Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6657 articles
Browse latest View live

MIM 2016 transaction deadlock error on export to FIM MA

May 8, 2019, 8:07 pm
$
0
0

I'm getting a deadlock error for groups when running an export on the FIM MA.  Or MIM MA or whatever it's called now.  I set up the required attribute flows and sync rules (after having some failures around not having group type and scope flowed).  And enabled the group sync MPRs.  I haven't had group provisioning working in this instance yet. It is provisioning projected AD users to an LDAP server though, so I've got that going for me.

This is on version 4.5.286.0.  Can anyone offer suggestions?

Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1205, Level 13, State 51, Procedure GenerateRequestOutput, Line 2147, Message: Transaction (Process ID 325) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.


Search

RCDC: How to know when the a RCDC was changed

June 12, 2019, 6:52 am
$
0
0

Hi,

How can I know when a RCDC (USerd Editing) was changed?

Thanks,

JD

OpenLDAP MA Not "percolating" export errors (LDAP error 21) to Console?

June 12, 2019, 10:30 am
$
0
0

Hi,

It's been quite awhile since I've worked with FIM/ILM, but I was asked to provide some support recently...

We are using the OpenLDAP MA to connect to an Oracle OUD instance, and we happen to have validation enabled on some of the attributes in the OUD, where the validation checks for the attribute value and if it is not among a list of valid values, the OUD gives and "LDAP Error 21".

We noticed that when we are running an Export, the FIM/ILM console is not showing any errors in this case.

Shouldn't the MA be somehow causing an error to be appearing in the console? Or, is there a way to configure the OpenLDAP MA to do that?

Also, does that MA do any logging of its activities, and if so, where should the log file be?

Thanks,

Jim

Can the OpenLDAP MA delete/empty an attribute from an existing user in the LDAP?

June 12, 2019, 12:11 pm
$
0
0

Hi,

We are using the OpenLDAP MA to connect to an Oracle OUD instance and we have a scenario where we want to/need to either delete or empty a specific attribute for a user in the LDAP (OUD) during/via the export operation, but we do not appear to be able to make that happen.  We have tried flowing an empty string (""), but cannot make the attribute empty in the OUD.

Is there any way to accomplish this using the OpenLDAP MA?

Thanks,

Jim

yubikey lockout

June 12, 2019, 8:50 pm
$
0
0
I recently entered the PIN wrong too many times while trying to use my Yubikey. All it tells me is you've entered incorrect PINs too many times. Use a different sign-in option, or contact your IT support person. However this message is completely useless to me considering this is a home computer and I am my IT person. Does anyone know how to reset this. I have tried resetting the Yubikey, and it won't work. I reset the PIN with the Yubikey manager, but the it is still not working. It is a Yubikey 5 NFC. If anyone knows how to fix this it would be most appreciated.  

RCDC: How to know when a RCDC was changed

June 12, 2019, 6:52 am
$
0
0

Hi,

How can I know when a RCDC (User Editing) was changed?

Thanks,

JD


SSPR Automatic User Registration - Encoding Issue

December 20, 2014, 1:21 am
$
0
0

Hi,

I'm using a script to programatically register SSPR users, it's based on the sspr script here:

https://konab.com/automate-sspr-registration-fim-2010-r2/

This scripts works fine, but I have an issue. HR provide me with an ASCII exported CSV file containing the answers. I convert the ASCII to unicode using notepad and import the file using a script (my script uses "-Encoding Unicode" with the import-CSV cmdlet. The problem I have is:

 When users type their SSPR answers in a web browser, if the answer has a space (i.e. " ") the response always fails, but if the user copies their answer from the input file, this works.

I've tried modifying the input CSV file by doing a find and replace on white space by copying a single blank space and then doing a replace using a typed space and saving the file as Unicode. This has the opposite effect - if a user types their answer, it works, but if they do a copy and paste from the input source it fails.

In summary, I want to give users the option of copying and pasting their SSPR answers, as well as typing them in directly - however I can't do that, it seems as if I'm hitting encoding issues somewhere. I've tried importing the file as ASCII but that's even worse - any answers with  space fail regardless of whether I type or copy the answer in.

Any help appreciate, thanks.

IT Support/Everything

Filter on Export to AD

April 18, 2013, 2:59 am
$
0
0

Anyone know how to filter on export to AD?

