Thanks in advance.. 

We are using Office 365 for our e-mails flow.

in our organization we are using window 7 on many machine.. on some machine we are using window 8.1

Skype for business is working very well on 8.1

but in window 7 we are not able to install the same. so we are decided to install Lync 2013 for window 7.

but after installation unfortunately we are not able to login in Lync 2013 on window 7.

"The server is temporarily unavailable. If the problem continues, Please contact your support team."

PLease help us.

Thannks & Regards Naveen Singh

Hi All,

I've spent a fair amount of time customising RCDC's for the User Create/Edit/View UI views, wanting to have a specific view for specific end-user purpose (long story). I now understand that it is only possible to have these 3 RCDC's (create/edit/view) for each type of object, but I was wondering about this...

Is it possible to create a custom URL that will do the following:

- Open the ~/IdentityManagement/aspx/users/EditPerson.aspx UI dialog

- Preselect one of the tab/groups? e.g. The Contact Info tab.

I see that in the EditPerson.aspx UI it is being done with the following: javascript:__doPostBack('ctl00$PlaceHolderMain$EditPerson$uoc$navigate_ContactInfo_linkbutton','')

What I'm wanting is to have a link on a sharepoint 2010 site that will take the user to the specific FIM "My Profile" tab/panel that has the attributes they can edit, rather than having them drill through each panel to find them. I hope this makes sense...

If this is not workable/possible, does anyone have any other ideas? It is a crying shame that FIM2010 and the UPS in SP2010 aren't one and the same product...

Thanks in advance for any help or insight anyone may have :)

I am wondering how can I set an ad attribute bit value based on a boolean metaverse value.

So if I want to set LSB to 1 in ad, is this the correct way? I am a little bit confused with this.

IIF(BooleanAttribute,BitAnd(1,1),BitAnd(1,0))

I feel stupid having to as this, but:

I have been using the MSDN version of MIM 2016 for my Lab, but now I need to move into production and I can not find where to download the GA release of MIM 2016. I meet the requirements of having MIM 2016 Cals, and Windows Server with SA, but I dont see the server download in my volume license site or anywhere else for that matter.

The MIM site states that:

Microsoft Identity Manager 2016 is licensed on a per-user basis. A Client Access License (CAL) is required for each user whose identity is managed. A Windows Server license with active Software Assurance is required to use Microsoft Identity Manager 2016’s server software as a Windows Server add-on.

So, where do I download or acquire this "add-on"?

Thanks!

Hi,

I have installed MIM 2016 (RTM) with SQL 2010 and SharePoint 2013 SP1.

I installed SharePoint 2013 SP Spanish Language Pack. I could configure SharePoint Central Administration Site in Spanish (Site Setting -> Language Settings) and it worked fine (I changed Internet Explorer language configuration and site language changed).

I could configure MIM Portal language setting too.

I installed MIM Service & Portal, MIM Laguage pack (Spanish) ...

But of I changed Internet Explorer Language configuration, MIM Portal DID NOT change language (but SharePoint did, I can see "Site Actions" in Spanish in right/up corner).

How can I install Language pack in MIM With SharePoint 2013 SP1

Thanks in Advanced

Best regards

JuanCC Technology Specialist

We have several domains  to manage for our customers, so we have installed "FIM 2010 R2" to manage our admin-accounts. But if I now try to delete a user, by deletion from the "User Set", I get this error (please note the screenshot) after synchronization.

I don't get more information about this error, not in the eventvwr and also not in the FIM-Panel even. 

Maybe someone knows more about this issue I would be very thankful for helping to solve this problem.

If more information is needed let me know what kind of.

Thank you

After migrating the 3 FIM DBs to a new SQL Server (2012) using the following migration process, we noticed an issue with FIM MA in the Management Agent Operations, specifically with FIM MA running Export and Delta Import:

1. We took a full snapshot (VM) and backup of our FIM server

2. On our FIM server:

a. Disabled any scheduled FIM tasks (FIM Delta/Full) in Task Scheduler

b. Ensured that all Management Agents had a "Idle" status before proceeding

3. RDP'ed into our old SQL Server

a. Backed up all FIM related DBs

i. FIMService

ii. FIMSynchronizationService

iii. FIMSyncPortal

b. Copied all backup copies of the FIM DBs to the new SQL Server location

4. On the FIM server

a. Stopped the Forefront Identity Manager Sync Service and Forefront Identity Manager Service

