Early November saw Microsoft release a new hotfix rollup package (build 4.0.3644.2) for Forefront Identity Manager (FIM) 2010. The official documentation for this build can be found on the Microsoft support website under KB article kb2750673. Download link is here.
kb2750673 (4.0.3644.2) supersedes 4.0.3627.2. The main reason for this hotfix are the fix for Microsoft Security Advisory 2749655 (digital signature certificates prematurely expiring) and the Microsoft.MetadirectoryServicesEx.dll version issue.
Pay particular attention to the Known issues in this update section – After applying this update rules extensions and ECMA-based connectors stop working. The error surfaced by the Synchronization Service is stopped-extension-dll-load.
The issue that arises is due to the binding redirection elements not being added to the miiserver.exe.config, mmsscrpt.exe.config, or dllhost.exe.config files. If any of these files has a created and modified timestamp mismatch – which means the file has been modified by a user – the installer will not add the necessary binding redirect elements to the configuration file. Without the binding redirection the error occurs.
In this case you have to add the binding redirects yourself. Full instructions are provided in kb2750673.
Lastly the WMI status code changes for SSPR introduced in FIM R2 hotfix rollup 2 that make troubleshooting this error have been back-ported and the DB2 MA is fixed so that it can connect to DB2 on an IBM iSeries v6 or later server.