Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6657 articles
Browse latest View live

Export FIM MA very slow

September 28, 2016, 6:51 am
$
0
0

Hi,

We use FIM 2010 R2 SP1 to sync a user database with AD. As explained in official links

https://technet.microsoft.com/en-us/library/ee534902(v=ws.10).aspx, but db in place of file)

and official installation guides

https://technet.microsoft.com/en-us/library/hh322906(v=ws.10).aspx

https://docs.microsoft.com/fr-fr/microsoft-identity-manager/deploy-use/microsoft-identity-manager-deploy)

sync process may be DB import, DB Sync, FIM export, ...

Howerver we noticed on the third step (FIM Export) a such slow behaviour. As far as we know, we have respected all of the guides requirements, and the server hardware configuration is quite "strong" (4 cpu x 4 cores, 16 Gb), but here are some performance data. 

Considering 1000 entries, in a fresh FIM environnement (only one sync rule inserted in configuration, no MPR, no workflow) :

- DB import (from db to db connector space): 18 seconds (~55 entries/s)

- DB sync (from db connector space to MV, including FIM MA provisionning for export) : 19 seconds (~53 entries/s)

- FIM Export : 180 seconds (5 entries/s) !!!!!!!!!!!!!!!!!!!!!!!!

Considering we have to work with about 300 000 entries for real, and that a full cycle is such longer (after FIM Export, we may have FIM sync, AD export, AD import, AD Sync, FIM Export) with EREs and DREs to sync with FIM...

There is something missing, something we cannot see, but what ? Anyone had similar issues ? Any way to solve this slow slow behaviour ?

We have noticed a real cpu increase during export too. 2 or 3% during import and sync, but 40 to 50 % during export !!!

BR,

Emmanuel IT

Search

Fim 2010 R2 to MIM 2016 sp1 upgrade problem

October 4, 2016, 9:26 am
$
0
0

hi all,

I have performed an upgrade from FIM 2010 R2 to MIM 2016 SP1 sync and service and portal. All setups finished without any error. however, when I try a refresh schema on the FIMMA or any other MA it fails with incompatible version.

did anyone of you encounter this problem?

MM

MIM Synch Service install issue

October 4, 2016, 9:37 am
$
0
0

I'm in the process of setting up a new MIM Synchronization Service instance as an upgrade from FIM 2010 R2. I've installed the software, imported the database from my FIM 2010 R2 server, but I'm getting a weird error when I try to modify the MA for an Oracle Database. Anytime I try to make a change, I get this:

followed by this:

  • I'm on FIM 4.4.1237.0
  • Windows 2012 R2
  • MS SQL 2016, local instance
  • .Net 3.5 enabled; 4.5 installed; 4.6 installed.

Ed Bell - Specialist, Network Services, Convergys

FIM to MIM Upgrade Visual Studio Version

October 4, 2016, 12:23 pm
$
0
0

Hi,

A client wants to use the MIMWAL. They are currently on Visual Studio 2010 and MIMWAL requires 2012 or higher.

Has anyone ever encountered any issues with upgrading Visual Studio and subsequent recompilation of the rules extension and workflow DLLs?

We are trying to assess any risks before deciding to implement MIMWAL for this iteration or leave that for the next cycle.

Thank you in advance for any shared experience with this.

FIM language packs

October 5, 2016, 6:01 am
$
0
0

Hell there,

Need advice.

We have FIM language packs for portal and SSPR Install din our environment.

AS we are upgrading from FIM v-4.1.3613 to MIM 2016, Do we need to upgrade the language packs as well or existng will work with MIM.??

Regards,

SUman

Accidentally deleted Administrator from Portal - now can't access

September 27, 2016, 8:44 am
$
0
0

I've stupidly deleted the Administrator account from the MIM Portal and now I don't have access to Users, MPRs etc.

I was trying to re-import the administrator account and a few new accounts into the portal and thought I could just delete them out of the portal and import them back through the Synchronization Manager. This is clearly not the case!

