Hello,
I am trying to figure out a way where I can have owners of a security group to add and delete users. I created a Management Policy Rule, I can do it this way right?
↧
Owners of Security Groups to add/delete users
↧
FIM connecting with Oracle Access Database
This might not be possible, but I am trying to connect a database on MS Access that is linked to an Oracle database, I want to know if there's possible way to connect those to FIM. The main attribute will be the User's ID, and couple other key attributes.
↧
↧
Accessing to FIM Portal - Unable to process your request
Hi
I am facing an issue where users can't access to the FIM Portal. It doesn't matter are you a normal user or admin. The error message is allways the same, "Unable to process your request".
Also I have managed to get a Detailed error message from the portal but it does point me to nowhere. It is below:
Server Error in '/' Application. -------------------------------------------------------------------------------- Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.NullReferenceException: Object reference not set to an instance of an object. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] Microsoft.IdentityManagement.WebUI.Controls.UICacheUtils.GetCacheKey(CacheKey key) +274 Microsoft.IdentityManagement.WebUI.Controls.NavigationBarConfigurationModel.RetrieveSiteNodeFromCache() +118 Microsoft.IdentityManagement.WebUI.Controls.NavigationBarProvider.BuildSiteMap() +63 Microsoft.SharePoint.WebControls.AspMenu.AdjustForProviderMaximumDepth() +90 Microsoft.SharePoint.WebControls.AspMenu.OnPreRender(EventArgs e) +49 System.Web.UI.Control.PreRenderRecursiveInternal() +154 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Control.PreRenderRecursiveInternal() +239 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4105 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34248
Any ideas what to do next?
↧
Customize Columns displayed on Computers Page list
So I have added computers to the FIM portal to allow IT admins modify computer attributes and project them back to AD.
I am unable to modify the columns displayed on the pages I have created though. I customized the columns in the All Users it was easy, I followed the same steps and modified the columns in the search scope for all Computers but no luck.
Any assistance on this would be helpful.
Russell Lema
↧
FIM 2010 SQL database as password target not working
I have enabled password sync (pcns) in FIM and use our AD as the source. I've got 2 target MA's, 1 being a simple SQL database. Both targets have the MA's have password management enabled and the SQL MA has a custom extension assigned.
When I change a password in AD I can see the correct events being created on the DC.
On the FIM server I can see events (stage & set) being created for the 1 MA but the SQL MA is not even triggered. No errors nothing. What am I missing?
Thanks
JD
↧
↧
FIM SSPR Gates
Is it possible to have SMS gate active only when the user is accesing the FIM Portal outside the N/W ?
↧
FIM 2010 R2 SP1 Mainstream Support Ends July 2015
Hi,
According to http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=forefront+identity+manager&Filter=FilterNO, mainstream support for FIM 2010 R2 SP1 ends on 7/14/2015. While extended support ends on 7/14/2020.
So...
- Is Microsoft planning to release SP2 for FIM 2010 R2?
- If not, then MIM 2015 has to RTM before 7/14/2015?
And unless you have Extended Support, you shouldn't even consider FIM 2010 R2 at this stage?
So what about customers that are currently planning/testing to deploy FIM in the middle of 2015? Should they continue working with FIM or rather develop/test on MIM?
Comments?
↧
Number of objets supported by Metaverse
Experts,
Could anyone suggest how many objects can we manage by FIM(Specially FIM Synch Service)? My curiosity arises because only one instance of FIM Synch service can be active at a time.
How many objects can we go on making without hitting a performance or functionality hit?
Thanks,
Mann
↧
Forefront Identity Manager and Domino (Lotus Notes)
I am new to FIM, I was wondering have someone here been able to setup FIM to work with Domino, so that the below processes are automated in Domino. It is hard to get an overview of what is possible.
Creating Notes users?
What if the there are 2 persons with the same name and identifier?
Re-creating users that have left and re-joined the company and are listed i terminations group / ID vault?
Change Notes users?
Change certifier?
Change name?
Delete Notes users in Domino?
