Hi,

While running FIM CM MA, I am getting this error, event id 8041 followed by 6801 and 6803. 

I am suspecting this because of recently upgraded FIM CA 2010 server to latest version 4.0.3684.2. 

Please suggest. Thanks.

Ok, so as the topic says...

not on R2 here..

Object type Organization from HR with sync. rule to MV, from MV with flow-rule to FIM, in FIM, organizations become set members and trigger provisioning as Groups in AD. So far so good. Now i need the groups to go back in to FIM for me to be able to manage members.

I've create a sync. rule with a scope like "dn ends-with OU=%where groups are provisioned,DC=domain,DC=com", the Sync. rule has' "Create in FIM" and the Sync rule is part of the WF that add's the organizations to the provisioning sync. Also tried creating a separate WF and put that in same MPR that link's the WF to the set. no luck :/

Why is my group importing sync. rule not applying to the newly create AD groups? Other AD group sync. rules work fine this way.

I guess a WA would be to add the member attribute to the Organization objects in FIM and then flow membership to AD when i provision the gorups.

/Frederik Leed

I want to install a trial version of FIM. The download trial link in the website takes me to Virtual Lab. I want to download the trial version and play around in my Sandbox. 

Thanks

Gopi

I have deployed FIM 2010 R2 with Self service password reset feature. It is working currently users can register and reset their password. I have following questions

1- If a user has not registered for SSPR , can he still be able to reset the password using reset portal?

2- Is it mandatory to register for SSPR for resetting the password?

3- Can there be a mechanism wherein help desk users log in to the portal and reset the account for a user  and send the password through email to users manager?

4- Basically we do not want users to call help desk and helpdesk reset the password in AD. Help desk must use fim portal.

for resetting the password

AdiKumar

I am working on a FIM implementation at a large Healthcare Organisation.  As part of our implementation, we use the FIM Portal to manage Security Groups that in turn provide access to downstream systems.

In order that the SG Owners could search for users to add to the SG's, I had to create an MPR that allowed all Security Group Users to Read Resource, Add or Remove a value to a multivalued attribute, Modify a single-valued attribute and Grant Permissions to a Target Resource of All People.

As far as I can see, there are no obvious instructions to do this on TechNet, following the instructions linked (http://social.technet.microsoft.com/Forums/en-US/4efaeac9-af3c-4694-9a6e-e2644892a80d/allowing-a-user-to-see-security-groups-they-own) did not allow the SG users to see other users via the Portal.  Scouring around the various FIM/IDM blogs similarly didn't give any steer as to creating this new MPR.

My question is - have I ended up using a sledgehammer to crack a nut - and is there a less 'all encompassing' option I could have utilised?

This controls the membership of my groups. With this xPath, the members are the Groups.

/Group[PARENT_ORGANISATIONS_ID = '750547d8-8147-4c74-85b1-c1ec2bded963']

I also need the membership of my group to contain users.

/Person[Description= 'Constant']

So what i need, is the entire xPath where both groups and users are contained.

This is not correct, but this is what i wan't to do.
[(/Group[PARENT_ORGANISATIONS_ID = '750547d8-8147-4c74-85b1-c1ec2bded963']) or (/Person[Description= 'Constant'])]

any pointers`?

/Frederik Leed

Hi There,

I am Veerappa here I working on FIM 2010 R2 Deployment (Migrating ILM 2007 MIIS to FIM 2010 R2),

In my scenario is we have SQL database that has User objects Table\view row with some attributes ex.peopleID,Pleoplekey, enterprise ID,etc.

I have created SQL Database, FIMMA and Active Directory Management agents in FIM Synchronization service to synchronize users to Active Directory.

Now my question how to export SQL database objects to FIM Metaverse - Active Directory from FIM Portal without using provision code, I need to get done with declarative provisioning.

How to create Inbound sync Rule, Outbound rule, set, MPR & workflows to provision SQL objects users to Active Directory.

And when to do Full import, Full sync, delta import & export in the Management agents.

If any one could help this I will glad to them.

Thanks & Regards

Veerappa

And also am getting lots of orphaned EREs whenever I delete the objects & Synchronization rules from FIM Portal so how to delete them permanently those should not come in future.

why they were created in the first place and how to avoid them in the future.

