Installing the MIMWAL

The MIMWAL is the publically released version of the FIM WAL v1 and FIM WAL v2 that were previously only available to Microsoft engagement engineers. The MIMWAL is described by Microsoft as a “powerful solution accelerator for MIM / FIM that provides foundational activities which can be combined to create complex workflows to implement business processes within a MIM / FIM solution simply by configuration instead of coding for days and months.” It is very exciting to now have this software available to the public and in this blog posting I am going to explain how to implement it.

Unfortunately, Microsoft is not providing compiled binaries that can simply be copied to your servers and installed. Instead we have to download the MIMWAL source code and build and sign the code prior to installing the software. The reason is that Microsoft does not have the legal approval to include compiled binaries that includes code from other products. Microsoft has a MIMWAL Build and Deployment Wiki Page that does a pretty good job of describing the steps required to build and deploy the MIMWAL and you are encouraged to follow the steps listed there for implementing the MIMWAL in your environment. However, for those not familiar with this process, it can be a bit daunting and if you decide to give it a go, you may run into some challenges. With this blog post I attempt to make things a bit easier by describing the process as Microsoft has done, but also include additional screenshots, tips, and extra explanation that will hopefully help you to successfully install the MIMWAL in your environment with the least amount of headache.

So the high level steps for getting the MIMWAL into your environment are as follows:

  1. Configure a Build/Developer machine where you will install Visual Studio for compiling the code that you will deploy to your environment
  2. Take the compiled code and deploy it to your target MIM / FIM Service and Portal servers
  3. Verify the successful implementation of the MIMWAL

 1. Configure Build/Developer Computer

There are a number of steps required to be completed on the Build/Developer Computer:

Step 1 – Install Visual Studio 2012 or later. Visual Studio 2015 Community is available for free here. I chose to install Visual Studio 2015 Community. I selected the “Typical for Windows 10 Developers” install type. This software is required so that you can compile the code after you have added the required DLLs and .NET utilities.

Step 2 – Obtain FIM DLLs. It is necessary to download the FIM hotfix v4.1.3496.0 and extract some DLLs that will be added to the MIMWAL source code. Earlier versions of the DLLs will cause a failure when compiling the code.  Later versions of the DLLs may work, but it is highly recommended by Microsoft that you obtain the files from this specific FIM Build version. When I originally installed the MIMWAL I did not know of an easy way to get the DLLs and therefore I installed the FIMService and Portal and hotfix on my Build/Development computer. We all know how much of a struggle it can be installing FIM. The process below for getting the DLLs is much easier:

  1. Download msix.exe patch extractor utility from here and save it locally to your Build/Developer computer. This utility will allow you to extract the DLLs from the MSP hotfix file.
  2. Run the msix.exe against the FIMService_x64_KB2906832.msp file (screenshot below).

Implementing MIMWAL Screenshot - Running the msix.exe against the FIMService_x64_KB2906832.msp file

  1. Using Windows Explorer, open “MSDN.cab” from the extracted hotfix.
  2. Within the MSDN.cab file you will find MicrosoftILMPortalCommonDlls.wsp. Extract this file from the MSDN.cab file and save it in a temporary location on your computer.
  3. Change the file extension on MicrosoftILMPortalCommonDlls.wsp to .cab and open the file using Windows Explorer. Copy out the following four required DLLs:

Microsoft.IdentityManagement.WebUI.Controls.dll
Microsoft.IdentityManagement.WFExtensionInterfaces.dll
Microsoft.ResourceManagement.dll
Microsoft.ResourceManagement.WorkflowContract.dll

Step 3 – Obtain a copy of the System.Management.Automation.dll. As stated on Microsoft’s MIMWAL Build and Deployment Wiki Page this file can be extracted from the following location: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35. However, you cannot find the file using File Explorer. This is because the GAC_MSIL folder and subfolders are hidden. However, you can copy the file using the Copy command from an elevated PowerShell window (screenshot below).

Implementing MIMWAL Screenshot: Copy System.Management.Automation.dll from C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35

Step 4 – Download .NET Framework 3.5 SP1 SDK in order to obtain gacutil.exe and sn.exe utilities. When downloading the installation files, you will be presented with the following options (screenshot below). Notice that there are no descriptions to help you make a decision as to which file to download.

Implementing MIMWAL Screenshot: Options for downloading .NET Framework 3.5 SP1 SDK

The descriptions of the three versions are below:

Implementing MIMWAL Screenshot: Descriptions for .NET Framework 3.5 SP1 SDK downloads

The only reason that Microsoft is asking you to install the SDK, is so that you can obtain access to the two utilities; sn.exe and gacutil.exe. And like getting the DLLs, it is not necessary to install any software. Instead do the following:

  1. Mount the SDK .ISO as a local drive on your computer.
  2. Using  Windows Explorer. open .\Setup\WinSDKNetFxTools\cab1.cab
  3. Copy FL_gacutil_exe_30517_x86_enu from the cab file to another location on the Build/Development computer and rename to gacutil.exe
  4. Copy FL_sn_exe_24885_x86_enu from the cab file to another location on the Build/Development computer and rename to sn.exe

Step 5 – Download the latest MIMWAL Source Code. This is pretty self explanatory. Be sure to follow Microsoft’s recommendations to UNBLOCK the zip file by right clicking on the file and in the properties dialogue clicking the ‘UNBLOCK’ button before extracting the files. And, place the source code on the root of the C:\ drive (or close to it) to avoid issues with long file paths.

