Hi,
I have installed BHOLD core.but the B1ervice is not starting.
When i start the B1Service manually .the error reads " Windows couldn't start the B1Service on Local Computer"
Error 1053:The service did not respond to the start or control request in a timely fashion.
shakti
One of my clients mistakenly deleted their default portal admin account. They were not able to restore from backup, so I advised them to contact Microsoft support to get assistance with restoring the account.
To my surprise, support did not touch the service database. Instead, they had my client manually create a portal user, put it in the admin set, assign the account SharePoint permissions, etc. Support advised my client that the default admin account with well known GUID 7fb2b853-24f0-4498-9534-4e10589723c4 is not needed. You just need to have one admin account.
Is that true? The default portal admin account with the well known GUID 7fb2b853-24f0-4498-9534-4e10589723c4 is technically not required, and can be deleted (as long as you have some admin account)?
Hi,
Users should reside in different Organizational Units (OUs) in AD, based on their department(as in lab 4c, exercise 1 in the FIM A515 Basic course). The flow from MV to AD CS is as following for the “dn” attribute:
· distinguishedName ->dn (initial flow only)
· distinguishedName ->dn
distinguishedName is a custom attribute on the form “CN= JACK JOHNSON,OU=Users1,DC=TEST,DC=COM”, generated in a custom workflow. Always pointing to an existing OU.
When distinguishedName change from e.g. “CN= JACK JOHNSON,OU=Users1,DC=TEST,DC=COM” to “CN= JACK JOHNSON,OU=Users2,DC=TEST,DC=COM” the user should be moved from OU Users1 to OU Users2. The new dn value flow to the AD CS as it should. However, after an export run on the ADMA(without any errors), an delta import run on the ADMA gives an “exported-change-not-reimportet”, pointing to the dn attribute, and the user has not changed OU in AD.
Using FIM RC1 Update 2 (4.0.2574.0)
Best regards
Erlend
My current situation below,
if create new AD user or group, both are fine to be synchronized to target AD
if I changed existing membership for a group in source AD, like to add new existing users to existing group or remove users, then I saw the change can be synchronized to MV, but it won't be synchronized the change to target AD.
Does someone meet the issue before or give me some guide how to fix this issue?I've searched as much as I can but unable to find a clear definition. According to https://blogs.msdn.microsoft.com/connector_space/2014/12/30/understanding-the-fim-service-management-agent-fim-ma/
"For any resource type that has an Object Type Mapping with a metaverse resource type, any object projected to the metaverse will provision to the FIM MA connector space. Synchronization Rule Provisioning (tools->options) has no affect on this behavior"
If this is the case, what is the purpose of Sync Rule Provisioning?
Thanks
Trying to use Sorens Granfeldts, Create Object WF activity to create dynamic groups.
In a standard function evaluator activity I generate the Filter as [//WorkflowData/Filter]
The "string" I set it to is:
<Filter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Dialect="http://schemas.microsoft.com/2006/11/XPathFilterDialect" xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration">/Person[ObjectID
= /*[ObjectID = '8dfcb5e8-ff01-400c-8ca7-2a0002d2d2d4']/ComputedMember]</Filter>
In the CreateObject activity I then just have [//WorkflowData/Filter],Filter among the initial values.
The creation works if I remove this attribute so the rest of the attributes seems to be working.
The creation fails however end I get the error below in the Forefront Identity Manager event log.
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ResourceManagement.WFActivities.Resolver.GetDisplayStringFromGuid(Guid id, String[] expansionAttributes)
at Microsoft.ResourceManagement.WFActivities.Resolver.ReplaceGuidWithTemplatedString(Match m)
at System.Text.RegularExpressions.RegexReplacement.Replace(MatchEvaluator evaluator, Regex regex, String input, Int32 count, Int32 startat)
at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator)
at Microsoft.ResourceManagement.WFActivities.Resolver.GetStringAttributeValue(Object attribute)
at Microsoft.ResourceManagement.WFActivities.Resolver.ResolveEvaluatorWithoutAntiXSS(String match, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.WFActivities.Resolver.ResolveEvaluatorForWithAntiXSS(String match, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.WFActivities.Resolver.ReplaceMatches(String input, Boolean useAntiXssEncoding, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.Workflow.Hosting.ResolverEvaluationServiceImpl.ResolveLookupGrammar(Guid requestId, Guid targetId, Guid actorId, Dictionary`2 workflowDictionary, Boolean encodeForHTML, String expression)
at Microsoft.ResourceManagement.Workflow.Activities.ResolveGrammarActivity.Execute(ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
at System.Workflow.Runtime.Scheduler.Run()
Have anyone used this WF activity to create dynamic groups and can tell how to set the Filter?
