Quantcast
Channel: Microsoft Identity Manager forum
Viewing all 7443 articles
Browse latest View live

extension-attribute-not-present

September 9, 2013, 9:06 am
$
0
0

Hi-

I'm trying to follow an article "How do I provision users into AD" and created 'FILEMA,FIMMA & Sync Rule' and during the process to do Inbound sync "Introduction to Inbound Synchronization (http://go.microsoft.com/fwlink/?LinkId=189652)" when I do full sync for the 'FileMA' I'm receiving an error 'Extension atribute not present" from the StackTrace it says "

Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "accountName" is not present.
   at Microsoft.MetadirectoryServices.Impl.AttributeImpl.get_Value()
   at Mms_Metaverse.MVExtensionObject.Provision(MVEntry mventry)"  thought there is no accoutname attribute is used in 'FileMA' I just followed the same code where it says to create data text file by using 'EmpID,FN,LN,EmpType'

For FIMMA When I run 'FI & FS' I do see new sync rule but when I run 'Export' I do not see the update of the new syncrule in Stats.

Did anybody tried this article and had similar issues? or am I missing anything here?

Thanks

Search

Service 'Forefront Identity Manager Password Reset Client Service' (FIMPasswordReset) failed to start on Windows 8 machines

September 9, 2013, 7:59 am
$
0
0

I am trying to install FIM 2010 R2 Add ins and Extensions on a Windows 8 client machine. I am doing it with local administrator credentials. During installation it sits at : starting services and that give me error :

Service 'Forefront Identity Manager Password Reset Client Service' (FIMPasswordReset) failed to start...

Can anyone please explain as what could be the reason. Is it the permission issue or compatibility issues...


sync-rule-validation-parsing-error in FIM 2010 R2

September 10, 2013, 12:58 am
$
0
0

Hello All,

Iam in the process of migrating the psync from MIIS to FIM , ACF2 to AD, in this situation i created a sync rule which has a filter where psyncoption (attribute ) not equal to MF<->AD , for some reason this attribute is not accepting the special characters , Please suggest how do i make it accept these letters.

regards,

FIM OU Sync

September 10, 2013, 2:09 am
$
0
0

Hi, 

I have a requirement to create an OU structure in a currently flat AD. The requirement is to take the current hierarchical OU structure in a HR system and have FIM create all the OU's in AD with the correct hierarchy. Once the structure has been created in AD it will need to be maintained via regular syncs and ensure each user is in the correct OU based on the feed from the HR system. 

Any pointers in the right direction would be appreciated

Don

FIM Licensing and Installation

March 6, 2012, 12:57 pm
$
0
0

Hi,

I'm sorry  for this stupid question but I have a doubt. Until now I worked in a test environment with the trial version of FIM 2010 and I didn't use any license. Now the trial version is expired. My organization bought licenses and I would like to now how to better use them.

My test enviroment is composed of several servers: 2 of them are dedicated to FIM components (one with FIM Sychronization Service and one with the Service and the Portal).

I read about two type of licenses: CAL and 'for server'. To replicate my test environment, how many licenses do I need? I assume2 server licenses, is it correct?. If I would simulate user provisioning from HR to Active Directory, do I need any CAL license in the test environment? 

And another issue: the installation of the official version is the same of the trial version?Can I use the same setup of the trial version? Do I need to use any certification?

The licenses that I will use in the test environment can be later used for the production environment?

Thanks in advance.

Francesca

BHOLD Saving Campaign error

September 4, 2013, 6:14 am
$
0
0

Trying to create an attestation campaign in BHOLD.

Using a single occurrence campaign with Model generator as "define stewards".

Followed the instructions in technet.But on saving the campaign, i am getting an error "the was an error while saving the campaign"

shakti

FIM 2010 R2 4.1.3451.0 and Windows Azure Active Directory Connector - Import Problems

September 10, 2013, 6:08 am
$
0
0

Hi guys,

I'm having a problem with FIM 2010 R2 and the new build of the Windows Azure Active Directory connector. (AAD Multi Forest - July 2013)

I am no FIM expert so please bear with me on this. The only reason I installed this is because DirSync, for a few reasons, was not a viable option for us.