I don't have any back ups of the Fim Database or anything to fall back on, so I was wondering if there was any powershell commands or any other way of getting the administrator back to how it was. 

I'm hoping I don't have to do a complete re-install! 

Can't believe I have done this! What an idiot!!!

Hoping for an easy fix :(

Certificate Manager Config Wizard: Installation error

October 5, 2016, 1:27 am
$
0
0

Hi,

i am installing Certificate Manager Config Wizard (Microsoft Identity Manager 2016) and after clicking Configure at the end of the wizard i get the following error message:

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Clm.Config.Core.ConfigHelper.RequireSSL(String applicationName)
   at Microsoft.Clm.Config.Steps.Summary.NeedConfigureWebSite()
   at Microsoft.Clm.Config.Steps.Summary.btnConfigure_Click(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ButtonBase.WndProc(Message& m)
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

I have implemented SSL for the Web Portal in IIS (no error message there, but a certificate security warning when i try to open the default website).

Thanks.

MIM SSPR Azure PhoneFactor settings

October 5, 2016, 1:48 pm
$
0
0

Hi,

We are planning to use the MIM SSPR with Azure PhoneFactor MFA option.

Are there any settings in Azure for this PhoneFactor, for example: 

- does Azure dial me again if I press a wrong button on my Phone? how many times does it dial me back?

- how many tries do I get before I may need to call the help desk?

- Will Azure keep dialing me until I answer? are there any timeouts?

- Any other configurable options?

Thanks,

SK


Search

MIM SSPR Azure PhoneFactor Certificate

October 5, 2016, 1:52 pm
$
0
0

Hi,

This walk through talks about copying a .p12 digital certificate to a folder on the MIM server (https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/working-with-self-service-password-reset)

I'm assuming this certificate has an expiry date, and there will need to be maintenance done (copy the certificate again, update the license key, group key and cert password), once this certificate expires?

Thanks,

SK

MIM SSPR Azure PhoneFactor mobile format

October 5, 2016, 1:56 pm
$
0
0

Hi,

What is the mobile phone format that is required for Azure PhoneFactor to work?

We will store the mobile phone details in the 'mobile' attribute, just need to know what Azure expects?

Thanks,

SK

MIM 2016 Post Upgrade Errors.

September 9, 2015, 4:23 pm
$
0
0

In my Dev lab we upgraded FIM 2010 to MIM 2016 prior to attempting in production.  We stood up a new SQL 2012 box and a Server 2012 box.  The front end server has the Synchronization Service and Portal services for Password Registration and Reset.

Upgrade went fine with no errors encountered during the upgrade sequence.

The portal works great and all Resets and Registration works fine after the migration.

My issue is when I launch Synchronization service and attempt to run my FIM Management Agent with any of the Configured Profiles Sync,Import, Export.  I get a pop up that says unexpected error occurred and I get no further information on the actual Syncrhonization Service GUI.

Attached is a screen shot of the pop up.  I refreshed the Schema and it didn't change the situation.  My ADMA works fine without a problem.

Event logs shows the following error:

"the Server encountered an unexepected error while performing an operation for management agent.

"BAIL: MMS(9668): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)

Forefront Identity Manager 4.3.1.1935.0"

I have run a repair on the Service and Portal and came up empty handed.  I also created a 2nd FIM MA just to see if it would go further but it popped the same error.  Any ideas or suggestions?

Statistics not reflected for extensible connectivity 2.0 Management Agents

September 27, 2016, 7:04 pm
$
0
0

Hello,

For an Extensible Connectivity 2.0 file based MA, Export profile is configured and execution of the profile is success and also we can find the exported accounts available in the file.

But the statistics of the same is not reflected. Adds , Updates remain zero even-though we have changes and those changes have been exported successfully.

Can anyone please suggest possible reasons for this behaviour and resolution for the same.

Let me know if any further information is needed.