The scenario is as follows. I am importing users in certain AD ou's (because if i don't then they won't appear in the AD connector space and will get stripped from the groups)

But i do not have the permissions to update the users on export to AD. So what i would like to know is. Is there a way to continue importing the users, but filter exports to those user OUs so i dont get a huge amount of permission issues and my syncs slowing down?

Search

New-FimWorkflowDefinition -Xoml some content disappears

June 2, 2019, 10:20 am
$
0
0

Hi,

I created a script to deploy a FIM worklow.

The wf definition contains a powershell activity (MIMWAL) and I noticed that the WF is created normally but thepowershell variables are removed.

i.e: if I have a PS activity like this (code shortened for legibility):

  <ns1:PowerShellActivity Script="$Workflow = $fimwf.WorkflowDictionary" x:Name="authenticationGateActivity1" /> 

   


Then the PS activity is created and presents in its body only rhe following:
= .WorkflowDictionary


Note: if I import the xoml using the FIM Portal page, the same xoml loads correctly. The issue occurs only when I deploy with New-FimWorkflowDefinition.

Is this a known issue?

Thanks,

JD

Azure AD sync to On-premise AD using MIM SP1 2016

June 17, 2019, 6:07 am
$
0
0

Hi,

I am planning to import specific users accounts from Azure AD to On-premise AD. its just only import user objects without password.

I have already using AzureADConnect for data sync from On-premise AD to Azure. is it good to add any new Inbound rule to achieve my above requirements also. Will it get refreshed/cleaned when we do upgrade?  currently we have latest release of AAD connect (1.3.21.0) 

Also shall I use Microsoft graph MA or Windows Azure Active Directory Connector using MIM 2016 SP1. Kindly suggest me which management agent will be best solution for import. 

Either management agent or AADConnect could be better!! please suggest

Regards,

Sridhar

 

Sridhar

[SOLVED - Kind of] Can the OpenLDAP MA delete/empty an attribute from an existing user in the LDAP?

June 12, 2019, 12:11 pm
$
0
0

Hi,

We are using the OpenLDAP MA to connect to an Oracle OUD instance and we have a scenario where we want to/need to either delete or empty a specific attribute for a user in the LDAP (OUD) during/via the export operation, but we do not appear to be able to make that happen.  We have tried flowing an empty string (""), but cannot make the attribute empty in the OUD.

Is there any way to accomplish this using the OpenLDAP MA?

Thanks,

Jim

EDIT 1:  I should provide some more information about the configuration we have.  It is fairly straightforward, and I think that we are missing in the way that we have the MAs or flows configured or something.

Basically, we have a flat file (tab-delimited) that has information for each user, and the information from that flat file is used to control the provisioning and updating of users in the Oracle OUD.

The provisioning of new users in the OUD seems to be working ok, but the information from one of the attributes from the flat file (say, "inVar") is used to populate/update an attribute in the OUD.

We are having problems with the following scenario:  We have to check the value of one of the attribute coming in from the flat file, and:

  1. If it is present, we use that value to construct another value and then update an attribute (say, "outVar") in the OUD, but
  2. if the value of the "inVar" attribute is NOT present, we want to delete the "outVar" attribute in the OUD.

We have VB code in a rules extension for the OUD MA like (pseudo code) the following.

In the attribute flow for the flat file input, we populate an attribute in the metaverse named "middleName".

Then, in the OUD MA attribute flow, we flow the metaverse "middleName" attribute to an attribute in the OUD connector space named "initials", and in the rules extension in the OUD MA, we have:

.
.
.

case "middleNameTest"
  if mventry("middleName").IsPresent then
     csentry("initials").value = mventry("middleName").Value + "foo"
  Else
     csentry("initials").Delete()
  End If

The problem we are having is in the case that the "middleName" attribute is not present in the metaverse, the attribute in the OUD is not being deleted, but I am not sure why.

It has been a very, very long time since I've worked with FIM/ILM, and so I know I have forgotten alot about FIM/ILM, and I have a feeling that we are missing something in the way was have the connectors configured, like maybe we are missing an attribute flow or something but I can't figure out what that is.

If anyone might have a suggestion as to why that .Delete() is not working, or maybe what I might be missing, please post?

Thanks,

Jim


Utils.FindMvEntries

June 17, 2019, 8:07 pm
$
0
0

Hi,

When I am trying to read the result returns from Utils.FindMvEntries() throwing an exeception as  "Attribute "mail" is not declared as a dependency"

Any help on this.

