I am looking for a straigth list about the new features of MIM2016 but have not found yet.
Is there anywhere a clear list where are new features, requirements and so on? I heard from somewhere that MIM contains for example multitasking for sync process, but now I can't find anything about it. Also any info about MIM performance would be nice, how much memory and processor speed it requires and so on.
Hi there,
I am facing with a trouble .. seem so strange.
I'm trying to sync user from CSV file to AD so I create 02 MA
1. MA connect to CSV (MA-CSV)
2. MA connect to AD (MA-AD)
After running "delta import and delta sync" on MA-CSV, it's trigged to Outbound sync and can Export MA-AD to create user on AD.
I change one attribute on CSV file and run "delta import and delta sync" again. It is also trigged Outbound Sync and after that, run Export of MA-AD and I can see the update on Connector space of MA-AD without any problems. However, it is so strange that AD user is not updated !
But since the second update, it works perfectly. So I always miss the first one.
I did try to change "delta import and delta sync" ==> "delta import and Full sync" and it is okay with update for the first time.
But I cannot find the root cause here.. anyone can explain for me please?
I believe that AD is working okay (nothing related to replication issue on AD because I just have one AD)
Thanks a lot.
Hello,
I have a functional lab environment with 2 x user forests and 1 x central forest on FIM 2010/R2 SP1. Porting that environment to 2016 causes lcssync.dll to fail owing to references to Microsoft.MetadirectoryServices.dll, Microsoft.MetadirectoryServicesEx.dll and logging.dll assembly version differences. I note that GALSync source is included, but no source or new version of lcssync.dll.
Does anyone know if lcssync.dll is going to be provided? Has anyone else seen this behavior?
Error details:
Log Name: ApplicationThanks,
Jarmo
Avanade Lync team
I sometimes experience a problem with objects not being deleted from the MV, and remaining in FIM after a successful delete operation.
MV deletion rule is configured to delete the object from the MV when the connector from FIM is disconnected:
Deprovisioning on non-FIM MAs is configured with "stage a delete on the object for the next export run":
Here is an example of the problem.
These are the requests:
As you can see, there is a successful delete request for the object at some point, but the object is still present in the metaverse:
This does not happen all the time, but only occasionally.
Has someone experienced this problem?
Is there anything I should check?
Thanks,
Paolo
Paolo Tedesco - http://cern.ch/idm
Hello,
I want to permit the search with the contains expression in IdentityPicker, is that possible ?
Regards
The same user from FIM needs to be provisioned to 2 different OUs in AD. Is that possible using portal sync rules?
FIM User object properties:
AD exists (boolean), samAccountname, employeeID
Sync rule 1:
scope - AD exists is true
relationship - samaccountname = samaccountname
rule - dn: cn="samaccountname",OU1
Sync rule 2:
scope - employeeID is present ( AD exists could be true or false)
relationship - employeeID = employeeID
We have rule 1 already in place. When I tested with rule 2, it pushed only users that are not synced in OU1. How can I capture this via scope and relationship criteria.
Thanks!!
Hello,
we are doing PoC for Lync multi-forest implementation. We have two source forests and we want to place users/contacts to separate OUs in target Lync forest. in lcscfg.xml we could specify a target OU, but we could not find a way to set two or more. Do you have any ideas on how to fix that?
Thanks, Dan
Hello
I have an aleatory exception : stopped-server on all of my FIM sync service 2010 R2 sp1.
I don't have this error on FIM sync service 2010
This exception occurs on different ECMA and different execution profile (Import, Synchro).
With restarting the service, the excption doesn't appear anymore but for an unknow reason it reappears:
in the event viewer I have thos kind of error :
Faulting application name: miiserver.exe, version: 4.1.3419.0, time stamp: 0x511d9c79
Faulting module name: clr.dll, version: 4.0.30319.17929, time stamp: 0x4ffa59b1
Exception code: 0xc0000005
Fault offset: 0x00000000004e5900
Faulting process id: 0xf8c
Faulting application start time: 0x01cefcaa20d1eda1
Faulting application path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 9f8b2bbb-689d-11e3-b2ce-000a30ffa3a5
OR
Faulting application name: miiserver.exe, version: 4.1.3419.0, time stamp: 0x511d9c79Thanks for your help.