Regards,

Jyothishree SP 


Reporting using powershell scripts for FIM

October 7, 2016, 8:06 am
$
0
0

How would I find examples of using PowerShell scripts of using FIM\MIM to display basic reports such as disabled or enabled users in an excel\word form?  Any help would be greatly appreciated.  My PowerShell knowledge is basic and I am having trouble finding anything that is easy enough for me to understand.  Thanks for any assistance :)

What does the Status Detail mean? "invalid_message_destination"

October 7, 2016, 10:58 am
$
0
0 
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"></samlp:StatusCode><samlp:StatusDetail><fim:FIMStatusDetail MessageID="invalid_message_destination"><fim:SubstitutionString>https://[idp]/login</fim:SubstitutionString><fim:SubstitutionString>https://[idp]/login</fim:SubstitutionString></fim:FIMStatusDetail></samlp:StatusDetail></samlp:Status>

What does the Status Detail mean?

"invalid_message_destination"

FIM to MIM inplace upgrade Server 2008 R2

October 7, 2016, 9:03 pm
$
0
0

Hi All,

FIM to MIM inplace upgrade in server 2008 r2, I was thinking of install MIM reusing the FIM Database.

The below is the error encounter while doing the inplace upgrade, Could you please show me the way how to do inplace upgrade.

Regards,
Anirban Singha


Search

Calling all FIM Gurus. October readers need feeding!

October 8, 2016, 1:59 pm
$
0
0

Hey you!

Want to be a real-life virtual guru? (pun intended)

Do you want to win the love and admiration of the community you work in?

You can win REAL virtual medals and prove your skills, in a competition that is judged by real Microsoft judges!

Gurus who continue to shine soon get noticed!

Oh yes! We're talking inner circles! Nominations! New horizons!

Step up and stand out!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

TechNet Wiki Community Council Member, Azure MVP, Wiki Ninja & TechNet Guru!

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

MIM SP1 - direct approval link

October 8, 2016, 4:23 pm
$
0
0

Hi,

Using FIM 2010 I have extended approval notification template with link like this:

Request can be seen and approved as well <a href="http://servername/identitymanagement/aspx/Requests/RequestProperties.aspx?id=[//Request/ObjectID]&type=Approval" target="_blank">here</a>

After upgrading to MIM it is still opening approval however when you click approve it doesn't do anything. Is there any new trick to do this with MIM SP1 new UI?

Best regards

Borys

Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

Groups with multiple domains members

October 9, 2016, 9:02 am
$
0
0

Hi,

We have a particular configuration that we want to work.

Our FIM engine hosts a user population split in two parts, each part is represented by a fix value in an attribut. There is a sync rule for each population, which make FIM populate 2 AD domains (in the same forest), one for each population.

This configuration works fine. The problem is in group management. Groups are managed in FIM and injected in the first domain, with member sync of the first domain. There are defined as universal groups, because we need to have domain 2 users in domain 1 groups. Users from the 2 populations are correctly seen as members in FIM, but during export, membership is only propagated for domain 1 users. Looks like fim cannot sync groups in an AD domain with members of another AD domain (same forest), whereas users membership is correct in FIM.

Does anyone already configured something like this ?

BR,

Emmanuel IT

MIM SSPR and Azure MFA On-Premise

October 9, 2016, 6:25 pm
$
0
0

Hi,

This article talks about configuring MIM SSPR to use Azure MFA (in the cloud) 

https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/working-with-self-service-password-reset

However, is there a way to configure MIM SSPR with an on-premise Azure MFA server (that we already have deployed)?

Thanks,

SK

MIMCM Modern App supported workflows

October 10, 2016, 2:52 am
$
0
0

Hi,

recently I tried to test the MIMCM Modern App for managing smart cards, but I fail to see which workflows are supported. It seems to me only self-service workflows are supported, is this correct?

Is it possible to use MIMCM Modern App for certificate renewal in a manager initiated workflow? Is the one time password distribution supported?

Thanks

Martin

Viewing all 6657 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>