Hello everyone,
I have a problem with a MIM deployement.
I'm using MIM sync and MIM service with a language pack (French).
I've done the update to the patch 4.5.286 (i was on 4.4.X).
I've updated MIM sync with no problem. The update of MIM Service and the language pack broke my RCDC. I've "successfully" reproduct this problem on a "blank" deployement of MIM 2016 :
Symbol File:
<SymbolResourcePairs><SymbolResourcePair Symbol="test" ResourceString="blablabla"/><SymbolResourcePair Symbol="EditUserPanelCaption" ResourceString="Edit User"/><SymbolResourcePair Symbol="CaptionTabCaption" ResourceString="caption"/><SymbolResourcePair Symbol="BasicInfoTabCaption" ResourceString="General"/><SymbolResourcePair Symbol="BasicInfoTabHelpText" ResourceString="More information"/><SymbolResourcePair Symbol="PhotoPromptForNoValueCaption" ResourceString="No photo specified."/> <SymbolResourcePair Symbol="AllowCaption" ResourceString="Allow"/><SymbolResourcePair Symbol="DenyCaption" ResourceString="Deny"/><SymbolResourcePair Symbol="ControlBasedRASPolicyCaption" ResourceString="Control based on RAS policy"/><SymbolResourcePair Symbol="WorkInfoTabCaption" ResourceString="Work Info"/><SymbolResourcePair Symbol="WorkInfoTabHelpText" ResourceString="More information"/> ...</SymbolResourcePairs>
RCDC File
<my:Control my:Name="FirstName" my:TypeName="UocTextBox" my:Caption="%SYMBOL_test_END%" my:Description="" my:RightsLevel="{Binding Source=rights, Path=FirstName}"><my:Properties><my:Property my:Name="Required" my:Value="{Binding Source=schema, Path=FirstName.Required}"/><my:Property my:Name="Columns" my:Value="34"/><my:Property my:Name="MaxLength" my:Value="128"/><my:Property my:Name="Text" my:Value="{Binding Source=object, Path=FirstName, Mode=TwoWay}"/></my:Properties></my:Control>I've put the symbol file in all language in the RCDC "configuration for user editing" in the localization tab (Neutral, French, English)
If someone got any idea ...
Thanks in advance !
While I look for the cause of this myself, I wanted to ask the question to here also.
My MIM 2016 SP1 Portal has my users and groups from my AD. Likewise, my AD contains the group I created in my MIM Portal. Only problem that seems to exist is that the user accounts that are a member of Testgroup1 do not export over from my AD. Also, in TestGroup1, if I add a member to it in the Portal that user does not import back over to AD when I Synch and Export.
Recap:
In AD Testgroup1 contains 3 user accounts and no Manager information. Information appears in MV.
In the portal, Testgroup1 which was imported from AD, contains no users after the import. NOTE: Testgroup1 does update in the Portal if I make a change in AD.
In the portal, I add 1 user and 1 manager to Testgroup1. When I sync, the MV does not show the change. So it also does not update AD when I export. My SR for Outbound Group does include Outbound Attribute Flow for Member => Member and DisplayOwner => ManagedBy
Have I misconfigured something or forgotten something?
Hi,
I can access the web url versions of these services, so the problem is not my security access. But, the apps for MSX Apportal and the Expense Management tool do not work on my surface book. They will not authenticate me.
Regards,
Amy
Hello,
I'm facing a question.
