Planning MIM 2016 SP2 in TLS 1.2 or FIPS-mode environments


This article applies to MIM 2016 SP2 only

When installing MIM 2016 SP2 in the locked-down environment that has all encryption protocols but TLS 1.2 disabled, the following requirements apply:

MIM Synchronization Service, SQL MA

  • To establish secure TLS 1.2 connection with SQL server, MIM Synchronization Service and built-in SQL management agent require SQL Native Client 11.0.7001.0 or later.

MIM Service


MIM 2016 SP2 unattended install fails in TLS 1.2 only environment. Either install MIM Service in interactive mode or, if installing unattended, make sure TLS 1.1 is enabled. After unattended installation completes, enforce TLS 1.2 if needed.

  • Self-signed certificates cannot be used by MIM Service in TLS 1.2 only environment. Choose strong encryption compatible certificate issued by trusted Certification Authority when installing MIM Service.
  • MIM Service installer additionally requires OLE DB Driver for SQL Server version 18.2 or later.

FIPS-mode considerations

If you install MIM Service on a server with FIPS-mode enabled you need to disable FIPS policy validation to allow MIM Service Workflows to be executed. To do so, add enforceFIPSPolicy enabled=false element into runtime section of Microsoft.ResourceManagement.Service.exe.config file between runtime and assemblyBinding sections as shown below:

<enforceFIPSPolicy enabled="false"/>
<assemblyBinding ...>