I've installed FIM and the directory connector without a  problem. Used visual studio to compile the AADRulesExtensions.dll as instructed in the installation how-to. The problem I am seeing is that FIM is not importing any accounts to my Office365 tenant. I am running a "Delta Import Delta Sync" on the Source AD MA, second I am running a "Delta Import Delta Sync" on the Windows Azure MA, and then finally running an "Export" on the Azure MA.

This all completes successfully. The Source AD sync lists 4 "Adds" in the "Staging" status in FIM, which is the correct amount of test users that I have in my test OU. The two other steps with the Azure MA, however, do not seem to be importing these users to the Office365 tenant. No errors...just nothing getting imported?

Does anyone have any experience with this? If you need more info to lend a hand I'll be happy to provide it.

Thanks for any help! It is certainly appreciated.

Dustin Lavigne

FIM CM 2010 technical solution

September 5, 2013, 2:16 am
$
0
0

Within our financial institution, we are exploring the gaps between our functional requirements and the standard functionality of FIM CM (Certificate Management ) 2010. We need a card management solution to administer, issue, reissue and block certificates on Gemalto .net smartcards.

We are looking for technical solution/direction for the following required functional behavior:

- Reissue a smartcard for another user without entering any pin code (e.g. old pin code is forgotten)

- Can we force user pin change directly after card issuing?

Help is much appreciated.

Search

BHOLD error on saving campaign

September 10, 2013, 6:20 am
$
0
0
Can anyone let me know why on Saving a campaign i get "the was an error while saving the campaign".
If you check this error is generated from "C:\Program Files (x86)\BHOLD\Attestation\Web\Scripts\campaignattributes

please can anyone help me out in finding the cause of the error.
As i am able to use all my settings except for choosing OU nodes

shakti

FIM 2010 (ILM v2) Licensing Model ?

September 28, 2009, 1:37 pm
$
0
0
Hello !

Hope you can help me out with a rather untechnical question...here it goes...have just learn that ILM V2 will be Forefront Identity Manager 2010, but I haven't found any information regarding the licensing model, rumors I've heard is that the license model will be "per user" or with need of CAL's regardless of usage (ILM 2007 differentiates the need of CAL's IF and only IF one use CLM 2007 and issue certificates...if one only use the sync engine a server license will suffice) ?

I guess that the portal functions of FIM 2010 might have resulted in the (imo negative) change of licence model ?

/A  

(As Paul directed me, I've posted this question on the correct forum, my bad !)

Troubleshooting sync failures FIM 2010

September 10, 2013, 6:33 am
$
0
0

Hi,

I have 3 FIM MAs which import user accounts from a CSV file, then sync the user accounts with AD.

The MAs and run  profiles below are used to sync accounts:

1. File MA - Full import and full sync

2. FIM MA - Export, delta  import and delta sync

3. AD MA - Export and delta import

My file MA has a filter which filters out user accounts who's DN does not contain "OU=Win Vista"

I've ran the above profiles dozens of times without issue. I've needed to amend my filter so that users who's DN contains "OU=Win 7" are not filtered out.

I ran an full sync (staging only) and then checked my preview to see filter application - at first the filters didn't apply as I wanted due to me adding a second filter, rather than adding to the existing filter.

As a rollback, I reverted FIM to a VMware snapshot. No errors logged within the event logs, all seems OK with rollback.

I changed my File MA filter so that user's who's DN does not contain "OU=Win 7" or "OU=Win Vista" are excluded (i.e. not included in sync).

I then ran the sync profiles above in order. I have an issue where around 75% of my Windows 7 users ("OU=Win 7") have been imported and there's no clear reason why the others haven't. No errors are logged within FIM Synchronization Service, FIM event logs or AD.