Background:
I joined a company recently, and my account was created as chenry.li , I logged on my computer with this account, and applied a certificate for this account on FIM as well. And then I found it's not the exact username I want, so I asked the
IT guys to change my sAMAccountName, UserPrincipalName, displayName andSurname, and now my username is chenry.lee, the one I want.
My Question:
After changing the username, I can't access FIM any more, it says:
Please note the following information and contact your system administrator:
Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)
To continue press the browser's BACK button. If this error persists, please contact your system administrator.
The IT guys checked the logs, and it says I access FIM with my old account,
chenry.li, and as I mentioned above, this username has been changed, and can't be found in AD.
Now our guys checked everything they could find, but the problem insists like a stone. The final solution is to delete my account, and create a new one, but there're too many dependences, it's real a big deal, and I prefer to find a direct solution.
Any one can help on this problem? Thank you in advance.
Hi All,
I want to deploy JML for Sage-Salesforce application where RESTApi is exposed for connection.
Suggest me which connector I can use to integrate Sage with MIM. And What are all the pre-requisites required from client side to access the API.
I tried Webservice MA with Web Service configuration tool. But this doesnt seems to work.
Thanks,
Gnana
Hello Team, I am trying to make exchange create a mailbox for a newly provisioned user in AD. I have added homeMDB,msExchangeHomeServerName,mDBUseDefaults, mail and mailnickname, proxyaddress as the attributes. And on the Sync Engine, I have added my Exchange Server's powershell URL - http://<servername>/powershell I have also added my ADMA into the Exchange Admin group on the Exchange Server. I then create a user on MIM Portal and then run the Full import, Full Sync , Export and then ADMA Full Import and Full Sync and Export , but I get the below error during Export - The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException Message: Processing data from remote server fdv-wi-post1.felles.firma.no failed with the following error message: [ClientAccessServer=<server hostname >,BackEndServer=<server name>,RequestId=df60b7ba-f9b2-4b4f-86ab-3fb2776afd3f,TimeStamp=11.04.2019 10:19:39] [FailureCategory=WSMan-Others] The EndpointConfiguration with the http://schemas.microsoft.com/powershell/Microsoft.Exchange identifier is not in a valid initial session state on the remote computer. Contact your Windows PowerShell administrator, or the owner or creator of the endpoint configuration. For more information, see the about_Remote_Troubleshooting Help topic. Stack Trace: at System.Management.Automation.Runspaces.AsyncResult.EndInvoke() at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult) at System.Management.Automation.RemoteRunspace.Open() at Exch2010Extension.Exch2010ExtensionClass.OpenConnection(String uri, PSCredential credential) at Exch2010Extension.Exch2010ExtensionClass.BeginExportToCd(String connectTo, String domain, String server, String user, String password) the message resource is present but the message is not found in the string/message table Note: We have Exchange server 2013 in our environment. Any expert advise will be helpful. Thank You.
I am trying to apply the lastest hotfixes to my dev environment going from 4.4.1642.0 to 4.4.1749.0 and 4.5.286.0. The Sync server data base upgraded no problem. but when trying to apply the FIM Service and MIM Service patches they fail and rollback.
Both give this error in the DatabaseUpgrade_tracelog
Specified upgrade from version: 2011 to the latest version is not supported.
Microsoft.ResourceManagement Error: 3 : Database upgrade : Encountered errors when upgrading the database schema.
Is there a patch after 4.4.1642.0 that I'm missing?
Hi,
I have my PRD and QA FIM servers with diferent versions of Microsoft.ResourceManagement.dll.
What might be the reason for this have appened and what is the recommended approach to put all the server with the versions of the PRD server?
Thanks,
JD
Hi,
When installing MIM 2016, we'd like to use the latest SPS 2016 product.
MIM Sync will be installed on one server.
MIM Service & Portal will be installed on another server - do we also need to install SPS 2016 on this same server?
Or can we deploy SPS 2016 on another server from the MIM Service & Portal server?
Thank you,
SK
Hi,
Is PCNS v 4.1.3114.0 supported on Windows Server 2016 Core?
Also, if there's a resource online with this type of information about PCNS, I would greatly appreciate a link.
Thank you!