Montag, 12. Juni 2017

Microsoft Identity Manager 2016 SP1 hotfix 4.4.1459.0 breaking Exchange Online connection

Hi folks,

it's been quite a while since my last post but I've been pretty busy (as everyone else) in my identity and access management projects.

I found a little bug in the latest MIM hotfix (KB4012498) while upgrading from FIM 2010 R2 SP1 to MIM 2016 SP1.

We started with a new installation of MIM 2016 SP1 (4.4.1302.0) using the existing database of the previous FIM 2010 R2 SP1 installation.
Synchronization Service update worked fine and after installing all additional connectors (basically Microsoft Generic SQL, Microsoft Webservice Connector for SAP, Soren Granfeldts Powershell Connector) the sync engine worked as expected.
After that we updated our MIM Service and MIM Portal server the same way. During the update we changed the mail server configuration of our service account mailbox from on-premises to Exchange Online. Everything worked fine after the update and we were able to send mails using our Office 365 (Exchange Online) mailbox. We only had to install our custom workflow components (MIMWAL).

The entire system worked as expected and we wanted to install the lates MIM hotfix in order to leverage from the SQL Always On Availability Group support.
We first updated the Synchronization Service and then updated the MIM Service and MIM Portal server.

After the update we were not able to send emails using our portal service mailbox on Exchange online with the out of the box notification workflow. We always got an 401 not authenticated error.

It took us quite a while to figure out that the hotfix must have killed the value "EncryptedExchangeOnlineAccountPassword" from the registry.

We then started the MIM 2016 SP1 installation wizzard again and entered the required values and the service was working immediately. We are still on 4.4.1302.0.

If you plan to update to the latest MIM hotfix and are already using Exchange Online for your service mailbox keep that in mind.

I hope this will save you some time. I already got in contact with David Steadman and Microsoft will hopefully update the hotfix "known issues" section and open a bug report.

Best regards and keep on syncing
Chris