password), same password should get updated in FIM.
resources.
Hi Everyone,
I am facing weird issue with FIM Sync Server, I am unable to see the Exchange Tab, I need to configure the exchange provisioning to my existing project wherein we didn't have Exchange provisioning already. But since I am unable to see that, I don't think I will be able to do it:
Regards~
Deepak Arora
-------------------------------------
I have configured MIIS 2003 to target another forest for password syncs and continually get the below error. I've setup everything as requested by the doco and can successfully sync AD accounts between the forests. But for some reason the password set in the target domain does not work!
Has anyone experienced this? MIIS is running on Windows Server 2003. The forest it lives in is Windows 2003 functional level. The target forest (FORESTB) is 2008 functional level. The DC I am using is Windows Server 2008 R2 SP1
An unexpected error has occured during a password set operation.
"BAIL: MMS(4304): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition CN=Configuration,DC=ROOT,DC=FORESTB to the list because it already exists at position 0
BAIL: MMS(4304): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=DomainDnsZones,DC=ROOT,DC=FORESTB to the list because it already exists at position 1
BAIL: MMS(4304): dnutils.cpp(1326): 0x800700b7 (Cannot create a file when that file already exists.): Cannot add partition DC=ForestDnsZones,DC=ROOT,DC=FORESTB to the list because it already exists at position 2
BAIL: MMS(4304): utils.cpp(734): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(4304): utils.cpp(788): 0x80070002 (The system cannot find the file specified.)
ERR: MMS(4304): admaexport.cpp(3095): The Kerberos change operation failed: 0xc000005e
ERR: MMS(4304): ma.cpp(7694): ExportPasswordSet failed with 0x80004005
Microsoft Identity Integration Server 3.2.1005.0"
Experts,
There are many default MPRs available in FIM after installation.
I am not able to get document having list of all defaults MPRs.
Please refer to any such document.
Thanks,
Mann
Hey Gentlemen,
I'm currently working with bhold and noticed that when i hit the Enter button while writing in the justification field the the request box closes. This means that i can't find a way to write a multi line paragraph in the justification field.
Do you have any idea of this could be done?
Majd
Dear Community,
I am trying to develop a custom action workflow that should copy some attributes from one person to others.
e.g.:
- when an attribute at the manager's record changes (let's name this attribute "SomeAttributeName"
- the workflow is triggered and searches for all employees assigned to this manager
- the updates should be applied to them at the end of the WF using a while loop (looping through a hashtable containing the employee and the modification).
if the updateResourceActivity is within the whileActivity
the errormessage thrown is:
System.ArgumentNullException: Value cannot be null. Parameter name: collection at System.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument) at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessPutWorkItem(UpdateRequestWorkItem updateWorkItem) at Microsoft.ResourceManagement.Workflow.Hosting.RequestWorkItemProcessor.ProcessWorkItem(WorkItem workItem)
If I put this activity outside the while Loop it is working without any problems (but with the problem that I cannot modify more than one person).
Hi guys,
I'm having a problem with FIM 2010 R2 and the new build of the Windows Azure Active Directory connector. (AAD Multi Forest - July 2013)
I am no FIM expert so please bear with me on this. The only reason I installed this is because DirSync, for a few reasons, was not a viable option for us.
I've installed FIM and the directory connector without a problem. Used visual studio to compile the AADRulesExtensions.dll as instructed in the installation how-to. The problem I am seeing is that FIM is not importing any accounts to my Office365 tenant. I am running a "Delta Import Delta Sync" on the Source AD MA, second I am running a "Delta Import Delta Sync" on the Windows Azure MA, and then finally running an "Export" on the Azure MA.
This all completes successfully. The Source AD sync lists 4 "Adds" in the "Staging" status in FIM, which is the correct amount of test users that I have in my test OU. The two other steps with the Azure MA, however, do not seem to be importing these users to the Office365 tenant. No errors...just nothing getting imported?
Does anyone have any experience with this? If you need more info to lend a hand I'll be happy to provide it.
Thanks for any help! It is certainly appreciated.
Dustin Lavigne
Hi,
I'm seeing an odd error when I do an import on my MA.
I have written an ECMA 2.0 extension, and I use the portal to create MPR/Workflow/Sync Rules to use it. Recently, I made a change to the schema for this ECMA extension and refreshed the MA.
After that, exports work ok but when I do an Import (either delta or full), I get a "stopped-ma" Status. I have refreshed the schema on the MA and it found some updates, I have then done a sync as well but no luck, I keep getting that error during imports.
I even created a new MA and attached it to my ECMA extension dll but I still get the same error when I initiate a full import. My code has exception handling everywhere, and I also create log files during the run, but I can't see any errors being generated from within the code.
Any idea what this "stopped-ma" status is, and how can I potentially fix this?
Thanks
Hello all,
I'm in the process of implementing Forefront Identity Manager 2010 R2 to provision accounts into our Active Directory. I've been following the resources herehttp://technet.microsoft.com/en-us/ff793470.aspx , they have been infinitely helpful.
