Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 123 | 124 | (Page 125) | 126 | 127 | .... | 204 | newer

    0 0

    I'm looking for a way to use the SQL MA to write username and encrypted password to SQL database. Getting the usernames iinto SQL is a"normal" FIM job and the database can be set as a password target (PCNS is already in place) . To get started does anyone have a sample password extension? And what additional field is required in the database to store that password.

    Also, can a diiferent encryption method be used when writing out the password to the sql database?

    Thnx

    JD


    0 0

    So I have added computers to the FIM portal to allow IT admins modify computer attributes and project them back to AD.

    I am unable to modify the columns displayed on the pages I have created though. I customized the columns in the All Users it was easy, I followed the same steps and modified the columns in the search scope for all Computers but no luck.

    Any assistance on this would be helpful.


    Russell Lema


    0 0

    I have enabled password sync (pcns) in FIM and use our AD as the source. I've got 2 target MA's, 1 being a simple SQL database. Both targets have the MA's have password management enabled and the SQL MA has a custom extension assigned.

    When I change a password in AD I can see the correct events being created on the DC.

    On the FIM server I can see events (stage & set) being created for the 1 MA but the SQL MA is not even triggered. No errors nothing. What am I missing?

    Thanks
    JD


    0 0
  • 07/09/15--23:23: FIM SSPR Gates
  • Is it possible to have SMS gate active only when the user is accesing the FIM Portal outside the N/W ? 




    0 0

    Experts,

    Could anyone suggest how many objects can we manage by FIM(Specially FIM Synch Service)? My curiosity arises because only one instance of FIM Synch service can be active at a time.

    How many objects can we go on making without hitting a performance or functionality hit?

    Thanks,

    Mann


    0 0

    Event log:

    The mail sender could not send an outbound email.  This failure indicates a misconfiguration either with the mail server or with the specific mail.  Frequent, repeating instances of this event indicate a failure with the mail server.  If this event occurs alongside event 12, then this event indicates a failure with Exchange. Infrequent instances of this event indicate misconfiguration of individual emails.

    The mail server address is incorrect or specific outbound email has invalid data.

    Ensure that the mail sender is configured to connect to the correct mail server and that the outbound mail has correct email addresses.
     
    The specific exception reported by the mail server:

    --------------------

    This is every time i am trying to register for password reset.

    Exchange 2013

    This is from C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config

    <add key="mailServer" value="https://mail.mydomain.com/ews/exchange.asmx" />
        <add key="isExchange" value="1" />
        <add key="sendAsAddress" value="fim-farm@mydomain.com" />

    P.S. Ip of FIM server is added for free relay in exchange, so i can freely send mail with telnet.


    Be real


    0 0

    On the "install required components" page in the custom setting setup wizard we can give up a service account:
    1) is this account only used to start the sync service locally on the server?
     2) is this account not used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
    On the "connect your directories" page in the custom setting setup wizard we need to enter credentials:
    1) this account is used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
     2) this account we enter can only be a domain user right
     3) this blog (https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect-account-summary/) spreaks about setting additional permissions on the account if we use specific scenario such as password sync and hybrid environment. The blog post describes which permissions are needed but not how to set these. Is there a guide how to set these permissions, is there a script how to set this permissions?


    0 0

    Hi everyone,

    I'm experiencing troubles while trying to upgrade FIM Synchronization by installing hot fixes.

    My current version is (4.1.3114.0) and I need to go up to new hotfix (4.1.3613.0).

    While installing the file (FIMSyncService_x64_KB3011057), I am getting this message :

    " Forefront Identity Manager Synchronization Service was not successfully installed. To install  Forefront Identity Manager Synchronization Service, run this wizard again."

    When I run it again, I get the same message.

    I will be grateful if someone can help.

    Thanks in advance.


    0 0

    When I try to create a MA based on ECMA2 I get an error on the connectivty page.

    For instance if I use a SQL MA based on ECMA2 I get an error on the connectivity page stating "Unable to retrieve schema. Error: An anchor attribute defined by the extension...."