The odd thing is that even though a new Windows 7 user is not exported to AD by the sync process, the account is in the FIM metaverse, so I don't know why the account imported into FIM, but didn't export to AD.

I several thousand records to import, so checking each one isn't feasible. Please can someone advise how I can troubleshoot my initial sync failures?

My first thought is to re-try the sync with the same import file to see if anything changes.

Thanks


IT Support/Everything

PCNSSVC error events 7000 and 6037, both with "not enough storage"

September 10, 2013, 6:33 am
$
0
0

Hi,

we have got error events 7000 and 6037 from PCNS. Each time a bundle of 3x event 7000 and one 6037 error. All of them include the message text "Not enough storage is available to process this command".

Log Name:      Application
Source:        PCNSSVC
Date:          10.09.2013 08:16:23
Event ID:      7000
Task Category: (3)
Level:         Error
Description:
An unexpected error occurred. queue.cpp (6578): Not enough storage is available to process this command.


In the other events 7000 the source code file is slightly different, all the other data of the 7000-events are identical:
service.cpp (2291)
queue.cpp (4374)


Log Name:      Application
Source:        PCNSSVC
Date:          10.09.2013 08:16:23
Event ID:      6037
Task Category: (4)
Level:         Error
Description:
An error occurred processing a password change notification received from Active Directory. The notification was discarded by the Password Change Notification Service.
User: <domain>\<samAccountName>
service.cpp (2330): Not enough storage is available to process this command.

Our domain controllers are running Server 2008 R2 SP1.  PCNSFilt.dll has version 3.3.118.0

Never saw this before. Should I just restart the server and "forget it" or is it sort of critical? I know that PCNS v4.1 can be downloaded, but as I was told with http://social.technet.microsoft.com/Forums/en-US/4edc1d18-a2aa-4681-ae85-107364598d38/pcns-releases-release-notes-what-has-changed  I shouldnt update without a reason.

Any ideas?

Thank you.

Walter

Error: The requested operation is not valid for the current state of the management agent, which is open

September 10, 2013, 2:38 pm
$
0
0

Any thoughts on what could be causing this error all of a sudden during sync and how to resolve?  Thanks!

mmsmafim: System.InvalidOperationException: The requested operation is not valid  for the current state of the management agent, which is open at  MIIS.ManagementAgent.State.Export.ExportState.AcknowledgeExport(Guid sessionIdentifier, String acknowledgedMessageIdentifier,  SynchronizationRequestAcknowledgementType acknowledgement) at  MIIS.ManagementAgent.State.Export.ExportStateMachine.AcknowledgeExport(Guid sessionIdentifier, String acknowledgedMessageIdentifier,  SynchronizationRequestAcknowledgementType acknowledgement) at  MIIS.ManagementAgent.RavenMA.AcknowledgeExport(Guid exportSessionIdentifier,  String acknowledgedMessageIdentifier, SynchronizationRequestAcknowledgementType acknowledgement)

Ramona Balke

Failed-modification-via-web-services when running an Export on the FIM MA

September 10, 2013, 12:30 am
$
0
0

Hi,

This error pops up regularly when certain changes are made to a user in the AD.  I also have had a few posts about this in the past, but were not successful in resolving it. Initially I thought that there is a conflict of rules in the FIM portal, but interestingly when I manually change one of the attributes in the FIM portal, all rules are applied without problems and the next export on the FIM MA succeeds.

This error only happens with a specific type of contractor which is managed by the service desk.  Other contractors are managed by the HR system.  Sometimes the service desk gets instruction to deprovision a contractor before contract expiry for whatever reason, normal contract expiries are handled by rules in the portal.

When the service desk manually deprovision a user, they do the following:

1. Move the user to a specific Exits OU

2. Disable the account

3. Remove the manager

4. Add description containing the request number

5. Change the email to invalid address to prevent the user from receiving email, they normally use the request number as the mail address, for example123456@company.com

6. Also update the proxy addresses, same as email above

7. Hide the email address from the address book

The FIM portal picks these changes up, because we still need to delet the user object after a certain amount of time.  When these changes are exported the FIM MA fails with the error above.