I am running fimmA export and it is throwing a huge bunch of this error in sql logs. Can someone help with this error log please? What is RavenMA?

mmsmafim: System.InvalidOperationException: The requested operation is not valid for the current state of the management agent, which is ready
   at MIIS.ManagementAgent.State.Export.ExportState.AcknowledgeExport(Guid sessionIdentifier, String acknowledgedMessageIdentifier, SynchronizationRequestAcknowledgementType acknowledgement)
   at MIIS.ManagementAgent.State.Export.ExportStateMachine.AcknowledgeExport(Guid sessionIdentifier, String acknowledgedMessageIdentifier, SynchronizationRequestAcknowledgementType acknowledgement)
   at MIIS.ManagementAgent.RavenMA.AcknowledgeExport(Guid exportSessionIdentifier, String acknowledgedMessageIdentifier, SynchronizationRequestAcknowledgementType acknowledgement)

We plan to make backup restore design of FIM for galsync.

If we take SQLDB backup, and restore that, I think it need full import and full sync of all GALMA.

So, I wondered it might be faster to create Fimsynchronizationservice database which include no data ,and full import and full sync of all GALMA .

Is there any best practice ?

1

When start synching of one GALMA,

Initialize() function is called every time at first once ?

2

If #1 is yes, is it possible to define variable , save data to that varible from file by writing VB code,  and keep that data until sync end ?

Hi.

Has anyone tried to migrate the DirSync Azure MA to a normal FIM 2010 R2 implementation?

/Søren

We have a potential client that wants us to host a SharePoint site at a co-location.  They have AD at their home office.  They want SSO for this SP site and to be able to manage password resets and other account stuff themselves.  I'm just learning about both ADFS and FIM.

My initial idea was to setup a new domain and ADFS at the colo site, then a FIM server as well, and integrate FIM with ADFS.  Is that possible?

OR can we put a domain controller up at the colo site and join it to -their- domain via VPN tunnel, then set up just a FIM server and they have SSO and account control that way?

Any help is greatly appreciated..

Hi,

I have sql MA which brings two object types from sql view 1. Org and 2. User. I had to combine them to keep them in same CS to generate references. User has a reference multivalued atrribute called "AdministratorForOrganization" which points to org objects if a particulare user administor them.

This out of the box sql MA is taking too long. We have good sql DBA team and two views defined in database is tuned to get better results.

When I run "Full Import" Sql MA is picking each record from parent view(definition: OrgIDEmailID,ObjectType,OrgName,FirstNme,LastName) ignoring object type and querying child view(definition: OrgIDEmailID,AttributeID and AttributeValue).

Here WHY FIM is querying child view for org object type. In my Sql MA configuration I did not have mapping for "AdministratorForOrganization" for organization object type. I have "AdministratorForOrganization" attribute mapping for user type so it make sense.

Any ideas? Has anybody encoutered same/similar issue? I have FIM2010. Is FIM2010 R2 has any improvement around this area( mean batch reading instead of one record at a time)?

Thanks in advance for looking at it.

Thanks,
Bhavesh

Hi,

How can I allow a manager to be able to edit / update only certain attributes in the FIM portal for people reporting to the manager? The manager should not be able to edit or update attributes for people not reporting to him or her.

All people in the portal have the manager attribute populated. I know that it should be done with a MPR. but the questions is How.

Thanks

Johan Marais

JkM6228

The results for June's TechNet Guru competition have been posted!

http://blogs.technet.com/b/wikininjas/archive/2013/07/10/technet-guru-awards-june-2013.aspx

Congratulations to all our new Gurus for June. We will be interviewing and highlighting their achievements, as the month unfolds.

If you think you have a useful fact, snippet, or detailed solution that is as good or better than the examples you see for June, please share it with us on TechNet Wiki.

Post your JULY contributions here:

http://social.technet.microsoft.com/wiki/contents/articles/18211.technet-guru-contributions-july-2013.aspx

Below is a copy of the June winners. The last column being a few of the comments from the judges.