Step 6 – Ensure that the referenced assemblies and .NET utilities are copied / placed in the source code folder structure. The instructions found on Microsoft’s MIMWAL Build and Deployment Wiki Page are more than satisfactory. Just copy the files previously collected to the following locations in the MIMWAL source code:

      • src\Scripts
        • gacutil.exe
        • sn.exe
      • src\ReferencedAssemblies\
        • System.Management.Automation.dll
      • src\ReferencedAssemblies\4.1.3496.0
        • Microsoft.IdentityManagement.WebUI.Controls.dll
        • Microsoft.IdentityManagement.WFExtensionInterfaces.dll
        • Microsoft.ResourceManagement.dll
        • Microsoft.ResourceManagement.WorkflowContract.dll

Step 7 – Create strong key name. The instructions found on Microsoft’s MIMWAL Build and Deployment Wiki Page are more than satisfactory.

Step 8 – Compile code. As long as you have copied the correct .DLLs and .NET utilities to the correct locations in the MIMWAL source code, have chosen to compile in “Release mode” and selected the “Build | Rebuild” option, the code will be compiled and outputted to the Solution Output folder (screenshots below).

Implementing MIMWAL Screenshot: Using Microsoft Visual Studio to compile software; Build|Release.

Implementing MIMWAL Screenshot: Using Microsoft Visual Studio to compile software; Rebuild Solution.

Implementing MIMWAL Screenshot: Solution Output

Step 9 – Sign code. The instructions on Microsoft’s MIMWAL Build and Deployment Wiki Page are satisfactory. The reason we do this is to protect the binaries from being changed. If the MIMWAL binaries are changed after signing, it will not be possible to execute them.

2. Deploy to your Target FIM Service/Portal Computers

Step 1 – Copy the output from the build that you completed on the Build/Development computer to the local drives of each of your MIM / FIM Service and Portal servers. The instructions for running this on Microsoft’s MIMWAL Build and Deployment Wiki Page are satisfactory

Step 2 – Run the Register.ps1 script on each MIM / FIM Service and Portal servers. The instructions for running this on Microsoft’s MIMWAL Build and Deployment Wiki Page are satisfactory.

3. Verify the installation of the MIMWAL

I felt like the instructions found on Microsoft’s MIMWAL Build and Deployment Wiki Page were lacking. I hope to make things more clear here:

Step 1 – Verify registration of DLLs. If the DLLs are located in the C:\Windows\assembly\ you know they have been registered (screenshot below).

Implementing MIMWAL Screenshot: Verify DLLs

Step 2 – Verify the WAL Assembly Bindings redirects are created/updated with the latest WAL assemblies. The redirects can be found in the web.config (screenshot below).

Implementing MIMWAL Screenshot: Verify WAL Assembly Binding Redirects

Step 3 – Verify Diagnostics source for WAL is present in app.config or web.config. This can be found in the web.config (screenshot below).

Implementing MIMWAL Screenshot: Verify diagnostics source for WAL

Step 4 – Verify ActivityInformationConfiguration (AIC) object for each WAL activity. Do a search in the FIM / MIM Portal for All Resources that begin with “WAL” (screenshot below).

Implementing MIMWAL Screenshot: Verify ActivityInformationConfiguration (AIC) object for each WAL activity

Step 5 – Verify event log WAL event: Pretty easy to find (screen shot below).

Implementing MIMWAL Screenshot: WAL EventLog

Step 6 – Update the WAL assembly version in the workflow XOMLs by running the UpdateWorkflowXoml.ps1 script once from any server with MIM / FIM Service role. When I ran this, the output was “Skipping Workflow: <WF Name>” for each workflow that existed (screenshot below). This is because the intention of this script is to update each workflow that was created with FIM WAL V2 to use the new MIMWAL. I had FIM WAL V1 installed and there is no automated upgrade path. See the MIMWAL FAQ page for more information.

Implementing MIMWAL Screenshot: UpdateWorkflowXoml.ps1

Because I  installed the MIMWAL side by side with FIMWAL Version 1 (desired approach), when I create a new Action Workflow, the old Action Workflow activities are available to be selected along with the new ones. The new ones are prefixed with “WAL:” (screenshot below). The old workflow activities associated with the FIM WAL v1 should be manually recreated as MIMWAL activities. Then to remove the FIM WAL V1, you delete the AIC’s and can optionally delete them from GAC as well.

Implementing MIMWAL Screenshot: WAL Activities

I hope that you found this Blog posting helpful for the installation of the MIMWAL. Please respond with comments or questions. Thank you!

About Matthew Brooks

Over 15 years experience in the IdAM field.

6 thoughts on “Installing the MIMWAL

  1. Pingback: MIMWAL for Setting and Communicating Password for New Users

    • Hi Michael – Thank you for the feedback! Its always great to hear that what I have blogged has been able to help someone out.

  2. Pingback: Error rebuilding MIMWAL – File MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll not found – Nivlesh's Blog

Leave a Reply

Your email address will not be published.