Hi,

I could use some advice with a smart card renewal issue in FIM CM 2010 R2. (Self-service)

How can I prevent FIM CM update service from creating additional renewal requests for a smart card that was already renewed?

FIM CM update service detects in FIM CM database when a certificate enters its renewal period. When it's time, a renewal request is created and an email with OTP is sent to the user. The user successfully completes the renewal request and all should be OK.

The problem: FIM CM update service will soon (default within 5 hours), re-check for certificates entering renewal. Although the smart card was just renewed, an additional renewal request is created and a new OTP email is sent to the user.
If the user completes also the second renewal request, a third request is generated, and it goes on.

I'm assuming that the still valid, still expiring certificate is re-detected by the FIM CM update service.

The second renewal request can be avoided by enabling "revoke old certificates" in the revokation settings workflow, without delay. This would however make the renewal request creation revoke the certificate. I would prefer to keep the certificate valid until expiry, or revoke it when the request is completed.

Thanks

• Edited by StoffeB Tuesday, March 03, 2015 8:37 AM clarification

To make the process work, I had to abandon the renew policy.

As a workaround, we configured FIM CM update service to trigger an Online update request instead of the default renew request. The Online update process always revokes the expiring certificate, but not before the request is completed by the user. That detail makes all the difference.

I'm still curious to hear if anyone else recognizes this issue.

The FIM CM build is 4.1.3496