    JD


    0 0

    Hi all,

    I got an error when I try to open FIM Synchronization Service although the service is started now.

    My current login account is a member of administrators local group and FIMSyncAdmins group. (Even a member of Domain Admins). But it cannot work.

    I also try to restart the server (because right after install FIM, I also installed hotfix for FIM server)

    Anyone can help please?




    0 0

    Have this in logs

    1) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity.rules.

    2) WARNING: Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.ReceiveCreateResourceActivity.rules.

    3) ERROR: Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.ResourceManagement.WebServices.Client.AuthorizationRequiredException: Permission is required
       at Microsoft.ResourceManagement.WebServices.Client.Resource.Update(ClientOptionsHelper clientOptionsHelper)
       at Microsoft.ResourceManagement.WebServices.ResourceManager.ResumableUpdate()
       at Microsoft.ResourceManagement.WebServices.ResourceManager.Resume(ContextualSecurityToken securityToken)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.FinalizeRegistration()
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
       at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
       at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
       at System.Web.UI.TemplateControl.OnError(EventArgs e)
       at System.Web.UI.Page.HandleError(Exception e)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest()
       at System.Web.UI.Page.ProcessRequest(HttpContext context)
       at ASP.default_aspx.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    4) WARNING: Invalid or NULL email address

    5) ERROR: Microsoft.ResourceManagement.Service: System.ArgumentException: Invalid or NULL email address
       at Microsoft.ResourceManagement.Mail.Utilities.ValidateMailMessage(GenericMessage message, IMailServer mailServer)
       at Microsoft.ResourceManagement.Mail.ApprovalMessage.Send(Int32 timeoutInMilliseconds)
       at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.SendMailMessage(MessageContent messageContent, Int32 timeoutInMilliseconds)
       at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.ProcessWorkItem(WorkItem workItem)

    --------------------------------------

    What is already done:

    1) Double checked all setup process with permissions, wmi, dcom, etc.

    2) double checked that Fim service account is mail enabled end can successfully reach EWS web page without any issues.

    3) All users have e-mail fields filled

    4) Totally confused. Don't know where to dig.


    Be real


    0 0

    I have some Distribution Groups which can be managed through Exchange by the owners. I have inbound Sync rules to import the changes to FIM. I am facing following issues in the process:

    1) If a new owner is added to a group through Exchange, after import, I can see the the new user in the owner attribute, but the previous owner only in the Displayed Owner attribute (not as both owner and Displayed Owner). This causes the error in the FIM portal when I open the group "Please select a displayed owner among the owners above".

    2) If an owner adds a new owner to the group through exchange, and if the new owner comes above in the list in alphabetic order, then the new owner is set as the Displayed Owner in FIM after import (the displayed owner gets changed).

    how can I address these issues? Any help will be appreciated.


    0 0
  • 07/13/15--22:12: FIM Lab standalone server
  • hello,

    I want to prepare a lab for my FIM deployment. do you think it is possible to have all roles in a single server? I mean to have portal sync and SCSM on a single server. this is because I am running low on resources and as a result I want to have a FIM server for everything related for my FIM.

    Thanks


    0 0

    I have Azure DirSync setup, working.  Have been syncing user groups for Office, OneDrive, SharePoint.  No Exchange online.  Exchange is completely on prem.

    No issues with syncing users, licensing for Office, OneDrive all good.

    Now I need to start syncing some groups for SharePoint permissions.  I've added OUs for groups to partitions that will sync with DirSync.  Some groups sync okay, others cannot be seen in Azure.  It appears that the groups that are not syncing are all distribution groups.  Again - no - Exchange Online, Exchange is on Prem.

    What is required to sync an on prem distribution group in Azure?


    0 0

    Trying to modify FIM 2010

    Product Name: Forefront Identity Manager Service and Portal.

    Product Version: 4.1.3646.0.

    Product Language: 1033. 

    Reconfiguration success or error status: 1603.

    In debug logs finded only Error 1316. The specified account already exists. Can't imagine what's wrong, as all service accounts are working ...

