We have installed Silver light on Citrix Servers and the user is accessing a published application. This application needs Silverlight.
This user gets prompted to download and install it on a thin client. We cannot install anything on the thin client. How do we fix this?Thanks in advance!
Please, find the attached message.
AA2913
Hello ,
From Source we have some attributes for which special characters are allowed and FIM also accepts the same , but while exporting the same to SQL 2005 encountering export error as special characters not allowed.
Is this is because of the limitation of SQL 2005 ?
In this case , if i update any column in SQL with special character through Update query directly , then SQL is accepting the same.
Export of special character from FIM to SQL 2005 is failing.
Can anyone please advice on the resolution of this........
Regards,
Jyothishree SP
Hi
i'am using an extension rule for exporting the employeeEndDate value to accountExpires.
I have an issue ,when i delete the value in FIM, I can't manage the update of the accountExpires to set it to 0
if (mventry[MVConst.empEndDate].IsPresent)
{
CultureInfo provider = CultureInfo.InvariantCulture;
if (mventry[MVConst.empEndDate].Value != null)
{
DateTime dt = DateTime.ParseExact(mventry[MVConst.empEndDate].Value, "yyyy'-'MM'-'dd'T'HH':'mm':'ss'.000'", provider);
csentry["accountExpires"].IntegerValue = dt.AddDays(1).ToFileTime();
}
else
{
csentry["accountExpires"].IntegerValue = 0;
}
}
else {
csentry["accountExpires"].IntegerValue = 0;
}Any idea
Hi,
I am trying to access FIM portal with a user (ex: UserA). But, the portal was displayed with another user(UserB) i.e. Logged in users to FIM porta is unique even though when I tried to access with different users.
Please help
Thanks
Prasanthi.
I am trying to extend a Fim reporting schema with two boolean attributes for the person object.
I succesfully managed to add the first attribute. After that, I added the second attribute to the same schema and imported it. But now when I am trying to run Start-FIMReportingInitialSync powershell it completes with an error and just a info about the second (new) attribute.
So the question is can I use same management pack and binding files to add new attributes to reporting schema or should I create a new managemen pack and binding files each time when I want to update schema?
So basically if I have 10 attributes to update, can I add each attribute one by one and then import the same files added by one attribute, or should I create 10 different sets if I want to test that everything is working before importing a new attribute.
Of course the best way is add all the attributes at the same time, but if I need to update the schema later I need to know can I use the old files or create a new one.
Hi All,
I'm trying to run the Quickstart tool to set up Self-Service Password Reset but I'm not getting very far. The tool fails with the following error:
VERBOSE: Verifying the installation of FIM and Synchronization service
Invoke-QuickStart : Failed to connect to the specified database or Forefront Identity Management Service. Please check the specified database location, service host address, and account information.
At C:\FIM Docs\Run_Quick_Start.ps1:6 char:18
+ Invoke-QuickStart <<<< -ActiveDirectoryManagementAgentCredential $adMaCredential -ForefrontIdentityManagerManagementAgentCredential $fimMaCredential -Forest coleg.domain -DatabaseName FIMService -DatabaseServer d-fim-serv -
Container “OU=Taster Day,OU=Grove Park Campus,OU=Student Accounts,OU=_Accounts,DC=coleg,DC=domain” -ForefrontIdentityManagerServiceBaseAddress http://d-fim-serv:5725 -RunInitialLoad:$true -verbose
+ CategoryInfo : InvalidArgument: (:) [Invoke-QuickStart], PSArgumentException
+ FullyQualifiedErrorId : Invoke-QuickStart,Microsoft.IdentityManagement.QuickStart.InvokeQuickStart
...as a result, the following appears in the Forefront Identity Manager Management Agent Event Log:
System.Xml: System.Xml.XmlException: An error occurred while parsing EntityName. Line 1, position 310.
at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
at System.Xml.XmlTextReaderImpl.ParseEntityName()
at System.Xml.XmlTextReaderImpl.ParseEntityReference()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace)
at System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc)
at System.Xml.XmlDocument.Load(XmlReader reader)
at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
at MIIS.ManagementAgent.RavenMA.UIInitialize(String pszInitString, Int32& pfValid, String& ppszResult)
Any help to resolve this issue would be greatly appreciated.