Using the guide above I now have our Finance package producing some CSVs and I have FIM reading the CSVs and importing the data into the metaverse. so far everything is going well so far.
Its now time to start using this data to provision accounts. This is where the guide skips over what seems to be a hugely important part.... Creating a Rules Extension.
I have produced a Visual Studio project and begun to make some Provision code but I don't really know what I'm doing... (I haven't really explored coding much before) and I cant seem to find any examples / guides for creating Rules Extensions.
If any one know of some resources that could guide me through this process or if some one has an example of there Rules extension to provision and terminate account in Active Directory I would be very grateful
Thanks,
Pete
Hello all,
I'm in the process of implementing Forefront Identity Manager 2010 R2 to provision accounts into our Active Directory. I've been following the resources herehttp://technet.microsoft.com/en-us/ff793470.aspx , they have been infinitely helpful.
Using the guide above I now have our Finance package producing some CSVs and I have FIM reading the CSVs and importing the data into the metaverse. so far everything is going well so far.
Its now time to start using this data to provision accounts. This is where the guide skips over what seems to be a hugely important part.... Creating a Rules Extension.
I have produced a Visual Studio project and begun to make some Provision code but I don't really know what I'm doing... (I haven't really explored coding much before) and I cant seem to find any examples / guides for creating Rules Extensions.
If any one know of some resources that could guide me through this process or if some one has an example of there Rules extension to provision and terminate account in Active Directory I would be very grateful
Thanks,
Pete
Hi,
I've always installed FIM 2010 on 2008 r2 with sql 2012. I now have to do an installation in a new site at short notice (I'm familiar with 2010 R2 SP1 on 2008 R2). I believe FIM 2010 R2 SP1 can work on the following:
server 2012
sql 2013
share point foundation 2013
SCSM 2012 - if someone could point out a good eval of this I'd appreciate it (as I need to lab this first)
I'm looking at some guiding advice on which way to go and ideally a good guide on installing with the newer techs
Thanks
Hi Im trying to setup a test lab for FIM 2010 R2 SP1 following will be my windows server 2008 r2 sp1 VMs
1. FIMDC --- server for domain controller
2. FIMPORTAL-- server for Fim portal server with fim service
3. FIMSYNC ---server for fim sync service
4.FIMSSPR --- server for Fim Self service portals
5.FIMEX --- server for exchange 2010
6.FIMDB --- server for fim sync and fim service databases
The service accounts are as follows
1. fimportaladmin for Fim portal in sharepoint foundation 2010
2. fimserviceadmin for FIM service
3. fimdbadmin for sql services
4. fimsyncadmin for fim synchronization service.
i have configured following SPNs and delegation but i can get the identity management portal to view itself.
Setspn.exe –S HTTP/FIMPORTAL testlab\fimportaladmin
Setspn.exe –S HTTP/fimportal.testlab.com testlab\fimportaladmin
Setspn.exe –S FIMService/fimportal testlab\fimserviceadmin
Setspn.exe –S FIMService/fimportal.testlab.com testlab\fimserviceadmin
Setspn –S MSSQLsvc/fimdb.testlab.com:1433 testlab\fimdbadmin
Setspn –S MSSQLsvc/fimdb:1433 testlab\fimdbadmin
I have delegated sharepoint (fimportaladmin) account to Fim service(fimserviceadmin) and fimserviceadmin to fimservice
I have used sharepoint app pool to use the service account (fimportaladmin) and configured machine.config to use useapppoolcredentials to true.
I disabled the custom error module in portal and seems the security token is not properly created.
I checked with kerbtray tool and no kerberos tickets were generated.
Could you please point me in right way since i am unable to view the portal itself.
Im not sure of the SPNs i have configured.
Also is there any wrong in the choosen setup like one more server for fim service.
-Dhayanandh
I have a situation where I need to flow the Current Date and Time. I know there is not a function in FIM to do this like the NOW() function did in ILM. There is a Create Date attribute in the FIM Portal that I can possibly use but can't seem to get it to show in the list of attributes in the Source picker dropdown. Has anyone had to flow current date and time and figured out a slick way to do it? Thanks
FIM Experts out there!
Good day :) hoping to get some trick to set the FIM back.
We have FIM 2010 sitting in between forest A and Forest B. FIM responsible to replicate all the user accounts from Forest A (2003 AD) to Forest B (2008 AD) as mailuser accounts. this seems to be working fine till a week ago.
We decommisioned couple of Forest A DCs in US and we have other DC's of forest A in a different datacenters not sure what went wrong the replicaton now d/w these two forests is stopped. Forest A user account are not being replicated as mailusers to forest B.
We have 2 mgmt agents (for delta import and delta exports may be) in FIM sync service manager which are seems to be throwing generic errors "Completed-sync errors"
When we perform the full sync it throws an error saying "LDAP authentication Failed", please refer the below event Logs
====================================================================
The management agent "<< >>" step execution completed on run profile "Delta Sync" with errors.
Additional Information
Discovery Errors : "0"
Synchronization Errors : "2"
Metaverse Retry Errors : "0"
Export Errors : "0"
Warnings : "0"
User Action
View the management agent run history for details.