To isolate the problem I have changed all the attributes one at a time and discovered that when the proxy address is changed manually, it causes this error.  To work around this I have changed the process on the service desk to not modify the email address and proxy addresses manually but have the FIM portal do this, by prefixing the address with a 0.

I have also done this in my lab and found that when the proxy address in AD is changed manually it also causes this error.

The question I have is the following: Is there some validation done in the FIM portal on the proxy address collection? or is this maybe a bug?  And has anyone else come across this?

Thanks

Johan Marais

JkM6228


GALSync cross forest move - Duplicate

August 10, 2013, 3:20 am
$
0
0

I am performing an Exchange migration to a resource forest using Linked Mailboxes. After the mailbox has been migrated the mailbox user remains as a mail enabled user. After the next GALSync is performed the new Linked Mailbox is synched back to the account forest as a Mail Contact. So now a contact and a mail enabled user exists creating a duplicate, which causes issues.

Another forum thread details the problem, and advised that it was able to resolve this by modifying the galysnc.dll

http://social.technet.microsoft.com/Forums/exchange/en-US/d0a27eb9-451d-450c-b887-488f68de3fbb/fim-2010-galsync-with-preparemoverequestps1#8b69684f-cc88-4039-9ef5-fc1b5df8e5ac

Does anyone know how to go about doing this? The forum thread was quite old and I am not sure if the person will respond.

Search

Where can I understand what the fields in FIM Syncronization Statistics mean and are explained?

September 10, 2013, 12:09 pm
$
0
0

Hello,

We are new to FIM and just getting into it. 

Where can I understand what the fields under the Sync Stats in the Sync Server Manager under a Management Agent Operation mean and are explained?  For example, what does Filtered Disconnectors, Connectors with Flow Updates, and Export Attribute Flow mean and where is this explained? 

Cause we are new, Im just looking for the very basic conceptual explanations here.

Thanks in advance.

Thanks for your help! SdeDot

FIM Service Management Agent: Server -Stopped

August 28, 2013, 9:34 am
$
0
0

Hiii

I trying to run the FIM Service MA it receiving an error "FIM Service Management Agent: Server -Stopped' while running Full Import and Export..after researching this error it MS Forums I got to this link

http://social.technet.microsoft.com/wiki/contents/articles/11331.troubleshooting-fim-r2-stopped-server-error-on-the-fim-service-management-agent.aspx

In this link it says Run the Sync.ClearExport stored procedure  i couldn't find the navigation to do this.

Any help will be appreciated!!

Thanks

event 6331: failed to update MA config

September 11, 2013, 5:25 am
$
0
0

HI-

I'm trying to refresh schema of FIMMA when I update FIMMA Password it is throwing an EventID 6331, Tried adding permissions for FIMMA account to 'BIN" Folder as per one of the article but it didn't fix, I'm referrring another article on EventID 6331 where it says to modify the 'MIIServer.config.extesntion' file before I make changes to this file I would like to know did anyone tried this article or will be there be any additional issues if we modify the file.

Troubleshooting] Refresh Schema on FIM MA fails: Event ID 6331

Thanks

BHOLD attestation campaign error .

September 11, 2013, 7:10 am
$
0
0

BHOLD unable to create attestation campaign.

Error message "the was an error while trying to create a campaign"

shakti

ILM hangs when Provisioning Rules Extension is enabled

September 11, 2013, 8:10 am
$
0
0

I have a second ILM server for development and am having an issue with ILM not responding when running a full sync or preview on an object. I've reinstalled ILM and imported the server config from the main server that is running without issue. Also installed sp1 and I've copied over all of the extension files. If the Metaverse rules extension is enabled without the provisioning rules extension being enabled everything works fine. But once we enabled the provisioning extension we have to kill the miisserver.exe and restart the service. The server builds are pretty much the same the only difference is the remote sql server and instance.

Viewing all 7443 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>