5. RDP'ed into new SQL server

a. Restored all 3 FIM DBs on the new SQL Server

b. Created the necessary service accounts on the new SQL server, mapped to the 3 FIM DBs w/ appropriate permissions:

i. domain\SVC_FIMSync

ii. domain\SVC_FIM

iii. domain\SVC_FIMMA

6. Back on our FIM Server, went into REGEDIT to point FIM to our new SQL Server:

i. Navigated to HKEY LOCAL MACHINE>SYSTEM>Current Control Set>Services>FIMSyncService>Parameters

ii. Changed the Server Property value to: [New SQL Server]

iii. Navigated to HKEY LOCAL MACHINE>SYSTEM>Current Control Set>Services>FIM Service

iv. Changed the DatabaseServer to: [New SQL Server]

7. Started the FIM Services that were stopped in step 4

a. Ensured the FIM Sites were started in IIS, if not clicked Manage Sites>Start

i. Sites SharePoint-80 (IdentityManagement), FIM Password Registration, FIM Password Reset

 8. Opened FIM Synchronization Service Manager, ensured Management Agents appeared and that I could see the Run History in the Operations tab

9. Re-enabled the FIM tasks (Delta/Full) in the Task Scheduler

Everything seemed to be working as it should however we noticed that FIM MA, specifically Export and Delta Import, was giving us a "Stopped Server" error.  All other Operations are running as they should.  More specifically, the Export operation is the one that is giving us trouble.  

Please help!

Is it posible to use one FIM CM Web Portal to manage certificates for multiple forest users, consolidating the CA on one forest.?

I mean not using one CA for each Forest.

Is there any documentation that I could use as a guide?

Certificates will be for Smart Card logon, and EFS. CA will be running on Windows 2008 R2.

Thanks,

Andrés.

We have to get new certs for fimportal in new name. fimportal is hosted as fimportal.addomain.local extension and going forward it will be hosted as fimportal.domainname.edu url. What are the places should I be changing the url after the newcerts are added?

1) In sharepoint, alternate access mappings?

2) Do I have to run fimportal installation again on portal and service server?

resourcemanagement client and resourcemanagementservice has fimportal.addomain.local in config file.

3)In sync engine, fimma, fim service base address is http://fimportal.addomain.local:5725. Should that be changed too?

Please advise.

In my Dev lab we upgraded FIM 2010 to MIM 2016 prior to attempting in production.  We stood up a new SQL 2012 box and a Server 2012 box.  The front end server has the Synchronization Service and Portal services for Password Registration and Reset.

Upgrade went fine with no errors encountered during the upgrade sequence.

The portal works great and all Resets and Registration works fine after the migration.

My issue is when I launch Synchronization service and attempt to run my FIM Management Agent with any of the Configured Profiles Sync,Import, Export.  I get a pop up that says unexpected error occurred and I get no further information on the actual Syncrhonization Service GUI.

Attached is a screen shot of the pop up.  I refreshed the Schema and it didn't change the situation.  My ADMA works fine without a problem.

Event logs shows the following error:

"the Server encountered an unexepected error while performing an operation for management agent.

"BAIL: MMS(9668): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)

Forefront Identity Manager 4.3.1.1935.0"

I have run a repair on the Service and Portal and came up empty handed.  I also created a 2nd FIM MA just to see if it would go further but it popped the same error.  Any ideas or suggestions?

Hi,

I am successfully provisioning users in AD via FIM however I need to add user in a specific group. By default all newly provisioned users are member of Domain Users and now I want to add them in another group say "FIMGROUP".

Your help will be appreciated.

Regards
Sarwar

Sarwar

Not sure where to go with this. I'm getting several identical errors (cd-error) when exporting my groups to BHOLD. The error message doesn't contain a stack trace. But, I did configure logging for BHOLD.  BHOLD is reporting this error when an export is run:

Sql Exception Encountered

Stack: System.Data.SqlClient.SqlException (0x80131904): Reraised Error 2627, Level 14, State 1, Procedure tasks_INSERT_QueueManagementTrigger, Line 16, Message: Violation of UNIQUE KEY constraint 'PermissionNameApplicationId'. Cannot insert duplicate key in object 'dbo.Permissions'. The duplicate key value is (InvestmentStrategies, 2).
   at System.Data.SqlClient.SqlCon ..... <bla-bla-bla>

followed by a list of group names similar to this:

Base Table:
ObjectIdentifier bholdDescription bholdTaskName bholdMaxRoles bholdMaxUsers bholdAuditAction bholdAuditAlertMail ApplicationDescription 
0 Network Configuration Operators Network Configuration Operators     Active Directory 

1 Performance Log Users Performance Log Users     Active Directory 

I tried to delete this group in BHOLD-Core, but the group name doesn't show up in my search.  So, I'm stuck.   I can't get anything to process in BHOLD.  And, I have no idea how to fix this.

