Microsoft Identity Integration Server 2003 Update Rollup, Build 1023 (831926)

MORE INFORMATION

This update rollup addresses the following problems:

• If the changelogs are out of order, the Sun ONE Directory Server 5.1 delta import does not succeed.
  
  Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server) may cause three independent problems with its own changelog:
  1. Sun ONE Directory Server 5.1 may write the changelog entries out of sequence (for example, it may record entry 2 before entry 1).
  2. Sun ONE Directory Server 5.1 may record the changelog entries out of order (for example, after it writes entries 1 and 2, the entries may appear as "2,1" in the changelog).
  3. Some changelog entries may be missing (for example, the changelog may have entries "1,3" with 2 missing).
  Before this software update, the management agent (MA) for Sun ONE Directory Server 5.1 could handle the third issue (it skips over missing entries). However, in the first two cases, the MA will fail with a "changelog-out-of-order" step result. This software update works around this issue in Sun ONE Directory Server 5.1 directories by compensating for all three conditions in the Sun ONE Directory Server 5.1 changelogs.
• The management agent performance is slow when MIIS 2003 runs delta imports against a Sun ONE Directory Server 5.1 directory or when it processes large groups.
  
  Before this software update, the management agent performance was not optimal when MIIS 2003 ran delta imports against a Sun ONE Directory Server 5.1 directory. This software update includes performance improvements for both cases.
• The MIIS 2003 management agent stops responding (or "hangs") while running a delta import.
  
  When MIIS 2003 runs a management agent, the management agent appears to stop responding, and the following application error is written to the event logs:Application popup: miiserver.exe - Application Error : The instruction at "0x01076f77" referenced memory at "0x00000000". The memory could not be "read".The application error occurs because an exception occurs while the management agent runs in delta mode. This software update prevents this exception from occurring.
• Objects are corrupted in connector space, and errors are returned when MIIS 2003 runs the management agents.
  
  The following event is returned when MIIS 2003 synchronizes any management agent that modifies a metaverse object that has a corresponding connector space object that has become corrupted. The corruption occurs because the tower (hologram) has a distinguished name (also known as DN) that is different from the distinguished name in Microsoft SQL Server.
  
  A message that is similar to the following is written to the event log when MIIS 2003 runs a synchronization run profile:Event Type: Error
  Event Source: MIIServer
  Event Category: Server
  Event ID: 6312
  Date: 10/3/2003 Time: 10:50:55 PM
  User: N/A
  Computer: ComputerName
  Description: The server encountered an unexpected error while performing an operation for a rules extension.
  ERR: MMS(3576): tower.cpp(521): DN mismatch for phantom export: row (DN=CN=Mike Smith (Central Financial Services),OU=Disabled Users,OU=MIIS,DC=Microsoft,DC=com), tower(old DN=CN=Mike Smith,OU=Disabled Users,OU=MIIS,DC=Microsoft,DC=com) BAIL: MMS(3576): tower.cpp(522): 0x8023031c (The tower has a distinguished name that is different from that of the store.)When MIIS 2003 processes an export run profile to export objects to the connected directory, a message that is similar to the following is written to the event log if the objects are corrupted:Event Type: Error
  Event Source: MIIServer
  Event Category: Server
  Event ID: 6301
  Date: 10/3/2003
  Time: 10:50:55 PM
  User: N/A
  Computer: ComputerName
  Description: The server encountered an unexpected error in the synchronization engine: "BAIL: MMS(3576): scripthost.cpp(10075): 0x80230703 (The extension threw an exception.) Microsoft.MetadirectoryServices.Impl.InternalError: 0x8023031c at Microsoft.MetadirectoryServices.Impl.ScriptHost.ThrowExceptionFromHRESULT(Int32 hr)
  This software update prevents the distinguished names between the tower and the store from becoming different and, therefore, prevents this type of corruption of the connector space objects.
• The LDIF file management agent writes a bad record to the LDIF export file.
  
  This software update addresses a problem where the LDIF file management agent writes a bad record to the LDIF export file. The problem occurs when that LDIF file is exported and then the LDIF file is processes by another program, such as Ldifde.exe. The following is an example of a bad record:
  
  dn: uid=UK12345,cn=Test,cn=Users,o=Microsoft
  changetype: modify
  add: c
  -
  
  This software update prevents the management agent from writing the bad record to the LDIF export file.
• A status message of "Completed Transient Objects" is generated during a delta import run when a distinguished name is the same as an anchor attribute, even though the capitalization (case) is different.
  
  MIIS 2003 treats the anchor attribute as case sensitive, but it does not treat the distinguished name as case sensitive. When they are imported, objects with distinguished name data that have the same values but whose values are in a different case are treated as new objects. Because an anchor attribute is changed, MIIS assumes that the objects being processed are new objects. Therefore, when this behavior occurs, the management agent makes the original object transient, and the management agent generates a "Completed Transient Objects" run status. Additionally, because of the transient state of the object, delta changes may be lost for this object.
  
  After you apply this update rollup, only newly created management agents can be corrected. Existing management agents cannot be corrected because existing settings must be maintained. Therefore, you must migrate your existing management agent to a new management agent. For information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

  827117 How to build a new management agent to replace an existing management agent

  
  
• DSMLv2 export files do not specify the appropriate encoding.
  
  During the export of the Directory Services Markup Language (DSML) file, MIIS does not include an encoding tag (a declaration at the beginning of the file that specifies the appropriate encoding). Therefore, any consumer of the file assumes that the appropriate encoding is UTF-8. If this is not the appropriate encoding, the consumer cannot use the file without processing it and without adding the appropriate encoding tag to the DSML file. This software update adds the appropriate encoding tag based on the code page that is specified in the management agent properties.
• Problems occur when you reset HTTPPassword with the More Secure Internet Format setting.
  
  The management agent for Lotus Notes sometimes loses passwords when you set them through the Web application. This problem occurs because of the way that Lotus Notes encodes the password. Therefore, when Notes decodes the password, the password becomes a different value from what it was before it was encrypted. This causes the management agent to set an incorrect password. This software update resolves this problem.

Hotfix information

The issues that this article describes are fixed in the latest Microsoft Identity Integration Services 2003 cumulative hotfix package. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.