Trying to install MIM2016 and getting the FIMService failed to start error message.
I have already got these services listed in User Rights Assignment (impersonate user, logon as a service etc) enabled in the Group Policy.
But it is failing to start when trying to install MIM Service
The documentation of the MIM/FIM Synchronization Service Parameters is not consistent. I found these articles https://docs.microsoft.com/en-us/previous-versions/mim/hh322883(v=ws.10)?redirectedfrom=MSDN And https://docs.microsoft.com/en-us/archive/blogs/iamsupport/tuning-fim-service-ma-export-processing Describing how to configure the parameters. The data inside conflicts. So in the first article one must set gateAsynchronousExportsOnAcknowledgements In order to be able to set the exportRequestsInProcessMaximum. But in the second article the exportRequestsInProcessMaximum Is simply set without defining gateAsynchronousExportsOnAcknowledgements. Further I could not find all the parameters in one article. There are more parameters possible. Maybe you know where I can find the specifications that I can trust?
GH
Hello experts,
The environment is as follows.
Some backgrounds:
I recently installed Register and Reset portal on a server, the installation is successfull; However just for testing purpose, I cannot even open the Register portal from the server itself:
if I click on the portal, register... I will have this:
first of all, is this even a reliable test?
On client side, even with extension installed and ensuring that the user is in 'Password Reset' set, the IE is not opened and when I navigate to it, the same issue is faced. however it request me to authenticated myself and the thiongs is, it is trying to connect to the actual server itself (Portal.contoso..) not through the CNAM I created in DNS for register. so even with that I do not know what account I should type.
what I have to check? SPNs? app pool , service accounts?
I would appreciate if you could help me.
Hi MIM Experts!
I’m trying to import all my company computers into MIM Portal.
In MIM Portal, I’ve successfully created a Custom Resource Type calledcomputer, including new attributes and new bindings.
I’ve also created MPRs and provided all permissions in MIM portal to new Resource Type Computers.
I’ve also created the new Object Type computer in Synchronization Service using the Metaverse designer.
I’ve also Full Imported and Full Synced successfully the list of computers into the metaverse from my external SQL Computers Table. (Synchronization Rules is working as expected)
But I’m failing syncing the computers from Metaverse to MIM Portal.
I’m trying this:
- MIM Synchronization Service,
- Edit MIM MA, FIM Service Management Agent
- Go to “Select Object types”, Show All
- I only have:
BUT my new object Type computer is not found!!
I’ve updated the schema several times, restarted services, but still fails.
Please, help
PD: adding new attributes to the existing object type user-person works well
Alejandro
Hi,
I need to set a default template name if a specific one is not found for the current user language
I'm calculating the name of the Template and using it on the Send Mail Activity.
How can I with MIMWAL check if an email notification template exists?
Many thanks,
JD
Hi,
I need to validate if a string attribute corresponds to any of the 10 allowed ones
What operations/operators do I have available for this in MIMWAL?
I just found a referente to several types of functions (including text functions), but I do not see whow can I have in MIMWAL this kind of simple constructs. Any help?
Thanks,
JD
Dear Office365 Experts,
We have a Office365 and ADConnect environment. Password hash sync is enabled. We thinking about enabling Azure active directory SSPR. But I have question : what happens if we don't enable password writeback?
> User has got password in local and it is sync to O365 by ADConnect.
> User resets password in Azure SSPR.
> Does local password syncs and overwrites the resetted password in O365? Or will be there 2 different passwords in local and O365?
Thank you very much..
I have backup solution DPM 2019. I know I can take backup of MIM SQL DB but
1. Can I take object level backup of MIM so in case if someone delete any object from MIM, i can restore it from backup
2. If I restore the MIM object will SID, GUID be same?
Arif
If we have two separate organizations in separate forest which do not have a trust: A and B.
For A to access B resources do both forests need to have a ADFS server in their respective forest?
If A has a federated farm consisting of 50 servers. How do the 50 separate ADFS servers write to the same SQL server? or is there something I am not understanding?,...
dsk
I recently upgraded the MS Graph connector to 1.1.1170.0 (from 1.1.1130.0). Now when I run a delta import on the MA that uses this connector, it fails with an error. Full import and all the other operations work fine.
It looked like it needed a schema update, which I performed (and it took several hours, which seems a lot longer than it should for a database of this size). Delta import worked immediately after that, but it's failing again.
The full error message in the event log is:
Log Name: Application
Source: FIMSynchronizationService
Date: 5/21/2020 2:40:21 PM
Event ID: 6801
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Computer: SVPHCMIM01.hc.hctx.net
Description:
The extensible extension returned an unsupported error.