    Debug LOG, containing exact error and install sequence:

    Action start 21:35:11: InstallExecute.
    CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
    CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack retraction.
    CAQuietExec:  Removing feature for microsoftidentitymanagement.wsp
    CAQuietExec:  Retracting microsoftidentitymanagement.wsp
    CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
    CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack retraction.
    CAQuietExec:  Removing feature for microsoftilmportalcommondlls.wsp
    CAQuietExec:  Retracting microsoftilmportalcommondlls.wsp
    MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
    MSI (s) (CC:38) [21:37:15:705]: Using cached product context: machine assigned for product: 39D42BE8AB19D534FB8839931C4C3626
    MSI (s) (CC:38) [21:45:51:298]: Product: Forefront Identity Manager Service and Portal -- Error 1316. The specified account already exists.
    Action ended 21:45:51: InstallExecute. Return value 3.
    CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
    CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack deployment.
    CAQuietExec:  Deploying microsoftilmportalcommondlls.wsp
    CAQuietExec:  Adding feature for microsoftilmportalcommondlls.wsp
    CAQuietExec:  Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
    CAQuietExec:  Executing all administrative timer jobs in preparation for FIM solution pack deployment.
    CAQuietExec:  Deploying microsoftidentitymanagement.wsp
    CAQuietExec:  Adding feature for microsoftidentitymanagement.wsp
    Action ended 21:48:54: INSTALL. Return value 3.
    Action ended 21:48:54: ExecuteAction. Return value 3.
    Action start 21:48:54: FatalError.
    Action ended 21:57:19: FatalError. Return value 2.
    Action ended 21:57:19: INSTALL. Return value 3.
    === Logging stopped: 14.07.2015  21:57:19 ===
    MSI (c) (E0:A0) [21:57:19:026]: Product: Forefront Identity Manager Service and Portal -- Configuration failed.


    Be real



    0 0
  • 07/14/15--16:22: Wipe FIM configuration
  • Still having a few issues with upgrading our FIM dev environment to be a replica of prod. The scripts MS provide for export & import schemas & policies work on the export side but fail on import.

    Is there a way to wipe the existing FIM dev environment (i.e. remove all MA's and non standard portal content) but without having to rebuild the whole FIM server?

    Thanks,

    Mikey


    0 0

    Hi,

         In our Sync system, there are two source SQL MAs. The users from two different sources i.e. SQLMA1 and SQLMA2 has to be synchronized to metaverse and from there these users should exported to FIM MA.In detail we have

    1. SQLMA1-->Source1

    2. SQLMA2-->Source2

    3. FIMMA--

    4. ADDSMA-->Target.

    The flow will be like, the Users will come from Source1, Source2 and will be exported to FIM. From FIM these users have to be provisioned to AD.

    SQLMA1-->FIMMA-->ADDSMA

    SQLMA2-->FIMMA-->ADDSMA

    In this scenario, how can i map the attributes.How will be the metaverse attribute mappings with the source system and target system. For example AccountName and FirstName, how can i map these two attributes in order to achieve.

    Thanks

    Prasanthi


    0 0

    Hello Everyone,

    do you know how i could create a group in the portal when an sql table is created and delete it when its deleted,

    + user membership of course :)

    thanks


    Hitch Bardawil


    0 0

    Hello!

    I have MA for csv file.

    When I do Full import and Full Sync to metaverse, in metaverse attribute Manager is clear.

    Preview Full Sunc - Attribute Manager - Applied Delete and Final Value is Deleted.

    Users have ID.

    Manager in csv - ID.

    In Csv MA Manager is Reference(DN) attribute.

    Why I get clear attribute in metaverse?

      

     


    Alex


    0 0

    Hi all,

    We have a SharePoint 2013 Enterprise farm and I was wondering if I could deploy the FIM portals on this version of SharePoint as the MS documentation speaks only of SharePoint Foundation. Technically I am pretty sure it can be done but  I need to know if I would be supported by Microsoft in that scenario.

    Thanks


older | 1 | .... | 123 | 124 | (Page 125) | 126 | 127 | .... | 204 | newer