BizTalk Technical Guru - June 2013

SharePoint 2010 Technical Guru - June 2013

Small Basic Technical Guru - June 2013

SQL Server Analysis Services Technical Guru - June 2013

SQL Server Reporting Services/Power View Technical Guru - June 2013

Transact-SQL Technical Guru - June 2013

Visual Basic Technical Guru - June 2013

Visual C# Technical Guru - June 2013

Windows Phone Technical Guru - June 2013

Windows Store Apps Technical Guru - June 2013

WPF Technical Guru - June 2013

A great big thanks to EVERYONE who contributed an article to last month's competition.

Hopefully we will see you ALL again in this month's listings?

If you have not yet contributed an article for this month, and you think you can produce a more useful, clever and better produced wiki article than the winners above, here's your chance! :D

Best regards,
Pete Laker

More about the TechNet Guru Awards:

• TechNet Guru Competitions
• TechNet Guru Contributions for June 2013
• TechNet Guru Contributions for July 2013
• Winners for May 2013
  Winners for June 2013

#PEJL Got a good solution? If you invest your time in coding an elegant/novel or large answer on these MSDN forums, why not copy it over to our belovedTechNet Wiki, for future generations to benefit from!

#PEJL Got a good solution? If you invest your time in coding an elegant/novel or large answer on these MSDN forums, why not copy it over to our belovedTechNet Wiki, for future generations to benefit from!

I'm just wondering if anyone has successfully managed to implement a solution to hide and unhide mailbox enabled users from the global address list in Exchange 2007 (or 2010/2013) using FIM 2010 (or R2) ?

I've seen a couple of posts related to the same question but the only suggestion was to set “msExchHideFromAddressLists” to “TRUE” to hide and remove / set to "FALSE" to unhide.  However in my previous role I was an Exchange admin and I'm not sure this (a) works properly (see http://social.technet.microsoft.com/Forums/en-US/1bfc1f51-fcab-41c0-a44e-43f98565b1bf/hide-email-address-from-global-address-list-exchange-2007) (b) is supported from an Exchange perspective.

I've done some before / after testing of changing the "Hide from Exchange address lists" using either the Exchange management console or management shell, and in addition to changing the "msExchHideFromAddressLists" attribute, the "showInAddressBook" attribute is also updated at the same time.  So, to hide :

"msExchHideFromAddressLists" is set to "True"
"showInAddressBook" is set to null / blanked out

Easy enough to do in a rules extension, but the problem arises when you want to unhide a mailbox from the GAL, in which case you have to set "msExchHideFromAddressLists" to False/Null, but how do you repopulate "showInAddressBook" ?  when you use the EMC/EMS Exchange does some under the covers stuff to repopulate that attribute.  It used to be a function of RUS in Exchange 2003 but since 2007 RUS no longer exists.  You can set "msExchHideFromAddressLists" to null and then run "Update-Recipient" in powershell (similar to what FIM does following exchange provisioning) and this does populate "showInAddressBook" but then you've got to call powershell somehow.

All of the Exchange related posts I've read say basically use either the EMC or EMS, so I was just wondering if anyone had achieved this using FIM and if so how ?  the only way I can think of doing this is having a MPR/Set/Workflow in the portal that kicks off a bit of powershell, but I was wondering if anyone had done this using the sync server/attribute flows/rules extensions, that kind of thing ?

Hi,

I just adjusted the schema of my Oracle EBS MA. Now whenever I import I get this error:

failed-connection           column-list-reordering           0x80040e07

No other details are provided. The connection works fine when I refresh the schema or alter the MA. But when I import, this is what I get. 

Any advice is appreciated. Thanks in advance. 

We have a manually managed owner approval required group in FIM2010 R2. These groups flows to AD with membership.

Users can request to join the group from portal or outlook add in. 

Now what i want is user should be removed from security group in FIM after 30 days. Prior to this an email needs to sent to user notifying his access to group is going to expire in 7 days . User can extend or do nothing.

If he extends then request must go to owner of group stating a user wants to extend his membership  . Owner can approve or reject.

- user expiring in 7 days , there can be set and transition MPR with WF which will trigger email notifying user that his membership will expire in 7 days.

How to track when user was added to security in FIM ? and when group owner approves extension how to extend his membership in Group in FIM ?

Please guide me on this.