=============================================================================
The management agent "<< >>" failed to run because the credentials were invalid.
User Action
Verify the credentials and configuration for the management agent.
NOTE: But the credentials we provide are correct.
====================================================================
Please suggest.
Thanks in Advance
Naveen Rao
Hi All,
I registered my admin account to reset password in FIM registration portal.
When I try to reset password in FIM reset portal I am getting following error
Go to Self-Service Password Reset home page "..
The Event Logged is :
1. Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
2.The server encountered an unexpected error and stopped.
"WARNING: MMS(2428): d:\bt\800\private\source\miis\server\sqlstore\sql.cpp(5533): Error retrieving error
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\sqlstore\sql.cpp(718): 0x80230406 (An error has occurred at the store)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\sqlstore\sql.cpp(519): 0x80230406 (An error has occurred at the store)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\sqlstore\sql.cpp(355): 0x80230406 (An error has occurred at the store)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\sqlstore\storeimp.cpp(285): 0x80230406 (An error has occurred at the store)
ERR_: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(413): Failed to connect to the database FIMSynchronizationService on FIM
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(414): 0x80230406 (An error has occurred at the store)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(3960): 0x80230406 (An error has occurred at the store)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1588): 0x80230406 (An error has occurred at the store)
ERR_: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2145188858. This is retry number 0.
BAIL: MMS(2428): d:\bt\800\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\rules\scriptmanagerimpl.cpp(7871): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(2428): d:\bt\800\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\rules\scriptmanagerimpl.cpp(7871): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(2428): d:\bt\800\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\rules\scriptmanagerimpl.cpp(7871): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(2428): d:\bt\800\private\source\miis\server\server\service.cpp(1041): 0x80131022 (unable to get error text)
FIM Event Logged are :
1.Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity.rules.
2.Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.PWResetActivity.rules.
3. Password Reset Activity could not find Mv record for user.
4.System.Workflow.ComponentModel.WorkflowTerminatedException: Exception of type 'System.Workflow.ComponentModel.WorkflowTerminatedException' was thrown.
5.The web portal received a fault error from the FIM service.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: DataRequiredFaultReason
at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
Web Portal: FIM Password Reset Portal
Session Id: rja3td2a1yehtmaip3zevm45
IP Address: fe80::7dfb:3747:f1e5:f030%11
6.Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
at System.Web.UI.TemplateControl.OnError(EventArgs e)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.default_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
7.The error page was displayed to the user.
Details:
Title: Error
Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
Source:
Attributes:
Details: System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId:
RequestId:
ErrorCode: 3000
CaughtTime: 11/28/2013 21:38:20
Web Portal: FIM Password Reset Portal
Session Id: rja3td2a1yehtmaip3zevm45
IP Address: fe80::7dfb:3747:f1e5:f030%11
Pls help me out.........
Hi All,
I have registered my admin account to reset password in portal.
But when I try to reset password , its showing following error :
An error has occurred. Please try again, and if the
problem persists, contact your help desk or system administrator. (Error 3000)
The Even Logged is :
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
The FIM Event Logged is :
System: System.Net.WebException: The remote name could not be resolved: 'test.expperiment.com'( My domain name is experiment.com)
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems)
at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)
My domain name is experiment.com.
Hi Everyone,
I need to configure Exchange Provisioning from FIM 2010, it was not configured during FIM setup as there was no requirement. FIM is already in production and we don't want to repair or re-install, please suggest how can we configure the exchange without it. Where do we have to add the configuration details and how.
Regards~
Deepak Arora
-------------------------------------
Hello guys,
I´ve SQL server 2008 R2 nad FIM 2010.
I need to add attributes stored (added handly) in SQL database to the FIM metaverse. I suppose to manage SQL Management Agent, but not really sure how exactly do it.
Do you have idea? Thanks for advices.
Petr Weiner
Hi!
Recently I setup our environment for FIM 2010 Implementation. I used several Powershell scripts to import attributes to both FIM Sync Service and FIM Service. But during importing the attributes for FIM Sync, I received this error:
"Update metaverse schema failed."
"The specified metaverse schema has too many attributes."
I tried manually adding attribute in Metaverse Designer, but I receive the same error. I restarted the service (didn't solve), tried restarting the server itself, still the same error.
This is seriously blocking me currently and couldn't find anything userful or solution in the Internet right now. Kindly help if you know the solution or the problem. FYI, I checked the FIMSynchronization database, mms_metaverse table, I only have 200 columns.
Hi All,
I am having a bit of trouble finding good documentation on implementing temporal sets on FIM 2010.
I have a date that I am going to sync in , say 2013 for a given attribute.
Now, what I want to do is have a Set for Temporal MPR, the user will be "FullTime" and is between 2013 - 1 year, and 2013 + 1 year. So between 2012 and 2014.
Is there a simple configuration I can do without resorting to using a rules extension. I am comfortable with code, but want something that is more easily maintained for my customer ?
Any steer on something as simple as this ?
Much appreciated,
Rob
Rob