMC Microsoft Practice (Federal)
    Monday, December 15, 2008 3:33 PM
  • Eric

    You have the MSDN version, I will verify if that patch is supposed to work with this or not.

    Glenn Zuckerman
    Microsoft Developer Support
    Monday, December 15, 2008 3:49 PM
  • We are building out a proof-of-concept using the MSDN license. The reason for my desire to apply this patch is that I am hoping it will resolve the issue I described here: http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/44e556ad-f850-4aea-805f-2dcbd56b0b6e


    Erich Karch - Senior Solution Architect, EMC Microsoft Practice (Federal)
    Monday, December 15, 2008 4:24 PM
  • Glenn Zuckerman [MSFT] said:

    Eric

    You have the MSDN version, I will verify if that patch is supposed to work with this or not.

    Glenn Zuckerman
    Microsoft Developer Support



    Any news about this ?
    Friday, February 20, 2009 10:37 AM
  • I am running into the same problem?

    Any solution?

    Regards

    JP
    Alphamosaik
    Wednesday, March 4, 2009 10:48 PM
  • Hello  Glenn,

    Any news on this?
    Is the 3.3.1087.2 rollup hotfix supported on a MSDN version?

    Kind regards,
    Peter
    Peter Geelen - Sr. Consultant IDA (http://www.traxion.com)
    Friday, March 20, 2009 10:10 AM
  • I am having a different issue trying to install the 1087 update to a base install (3.3.118.0) and I'm using the VL edition (not MSDN).  I'm using an install account that has the following permissions:

    • Domain account with local Administrator priviliges (through nested domain based ILM Admins group)
    • Priviliges in SQL (Roles):
      • dbcreator
      • public
      • securityadmin
      • sysadmin
    • SQL User Mapping (install account) for MIIS DB:
      • db_owner
      • public

    The error is:

    Error 25009. The Microsoft Identity Integration Server FP1 setup wizard cannot configure the specified database. Invalid object name 'mms_management_agent'. A required privilege is not held by the client.

    I've completely reinstalled the product and I'm using the same account to install the patch as I used to install the product. A select from the MA table works (it's empty, but no errors). The only deviation we have from a "Typical" installation is that we're using domain based security groups instead of local. I don't see anything telling in the install log...

    This is Server 2008 Enterprise x86 w/SP1, and SQL Server 2008 Enterprise w/CU3.


    Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
    Monday, March 30, 2009 5:29 PM
  • After running SQL Profiler I still can't find any smoking guns - these are the last statements I see after just before the install fails:

    EXEC sp_grantlogin N'DEV\svc.ilmsync'
    select name from dbo.sysusers where sid =0x0105000000000005150000001E5D2CE933BA7F72A48386A845060000
    EXEC sp_addrolemember N'db_owner',N'DEV\svc.ilmsync'
    update [mms_server_configuration] set [administrators_sid] = 0x0105000000000005150000001E5D2CE933BA7F72A48386A846060000,[operators_sid] = 0x0105000000000005150000001E5D2CE933BA7F72A48386A847060000,[account_joiners_sid] = 0x0105000000000005150000001E5D2CE933BA7F72A48386A848060000,[browse_sid] = 0x0105000000000005150000001E5D2CE933BA7F72A48386A849060000,[passwordset_sid] = 0x0105000000000005150000001E5D2CE933BA7F72A48386A84A060000
    update [mms_server_configuration] set [computer_id] = N'ILMDEV6'
    update [mms_server_configuration] set [operation_bitmask] = 9223372036854743037

    I see the SQL:BatchStarting and BatchCompleted entries for all of the above, but then I get the Error 25009 right after the last statement.  No errors are logged in the Profiler trace.

    FYI - svc.ilmsync is the ILM Service account, the account I'm logged in with is a different account - the one that I installed ILM with originally.  The GPO "deny" policies have been set per best practices to prevent the service account from logging on locally, batch, terminal services, etc.
    Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
    Wednesday, April 1, 2009 8:22 PM
  • Hello Erich,

    we had the same problem a few months ago, when the hotfix was not yet officially released. After some support calls, it turned out that the hotfix could not be used with the MSDN-Version. We had to re-install using a non-MSDN Edition.
    Thursday, April 9, 2009 9:11 AM
  • I have a client that is looking to install ILM 2007 FP1 on a Windows Server 2008 32-bit server.  In reading through the responses to this posting, I'm a little confused as to whether the retail version of ILM 2007 FP1 can be installed on 2008.

    So, can you install the retail version (3.3.118.0) on a Windows Server 2008 32-bit server, and then apply the 3.3.1087.2 hotfix?

    Or do I need to obtain, through some other channel, a full installation package for version 3.3.1087.2?

    Thanks,

    Marc
    Marc Mac Donell, Senior Consultant (Identity Assurance), Avaleris Inc.
    Friday, May 15, 2009 3:27 PM
  • Hi Marc,

    Despite my difficulties I am reassured that the 3.3.118.0 build of FP1 is fully supported on Windows Server 2008 and now SQL Server 2008.  I have loaded the slipstreamed 3.3.1087.2 package and am still unable to apply and subsequent patches but I have spoken with others that have not had any difficulty with this configuration so I just must be special. :)


    Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com
    Saturday, May 16, 2009 10:22 PM