AdiKumar

    I am having a problem registering on the Password Registration Portal. I can login and proceed to answer the security questions. When i click next after answering all the questions I get an error on browser

An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3008)

3 events are also logged in the Event Viewer on the Portal Server. (SEE BELOW)

I am able to connect to the fimservice2 from browser on Portal server using the URLs : http://fimservice2.idmad.lab:5725 and http://fimservice2.idmad.lab:5726. So I think its not network or firewall problem. I have included the relevant information below. Please let me know if you need any more information.

Environment :

Windows Server 2012 , FIM 2010 R2 SP1, Sharepoint 2013 Foundation.

FIM Portal, Password Registration and Reset portals are all on a separate server than FIM Service. FIM Portal is working fine.

SPNS:

CN=FIM PWService,OU=FimServiceAccounts,OU=FIMAdmin,OU=FimLab2,DC=idmad,DC=lab

HTTP/fimreset
HTTP/fimreset.idmad.lab
HTTP/fimreg.idmad.lab
HTTP/fimreg
-----------
CN=FIM Service,OU=FimServiceAccounts,OU=FIMAdmin,OU=FimLab2,DC=idmad,DC=lab

FIMService/fimservice2
FIMService/fimservice2.idmad.lab
-----------
CN=FIM SPPool,OU=FimServiceAccounts,OU=FIMAdmin,OU=FimLab2,DC=idmad,DC=lab

HTTP/fimportal2
HTTP/fimportal2.idmad.lab

Web.config for Password Registration Portal :

  <resourceManagementClient resourceManagementServiceBaseAddress="http://fimservice2.idmad.lab:5725" timeoutInMilliseconds="60000" />

Microsoft.ResourceManagement.Service.exe.config file :

  <service name="Microsoft.ResourceManagement.WebServices.ResourceManagementService">
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:5725" />
          </baseAddresses>
        </host>
      </service>
      <service name="Microsoft.ResourceManagement.WebServices.SecurityTokenService">
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:5726" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <resourceManagementClient resourceManagementServiceBaseAddress="fimservice2.idmad.lab" />
  <resourceManagementService externalHostName="fimservice2.idmad.lab" />

3 events in Event log on the portal server:

EVENT 1

Failure to connect to FIM Service
The web portal failed to connect to the FIM Service.

Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
Details:
System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://fimservice2.idmad.lab:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
   at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
Web Portal: FIM Password Registration Portal
Session Id: qoind5aknc1xmn55ho033qn0
IP Address: 10.0.44.44

EVENT 2

Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.GenericCommunicationException: An error occurred while receiving the HTTP response to http://fimservice2.idmad.lab:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://fimservice2.idmad.lab:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
   at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
   at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
   at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
   at System.Web.UI.TemplateControl.OnError(EventArgs e)
   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.default_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

EVENT 3

The error page was displayed to the user.
Details:
Title: Communication Error
Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3008)
Source:
Attributes:
Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.GenericCommunicationException: An error occurred while receiving the HTTP response to http://fimservice2.idmad.lab:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://fimservice2.idmad.lab:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
   at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId:
RequestId:
ErrorCode: 3008
CaughtTime: 07/10/2013 10:12:55

Web Portal: FIM Password Registration Portal
Session Id: qoind5aknc1xmn55ho033qn0
IP Address: 10.0.44.44

Hi,

I vaguely remember seeing a whitepaper or maybe one of the walkthroughs for ILM where, within a rules extension, they were using a table in SQL server as a lookup table, e.g., for mapping attributes or something like that.

Does anyone here recall something like that?

The reason for I'm looking for that is that some of our "legacy" extensions are doing something like, where they map a pair of attributes (like location name and state) into postal codes.

The way that the current code does this is to instantiate a new connection to the SQL server each time the extension is invoked, but we've been asked if it'd be possible to not do that, but to do something like create the connection at the beginning of the profile run, and then just use the same connection for the lookups/queries, and I was hoping that walkthrough (or whatever it was) might have some suggestions about how to do that in ILM.

With ILM, is there some way to do something like that, like maybe at start of the profile run (or maybe even at ILM startup) to open a connection to an SQL server and then, within the rules extensions, re-use that already instantiated connection?

Thanks,

Jim