Hi,
We are running a full sync this weekend and I noticed that on the FIM MA export the msidmCompositeTypes all return “Denied” as a status.
The FIM web service reports a SQL timeout expired session.
I am able to put FIM in pre-asynchronous mode and the exports complete but take a long time.
We have the timeout on the web service set to 20 minutes. The msidmCompositeType requests hang in a validating state until the 20 minutes are up and then report the Denied status.
Ever seen this before? It doesn’t appear to be a permissions issue and SQL is definitely responding when the requests are issued in single file.
I am going to try adjusting the length of the aggregationThreshold to see if that helps, but appreciate any ideas. Tried to figure this out yesterday to no avail.
Thanks,
Sami
Requestor: urn:uuid:fb89aefa-5ea1-47f1-8890-abe7797d6497
Correlation Identifier: b1c67faf-aa01-465d-90b8-d47d7299c18c
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
--- End of inner exception stack trace ---
.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
Hi,
I have installed MIM 2016 (RTM) with SQL 2010 and SharePoint 2013 SP1.
I installed SharePoint 2013 SP Spanish Language Pack. I could configure SharePoint Central Administration Site in Spanish (Site Setting -> Language Settings) and it worked fine (I changed Internet Explorer language configuration and site language changed).
I could configure MIM Portal language setting too.
I installed MIM Service & Portal, MIM Laguage pack (Spanish) ...
But of I changed Internet Explorer Language configuration, MIM Portal DID NOT change language (but SharePoint did, I can see "Site Actions" in Spanish in right/up corner).
How can I install Language pack in MIM With SharePoint 2013 SP1
Thanks in Advanced
Best regards
JuanCC Technology Specialist
Hi,
I'm writing because I'm trying to change an extension rule in one of my MA’s. To do some tests, I add some breaking points and some logging lines:
Logging.Log("*** LOG TEST ***"); In order to test my code, I went to the Debug menu and then to the Attach option. After selecting miiserver.exe, Visual Studio asks me to restart as an Admin user.
After the restart, I repeat the process above and the debug starts. I then go to FIM console and launch my MA, but nothing happens, I don’t see any log lines and any of my breakpoints are reached….
I check the process window and the debugger seems to be attached, so I don’t understand why my code or my breakpoints doesn’t have any effect.
Does anyone already have this kind of issue? How can I solve it?
Thanks in advance for all your help,
Marc
I am receiving The Microsoft Identity Manager server database could not be successfully populated. when installing the Service and Portal.
In the event logs I get:
Product: Microsoft Identity Manager Service and Portal -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action DeployAndPopulateDatabase, location: C:\Windows\Installer\MSIABAE.tmp, command: installApp=FIM action=DeployAndPopulateDatabase databaseName=FIMService namespaceName="fim" datFilesInstallDir="C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Data\BL" sqlserverName=IDM01 FIMServiceAccountDomain=Domain FIMServiceAccountName=MIMService SyncServiceAccountDomain=Domain SyncServiceAccountName=MIMSync RunningUserDomain=Domain RunningUserName=DAuser RunningUserEmail= CreateDatabase=True
Both the Service account and the Domain Admin account have mailboxes and email addresses on their AD objects.
I have modified the model DB size as seen in another post about this issue.
Are there any other logs that I can look at to see what is going on?
Thanks for any assistance.
I am using Forefront Identity Manager 2010 R2. We have installed the Microsoft SharePoint Profile Store connector and have setup up attribute flow to my SharePoint Server. We have disconnected and disabled the Native FIM Sharepoint Profile Connector that is deployed by SharePoint (This is my SharePoint DEV environment).
I followed this Documentation: https://msdn.microsoft.com/en-us/library/Dn511003%28v=WS.10%29.aspx
I used input from: http://goodworkaround.com/node/70
I am pushing all the standard attributes such with no Custom Attributes on the SharePoint side.
Data flow is one direction from my FIM Installation to Sharepoint. We do not have any flows from SharePoint to FIM.
I have exported several thousand user objects to SharePoint with Success, photographs included. User profiles are working and successful.