How to Resolve HP Photosmart 5520 Offline Error?

June 18, 2019, 3:53 am
$
0
0


HP always try to launch a superior printer device to keep the users one step ahead in the printing tasks. HP Photosmart is such a device that makes you completely satisfied with the high-quality prints and easy access. Now if you get the offline status in your printer and want to remove HP Photosmart 5520 error then follow these steps:

  • First, you need to find the IP address of your printer.
  • Then check this IP address and try and access the embedded web server.
  • Next, type the IP address in a web browser.
  • If it loads then be sure that your printer is online and the problem is associated with router or internet connection.
  • Now reset the router to fix the issue.

For further assistance, you can also call at HP printer support and get the easy solution.


MIM 2016 Troubleshooting Resource Control Display Configuration

June 5, 2019, 6:42 am
$
0
0

Whenever I attempt to view or export the configuration data from any of the RCD configurations, I receive the "Unable to process your request."ErrorPage.aspx

Everything else seems to work fine except Users Photo is not displayed on the General TAB of users properties page.
I've tried searching on line but all the troubleshooting TIPS are out of date.  This is all I see in the event log:

The portal was unable to complete a request and showed a user the default error page.

An unhandled exception was caught.

I was able to get a version of SvcTraceView installed and it shows this error:

Process action 'http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate'. 29 46ms 10:39:11 AM 10:39:11 AM

This is the relevant line from the stack trace:

<ExceptionString>System.InvalidOperationException:
The address of the security token issuer is not specified. An explicit issuer address must be specified in the binding for target 'http://mim:5725/ResourceManagementService/Enumeration' or the local issuer address must be configured in the credentials.</ExceptionString>

Robert W. Kirchhof


discrepancies in Metaverse and Full Sync records

June 18, 2019, 1:39 pm
$
0
0

I've written as powershell connector to export data from Metaverse to ADLDS. After running Full Sync, I'm getting less data (approx 1K) to do Export. There is no error for other records. 

Has anyone faced this issue before? Any help.

Thanks

Nitin

Search

ADMA Delta Import stopped connectivity

March 16, 2018, 7:30 am
$
0
0

Hi,

MIM has been in production for a year now. For some reason I am getting connectivity errors with the Active Directory MA.

the connector connects to AD and after 4 minutes the connection drops and errors out with Size limit exceeded error code 0x4.

I did some googling and seems like LDAP errors, we had a consultant set up MIM for us so I am a bit at a loss. I included screen shot from the event viewer and MIM. Any help would be appreciated.

Delete Multiple computer listed in txt file from Active directory using Powershell.

June 19, 2019, 12:10 pm
$
0
0

I need to Delete Multiple computer listed in txt file from Active directory using PowerShell.

The file has name of computer only eg. ACL014111

Any suggestion will be appreciated.

ADMA Delta Import dropped connectivity error

June 20, 2019, 3:06 am
$
0
0

Hi all,

I am getting this error in MIM sync service engine. Running delta import error is "dropped connectivity "size limit exceeded"".

Thanks,

zzeet

SharePoint 2016 No-Objects on full import

August 11, 2016, 2:00 pm
$
0
0

Has anyone seen this behavior?

I am using FIM 2010 R2 with the SharePoint MA connector against a SharePoint 2016 user profile service. 

The MA Config wizard connects OK and imports the schema, (I even see our custom profile attributes).  

But when I run a full import I get "completed no-objects"

The MA configuration worked fine against another test SP 2016 and against SP 2013.  The only difference I can think of is this profile database was just imported from SP2013.

If I log in to the Central Administration web site and User Profile Service web site with the same credentials and port I see all 166,000 users.

FIM $importChange - Set boolean Attribute to $null

June 23, 2019, 2:22 pm
$
0
0

Hi,

I need to be able to set a "Person" custom attribute to NULL 

I'm using a psscript to act on a collection of users.

I can set the custom boolean attribute to $true or $false but I always have error if I try to set it to $null

The code detail is like this:

$importChange.AttributeName = “myAttributename”
$importChange.AttributeValue =$null

The error is the following:

Error = The web service client has encountered the following class of error: ValueViolatesDataTypeFormat
Details: AttributeName: myAttributename 
AttributeValue: 
Additional Text Details: The specified attribute value is in a format that cannot be stored in the attribute.

Any ideas?

Thanks,

JD

Viewing all 6657 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>