Kind Regards
Peter
↧
↧
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
Event log:
The mail sender could not send an outbound email. This failure indicates a misconfiguration either with the mail server or with the specific mail. Frequent, repeating instances of this event indicate a failure with the mail server. If this
event occurs alongside event 12, then this event indicates a failure with Exchange. Infrequent instances of this event indicate misconfiguration of individual emails.
The mail server address is incorrect or specific outbound email has invalid data.
Ensure that the mail sender is configured to connect to the correct mail server and that the outbound mail has correct email addresses.
The specific exception reported by the mail server:
--------------------
This is every time i am trying to register for password reset.
Exchange 2013
This is from C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config
<add key="mailServer" value="https://mail.mydomain.com/ews/exchange.asmx" />
<add key="isExchange" value="1" />
<add key="sendAsAddress" value="fim-farm@mydomain.com" />
P.S. Ip of FIM server is added for free relay in exchange, so i can freely send mail with telnet.
Be real
↧
AD Connect, setting AD permissions
On the "install required components" page in the custom setting setup wizard we can give up a service account:
1) is this account only used to start the sync service locally on the server?
2) is this account not used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
2) is this account not used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
On the "connect your directories" page in the custom setting setup wizard we need to enter credentials:
1) this account is used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
2) this account we enter can only be a domain user right
3) this blog (https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect-account-summary/) spreaks about setting additional permissions on the account if we use specific scenario such as password sync and hybrid environment. The blog post describes which permissions are needed but not how to set these. Is there a guide how to set these permissions, is there a script how to set this permissions?
2) this account we enter can only be a domain user right
3) this blog (https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect-account-summary/) spreaks about setting additional permissions on the account if we use specific scenario such as password sync and hybrid environment. The blog post describes which permissions are needed but not how to set these. Is there a guide how to set these permissions, is there a script how to set this permissions?
↧
FIM Synchronization Service hotfix was not successfuly installed
Hi everyone,
I'm experiencing troubles while trying to upgrade FIM Synchronization by installing hot fixes.
My current version is (4.1.3114.0) and I need to go up to new hotfix (4.1.3613.0).
While installing the file (FIMSyncService_x64_KB3011057), I am getting this message :
" Forefront Identity Manager Synchronization Service was not successfully installed. To install Forefront Identity Manager Synchronization Service, run this wizard again."
When I run it again, I get the same message.
I will be grateful if someone can help.
Thanks in advance.
↧
Unable to retrieve schema when using MA based on ECMA2
When I try to create a MA based on ECMA2 I get an error on the connectivty page.
For instance if I use a SQL MA based on ECMA2 I get an error on the connectivity page stating "Unable to retrieve schema. Error: An anchor attribute defined by the extension...."
JD
↧
↧
Fim Reset password not working
Have this in logs
1) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity.rules.
2) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ReceiveCreateResourceActivity.rules.
3) ERROR: Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.ResourceManagement.WebServices.Client.AuthorizationRequiredException: Permission is
required
at Microsoft.ResourceManagement.WebServices.Client.Resource.Update(ClientOptionsHelper clientOptionsHelper)
at Microsoft.ResourceManagement.WebServices.ResourceManager.ResumableUpdate()
at Microsoft.ResourceManagement.WebServices.ResourceManager.Resume(ContextualSecurityToken securityToken)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.FinalizeRegistration()
at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
at System.Web.UI.TemplateControl.OnError(EventArgs e)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.default_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
4) WARNING: Invalid or NULL email address
5) ERROR: Microsoft.ResourceManagement.Service: System.ArgumentException: Invalid or NULL email address
at Microsoft.ResourceManagement.Mail.Utilities.ValidateMailMessage(GenericMessage message, IMailServer mailServer)
at Microsoft.ResourceManagement.Mail.ApprovalMessage.Send(Int32 timeoutInMilliseconds)
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.SendMailMessage(MessageContent messageContent, Int32 timeoutInMilliseconds)
at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
--------------------------------------
What is already done:
1) Double checked all setup process with permissions, wmi, dcom, etc.
2) double checked that Fim service account is mail enabled end can successfully reach EWS web page without any issues.
3) All users have e-mail fields filled
4) Totally confused. Don't know where to dig.