The stack trace is:
"Microsoft.MetadirectoryServices.ExtensibleExtensionException: Exception during the import: ---> Microsoft.IdentityManagement.Connector.Graph.GraphAPIException: File was corrupted or removed. Try to re-run 'FullImport' to re-initialize it.
at Microsoft.IdentityManagement.Connector.Graph.LocalStorageManager..ctor(String fileName, String fileHash, Boolean isDeltaImport)
at Microsoft.IdentityManagement.Connector.Graph.ImportContext.GetImportEntries()
at Microsoft.IdentityManagement.Connector.Graph.GraphConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.Connector.Graph.GraphConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.5.412.0"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="FIMSynchronizationService" />
<EventID Qualifiers="49152">6801</EventID>
<Level>2</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-05-21T19:40:21.754947400Z" />
<EventRecordID>1773995</EventRecordID>
<Channel>Application</Channel>
<Computer>SVPHCMIM01.hc.hctx.net</Computer>
<Security />
</System>
<EventData>
<Data>Microsoft.MetadirectoryServices.ExtensibleExtensionException: Exception during the import: ---> Microsoft.IdentityManagement.Connector.Graph.GraphAPIException: File was corrupted or removed. Try to re-run 'FullImport' to
re-initialize it.
at Microsoft.IdentityManagement.Connector.Graph.LocalStorageManager..ctor(String fileName, String fileHash, Boolean isDeltaImport)
at Microsoft.IdentityManagement.Connector.Graph.ImportContext.GetImportEntries()
at Microsoft.IdentityManagement.Connector.Graph.GraphConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.Connector.Graph.GraphConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.5.412.0</Data>
</EventData>
</Event>
Hallo Everyone
I have new installation of MIM Sync Service 2016 SP2 (version 4.6.34.0). Installation was successful (service registered, DB created, I can start manager and e.g. manipulate metaverse schema). Service account provisioned as gMSA.
I cannot export encryption key. When I run "miiskmu /e ...bin /u:<domain>\<gmsa-sam>" from cmd line (as administrator) the tool fails with error 80004003 (object reference not set to an instance of an object).
Can someone help me with it?
Maciek Kluz
Hello Everyone,
i just finished upgrading my mim sync engine and portal farm with the KB3201389 patch
everything worked fine in my single server test environment, but my production is a 2 server farm and in this case the upgrade was successful but i'm not able to open the user create page or the user edit or and popup page...
i have a mim 2016 with shrepoint foundation 2013
anyone can help figure this out ?
Thanks
Hicham
Hitch Bardawil
Hi,
I have a management agent source for groups. Creating groups was very fast. Now I'm updating them to be criteria based. It seams MIM is not creating msidmCompositeObject but updating each group seperately. Can I do anything about it? There are no errors and it works, but at a pace of 2 groups per minute. I disabled all validation policies but that did not help. Not significantly anyway. Is there something to do about it?
GH
Hi Guys,
I am hoping someone can point me in the right direction for this. I have been searching the web and finding lots of information most of which looks to be out of date.
I am trying to setup a test for Azure MFA and VDI. The current concept is to setup MFA on the Windows 10 VDI, but if its better to setup on the gateway we could also use this option.
I have the VDI machine created and I have them Azure AD Registered. What I am trying to working out, is how to enforce MFA, 2FA on these devices. It looks like I need to enable Windows hello, it also looks like I need to make the device a Azure Hybrid. At present I only want to add 1 or 2 device for testing.
Has anyone got good instruction on how to get this setup?
Thanks for your time
Craig
Craig G
Hi ,
I have MIM servers. So if I need to plan backup and disaster recovery plan, how would I do it?
1. What are the things that I need to include in backup?
Arif
We have custom search scope with selected attributes.
Requirement is if we login as a member of Trainer set then they should not see couple of attributes in that search scope.
Is it possible if I change the MPR and remove those attributes from read access for that Set.
Thanks
Hi,
I upgraded to SP1 on MIM and the pop up windows when clicking on something like "About Forefront Identity Manager" get stuck on loading.
If I clear the browser's cache the pop up load OK--but is that something I'm going to have to tell all of my users to do? Does anyone have a more elegant solution for this issue?
Thank you!
I'm writing an email template that notifies a user of a first name change. So they get an email when their First Name changes. The email template needs to contain both their old First Name and their new First Name. I'm using WAL so I can pull some data into [//WorkflowData/x] but is there any way I can get their old First Name? I had a look at [//Delta/x] but that doesn't contain the old value.
The only workaround I can think of is to have another attribute Old First Name and each time I run the notification workflow, I could update the Old First Name attribute with the current value. Then when the actual First Name is updated, triggering my workflow, I have the Old First Name there. But I don't like creating another attribute just for this purpose.
Hi All,
I am tying to use the members of nested groups under a criteria groups.Would it be possible to do the same??
Kindly advise.
Thanks
Rajesh