After a few days of letting the synchronization bake, I am finding that Updates to user objects are failing on Export to SharePoint with the following error (taken from the MA error message):
Export retry FAILED for Entry[ObjectType: user, Anchor: DOMAIN_USER1234__fa631765-12b1-4da1-879-2dcfd6a7afae]..
Error: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Value cannot be null.
Parameter name: strAccountName
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.IdentityManagement.Connector.Sharepoint.SharePointProfileImportExportService.ProfileImportExportService.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData)
at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointServiceProvider.UpdateWithProfileChangeData(Int64 importExportId, ProfileChangeData[] profileChangeData)
at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointConnector.PutExportEntries(IList`1 csEntries)
I have verified that the AccountName is not blank as this error suggests.
The XML of the update request (As pulled from a network trace):
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<UpdateWithProfileChangeData xmlns="http://microsoft.com/webservices/SharePointPortalServer/ProfileImportExportService">
<importExportId>104</importExportId>
<profileChangeData>
<ProfileChangeData>
<ProfileIdentifier />
<DistinguishedName>DOMAIN_USER12345__8ce5dfd2-0b49-40fb-8b56-7a2b740256cb</DistinguishedName>
<ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
<ObjectClass>user</ObjectClass>
<PropertyChanges>
<PropertyChangeData>
<Name>LastName</Name>
<ChangeType>Modify</ChangeType>
<Values>
<anyType xsi:type="xsd:string">Smith</anyType>
</Values>
</PropertyChangeData>
<PropertyChangeData>
<Name>WorkEmail</Name>
<ChangeType>Modify</ChangeType>
<Values>
<anyType xsi:type="xsd:string">SSMith@domain.com</anyType>
</Values>
</PropertyChangeData>
</PropertyChanges>
<ChangeType>Modify</ChangeType>
</ProfileChangeData>
</profileChangeData>
</UpdateWithProfileChangeData>
</soap:Body>
</soap:Envelope>
The SharePoint server response:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. ---> Value cannot be null.
Parameter name: strAccountName</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
I can delete the profile in SharePoint and after a full sync the profile will be there with the updated data.
Any thoughts on why SharePoint would be rejecting this update.
Hi,
Like many of you, we have deployed FIM Portals' SharePoint Foundation 2010 on the local SQL Express version (as deployed by the SharePoint pre-requisite installer). FIM Portal & Service was then deployed on the same server.
We have now had a request to move this SharePoint Foundation 2010 SQL Express database to a full SQL Server (running on a remote server).
So we have a few questions:
1. Is this possible?
2. What are the caveats?
3. Will this break FIM Portal/Service?
4. Is this even recommended?
Thank you,
SK
Hello!
I have 3 test OU in AD. I have 3 MA (FileMA (for csv file), FIM MA (for FIM Service, AD MA (for AD))). User import from FileMA -> FIM Portal -> AD.
I have 3 Sync Rules.
1) For create user in AD - Test OU
2) For add OU - Konstr OU
3) For add OU - Arch OU
User created in AD correct (In Test OU)
When I want change OU - for Konstr OU - OK
When I want change OU - Arch - I can't
Help!
Alex
Hi
I’m using FIM CM 2010 R2 v4.1.3646.0 to manage a fleet of .NET (MS Base SC Crypto Provider) smart cards.
I’m now looking to manage some virtual smart cards but get an error when testing enrolment using my existing profile template. Enrolment PC is Windows 8.1 x64 Ent running 32bit IE11 and 32bit FIM CM client.
I’ve provisioned a vsc with default admin password and FIM CM seems to be able to initialise it successfully during enrolment, however the certificate request isn’t attempted with the CA and the FIM console reports the following error…
Failed to enroll a certificate on the smartcard using template "My Smart Card Logon". The most likely cause is that there is a mismatch between the card type you have and the type of card supported by this template. Please try to enroll using a different template.
The only difference between the “My Smart Card Logon” certificate template and another template which works when making a manual certificate request via the mmc is the presence of the requirement for an enrolment agent signature as required by FIM.
Does anyone have any idea what might be causing the problem?
Thanks
Douks