Be real
↧
Owner and Displayed Owner, Distribution Groups
I have some Distribution Groups which can be managed through Exchange by the owners. I have inbound Sync rules to import the changes to FIM. I am facing following issues in the process:
1) If a new owner is added to a group through Exchange, after import, I can see the the new user in the owner attribute, but the previous owner only in the Displayed Owner attribute (not as both owner and Displayed Owner). This causes the error in the FIM portal when I open the group "Please select a displayed owner among the owners above".
2) If an owner adds a new owner to the group through exchange, and if the new owner comes above in the list in alphabetic order, then the new owner is set as the Displayed Owner in FIM after import (the displayed owner gets changed).
how can I address these issues? Any help will be appreciated.
↧
FIM Lab standalone server
hello,
I want to prepare a lab for my FIM deployment. do you think it is possible to have all roles in a single server? I mean to have portal sync and SCSM on a single server. this is because I am running low on resources and as a result I want to have a FIM server for everything related for my FIM.
Thanks
↧
Cannot open FIM Synchronization service manager
Hi all,
I got an error when I try to open FIM Synchronization Service although the service is started now.
My current login account is a member of administrators local group and FIMSyncAdmins group. (Even a member of Domain Admins). But it cannot work.
I also try to restart the server (because right after install FIM, I also installed hotfix for FIM server)
Anyone can help please?
↧
↧
Azure Dirsync some groups do not sync
I have Azure DirSync setup, working. Have been syncing user groups for Office, OneDrive, SharePoint. No Exchange online. Exchange is completely on prem.
No issues with syncing users, licensing for Office, OneDrive all good.
Now I need to start syncing some groups for SharePoint permissions. I've added OUs for groups to partitions that will sync with DirSync. Some groups sync okay, others cannot be seen in Azure. It appears that the groups that are not syncing are all distribution groups. Again - no - Exchange Online, Exchange is on Prem.
What is required to sync an on prem distribution group in Azure?
↧
Forefront Identity Manager Service and Portal -- Error 1316. The specified account already exists.
Trying to modify FIM 2010
Product Name: Forefront Identity Manager Service and Portal.
Product Version: 4.1.3646.0.
Product Language: 1033.
Reconfiguration success or error status: 1603.
In debug logs finded only Error 1316. The specified account already exists. Can't imagine what's wrong, as all service accounts are working ...
Debug LOG, containing exact error and install sequence:
Action start 21:35:11: InstallExecute.
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Removing feature for microsoftidentitymanagement.wsp
CAQuietExec: Retracting microsoftidentitymanagement.wsp
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Removing feature for microsoftilmportalcommondlls.wsp
CAQuietExec: Retracting microsoftilmportalcommondlls.wsp
MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
MSI (s) (CC:38) [21:45:51:298]: Product: Forefront Identity Manager Service and Portal -- Error 1316. The specified account already exists.
Action ended 21:45:51: InstallExecute. Return value 3.
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack deployment.
CAQuietExec: Deploying microsoftilmportalcommondlls.wsp
CAQuietExec: Adding feature for microsoftilmportalcommondlls.wsp
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack deployment.
CAQuietExec: Deploying microsoftidentitymanagement.wsp
CAQuietExec: Adding feature for microsoftidentitymanagement.wsp
Action ended 21:48:54: INSTALL. Return value 3.
Action ended 21:48:54: ExecuteAction. Return value 3.
Action start 21:48:54: FatalError.
Action ended 21:57:19: FatalError. Return value 2.
Action ended 21:57:19: INSTALL. Return value 3.
=== Logging stopped: 14.07.2015 21:57:19 ===
MSI (c) (E0:A0) [21:57:19:026]: Product: Forefront Identity Manager Service and Portal -- Configuration failed.
Be real
↧
Wipe FIM configuration
Still having a few issues with upgrading our FIM dev environment to be a replica of prod. The scripts MS provide for export & import schemas & policies work on the export side but fail on import.
Is there a way to wipe the existing FIM dev environment (i.e. remove all MA's and non standard portal content) but without having to rebuild the whole FIM server?
Thanks,
Mikey
↧