Regards,
Graeme
Our customer has Office 365 tenant and have a requirement to populate GAL with contacts from legacy email system (Postfix) as well as from two other companies who has separate o365 tenants. As far as I undestand, neither dirsync nor galsync is an option in multi-tenant scenario.
What is preferred way to fetch user accounts information from Azure AD? I'm getting completed-no-objects when running an Import with AAD Connector.
I'm going to make provisioning either via powershell or WAAD Connector. Do I miss something in this setup, or it will work just fine?
Hi Folks,
We have FIM Service and FIM Sync service hosted on server A and we have Portal and FIMService hosted on server B. We have configured workflows including FIM PowerShell cmdlets that gets called when a user becomes inactive in portal. So when the employeeStatus attribute value flows from Sync server to Portal server for bulk users we are getting below exception for few users:
"System.InvalidOperationException: PowerShell script execution resulted in 5 error(s):
The type initializer for 'Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient' threw an exception."
I am guessing in a shot when the employee status becomes inactive for bulk users, the PS is not getting executed properly. Read various blogs and as suggested tried modifying "Microsoft.ResourceManagement.Service.exe" in both ServerA and ServerB. But still I keep encountering this error for few users.
Tried modifying <resourceManagementClient resourceManagementServiceBaseAddress> to
http://localhost:5725
http://severA.domain.com:5725 and http://serverB.domain.com:5725
http://portalAddress.domain.com:5725.
Please let me know if there is anything else I can try with. I am really stuck at this point and unable to proceed. Also please let me know the significance of this file Microsoft.ResourceManagement.Service.exe.
Regards,
Veena
Veena
Hello All,
How do we a provision a user to O365 from FIM. Does Microsoft provide Out of box Management Agent?
Is there any other way to create O365 accounts other than the MA?
Thank you,
Hi,
Looking at this article around Kerberos config for FIM Portal, and just wondering whether the last KCD step is correct, as this does not make sense, and when I do it, the FIM Service does not start:
http://social.technet.microsoft.com/wiki/contents/articles/3385.fim-2010-kerberos-authentication-setup.aspx
Step in question:
Thanks
Hi,
I need to find the user's last modified date in FIM portal. The "Modified/Updated" date attribute is not present in FIM Portal. Is there any way to find out the last modified/updated date of a particular user in FIM.
Please help.
Thanks
Prasanthi.
Hi,
I updated my synchronization rule. When I run a Delta Import + Delta Synchro on FIM MA, I have sync-rule-inbound-flow-rules-invalid and the SR is not updated.
When I change the Sync rule on outbound, the error is gone.
But when I re-change it on inbound/outbound the error is back
Any idea please ?
We plan to be using FIM to send password 'reminders' to users who's passwords are over 6months.
I have seen a TechNet article //social.technet.microsoft.com/wiki/contents/articles/2171.understanding-password-expiration-notifications-in-fim-2010.aspx and this looks like will work with users 'based on a max date' but how would you incorporate users that may have a password of 2 - 3 years or more old that could be staged (so not all at once).
Example that there may be 5000 users with a password more than 6months old and wouldn't want them all to go straight into the 14 days set at 'switch on' !.
Any other suggestions regarding using FIM to force password reset welcome
D.S.
This connector have a issue when is modifying attribute single-valued on OpenLDAP.
I have a lot of ExportErrorCustomContinueRun on my FIM Synchronization LDAP export.
I did a troubleshoot and identified the connector delete attribute and Add again. (On LDAP protocol we can modify attributes in one single call).
For some reason, the connector adds attribute first and then deletes.
Add one single-valued attribute that already exists, returns error 20 from Ldap Protocol.
I have some screenshoots of synchronization and Wireshark captures.
Sorry for english, my language is Portuguese.
Thanks
I have a PowerShell workflow (using the activity library from codeplex) that removes home directories at the appropriate time (triggered by MPR). The script performs its function and the try block that the remove-item cmdlet is called in doesn't trigger its catch statements (an e-mail to me and more event log entries), but it throws an error in the event log and a failure back to the FIM portal. In the event log, I get:
Access to the path 'C:\Windows\system32\LogFiles\WMI\RtBackup' is denied.
This doesn't occur if I run the Remove-Item command in a PowerShell session as the FIM app user, but it's definitely the remove-item cmdlet in the script which triggers the event. UAC is disabled on the server. I'm not sure what else to check for. I'd really prefer to have successful executions listed as successes in the portal, but if I have to live with a mismatch, so be it.
Thoughts?
-Robert