Any suggestions?  I going to open up a support incident soon.  This is wearing my patience.

Thanks,

Greg

I am using a default User history report.

I noticed that report return "almost duplicate" values for at least Delete operation types. So basically there are 2 rows for deleted person. The only difference is that Attribute Value column is empty in another row and in another row there is a value. Like below.

Username, Operation type, Attribute name, Attribute value
User1, Delete, ObjectID, 234234-234-234-234
User1, Delete, ObjectID, 

I am trying to install PAM server. I have followed this guide https://technet.microsoft.com/en-us/library/mt345588.aspx with a couple of difference with my environment. 

I have allready done steps 7a and 7b, but in the step 7c I can't find any files under \the Privileged Access Management Portal\folder.

Also when I am trying to access to addresses http://localhost:8086/ and http://localhost:8090/ I get http errors.

This from the first one:

HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.



Detailed Error Information:



Module
   WindowsAuthenticationModule

Notification
   AuthenticateRequest

Handler
   ExtensionlessUrlHandler-ISAPI-4.0_64bit

Error Code
   0x80070021

Config Error
   This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

Config File
   \\?\C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API\web.config



Requested URL
   http://localhost:8086/

Physical Path
   C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API

Logon Method
   Not yet determined

Logon User
   Not yet determined




Config Source:
   36:       <authentication>
   37:         <windowsAuthentication enabled="true" useKernelMode="false"/>
   38:       </authentication>

And this from the second one:

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.



Most likely causes:
•A default document is not configured for the requested URL, and directory browsing is not enabled on the server.



Things you can try:
•If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.
• Enable directory browsing using IIS Manager. 1.Open IIS Manager.
2.In the Features view, double-click Directory Browsing.
3.On the Directory Browsing page, in the Actions pane, click Enable.

•Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.



Detailed Error Information:



Module
   DirectoryListingModule

Notification
   ExecuteRequestHandler

Handler
   StaticFile

Error Code
   0x00000000



Requested URL
   http://localhost:8090/

Physical Path
   C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management Portal

Logon Method
   Anonymous

Logon User
   Anonymous

Hi all

I have several FIM Sync engine installations and currently using Sørens Codeless provisioning FIM.MRE.dll to provision users from one Source AD to another destination AD.

In the destination AD, all the users are Lync enabled based on the presense of an attribute in their userobject. If this attribute is not present the user will not get Lync enabled.

This is what I am trying to achieve:

• When the users gets deleted/remove from the OU in Source AD, FIM should automaticly run a powershell script to disable the user from Lync
• Then the user should be deleted from the Destination AD
• Then the user should be deleted from CS og MV

Does anyone have any clue how to make this powershell script trigger based on the fact that the user is disconnected from the Source AD?

And as I described, I'am not using FIM service in this installation.

BR Andre

Andre

I have implemented declarative rules for managing a specific group from a source forest to target forest. I have successfully added users to the group by modifying the source group and having them sync to the target group membership.

even with it working I was seeing errors that require attribute was missing "membershipLocked" and after reviewing documentation and blogs I added it to the inbound attribute flow on the soruce & target connectors.  It is set to "false".

Now I am getting permission errors on the Add to membership on the target.  Any suggestions?

Thanks,Stu

Hello!

I have FIM 2010 R2.

When I connect to FIM Portal from server FIM - all ok.

When I connect to FIM Portal from other server - I can't sign in to the FIM Portal.

Basic auth work correct from the other server.

Help!

Alex

Hello, 

I developped a custom SMS OTP dll for FIM2010 R2, but I didn't find a way to send to FIM portal result when it concerns errors. 

Even I put throw new Exception("Test result") , in the request I have "ValidationError:UnableToSendSecurityCode" anyway to customize this message dynmically. 

Thanks

Regards

Hi, 

I m'a facing an issue, actually I'am trying to update a validation pattern for One Time password mobile phone attribut but I got this error. 

The same regex works with the mobile phone, any idea !!!

Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4
Correlation Identifier: 60551445-a586-4b5a-9df8-d8a0ba736a69
Microsoft.ResourceManagement: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> Procedure: ReRaiseException.  Line number: 37.  Message: A Sql failure occurred.evel 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure PostProcessBindingDescriptionUpdate, Line 455, Message: DataAccessSqlException: The attribute StringRegex for attributeTypeDescription object StringRegex cannot be modified since it is a system object..
   --- End of inner exception stack trace ---
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest(RequestType request)

Regards