Getting "[Modify] Could not get required interface" Error on SQL MA Using INSTEAD OF Trigger

July 16, 2013, 3:10 pm

≫ Next: WebService Connector - FIM 2010 R2

≪ Previous: [Reference] Steps to enable tracing in the Directory Synchronization Password Synchronization component:

$

0

0

I have a SQL MA that is connected to two views (one for main view for normal import/export, the other for Delta import).  The main view joins two tables.  There is an INSTEAD OF trigger on the main view, to allow updates back to a specific base table (which is included in the join of the main view). 

I had thought this would allow the SQL MA to write updates back to the base table. I verified I can update the view (and thus, the base table via the INSTEAD OF trigger) using the same credentials configured for the SQL MA in SQL Server Management STudio. 

However, when I try to run an export from the SQL MA, I get cd-error for each entry it is trying to export.  Here are the errors:

Connected data source error code: 0x80230808

Connected data source error: [Modify] Could not get required interface

I was reading some things about possible some issue with OLE DB (which I understand SQL MA is based on) not being able to "see INSTEAD OF triggers" or something like that.  Has anyone else implemented updateable views using INSTEAD OF triggers in conjunction with the SQL Management Agent?  I am on version 4.1.3441.0.

Any insight here? Thanks!

---

WebService Connector - FIM 2010 R2

July 17, 2013, 2:42 am

≫ Next: How to check,how many times a user did reset your password in FIM 2010 R2?

≪ Previous: Getting "[Modify] Could not get required interface" Error on SQL MA Using INSTEAD OF Trigger

$

0

0

I am new to webservice  connector.I am trying to connect to a webservice created by me which returns a string.I want to import that string to CS.I tried to configure with WS configuration tool but no luck.I created a webservice call in Delta import also.

Can anyone give a example so that I can start off with that?I already have the MS document(Connector for Web Services).

How to check,how many times a user did reset your password in FIM 2010 R2?

July 17, 2013, 3:27 am

≫ Next: How to assign permission to one user that can do unlock user in FIM 2010 R2.

≪ Previous: WebService Connector - FIM 2010 R2

$

0

0

Hi,

I wants user report when user created,registered and reset your password and also want to know how to check,how many times a user did reset your password in FIM 2010 R2?

Regards

Anil Kumar

How to assign permission to one user that can do unlock user in FIM 2010 R2.

July 17, 2013, 3:33 am

≫ Next: FIM Troubleshooting Error 3000

≪ Previous: How to check,how many times a user did reset your password in FIM 2010 R2?

$

0

0

Hi,

I want to create a helpdesk user with limited permission that can do unlock users in FIM 2010 R2 rether then Administrator.

Regards

Anil Kumar

FIM Troubleshooting Error 3000

July 17, 2013, 4:19 am

≫ Next: Customize existing User UI

≪ Previous: How to assign permission to one user that can do unlock user in FIM 2010 R2.

$

0

0

Hello FIM Community,

  Just like many I am having error 3000 issues where some users can use SSPR (password reset portal) and some can't receiving error 3000 and the event log says the following.

The error page was displayed to the user. Details: Title: Error Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Source: Attributes: Details: System.ArgumentException: data contains an invalid number of tokens at Microsoft.IdentityManagement.CredentialManagement.Portal.Gates.GateData..ctor(Byte[] data) at Microsoft.IdentityManagement.CredentialManagement.Portal.Gates.QAGateControl.Initialize(Mode mode, Byte[] data, Byte[] settings) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetCurrentGate() at Microsoft.IdentityManagement.CredentialManagement.Portal.BasePage.ShowCurrentGate(Control container) at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.MoveToAuthenticationGates() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) CorrelationId: RequestId: ErrorCode: 3000 CaughtTime: 07/17/2013 06:15:35 Web Portal: FIM Password Reset Portal Session Id: 1czh1w45otslw345qo4gmayy IP Address: 10.2.32.54</Data>

I'm not sure if this gives you a clue, but I need to get this resolved as soon.

Thank you,

Bill K,
billkirk@datacloudgroup.com

Customize existing User UI

July 17, 2013, 9:28 am

≫ Next: Change Username

≪ Previous: FIM Troubleshooting Error 3000

$

0

0

Guys,

I have just started delving into FIM Portal. I have managed to flow all my MV user objects to the portal via FIM MA. When I open the users in portal I find some of the fields in the UI does not make much sense for our purpose. I need to make some changes to the drop down for, say, employeeStatus, also I need to delete some of the unused fields from the UI. Wondering if there is any easy way to do that or do I need to build my own UI (RCDC) from scratch to make it more meaningful. I will appreciate any help.

Regards.

Ray.

Change Username

July 17, 2013, 10:58 pm

≫ Next: Intranet/Extranet password reset portal

≪ Previous: Customize existing User UI

$

0

0

My friend just reimaged my comp to 7.  He set the username to stephenveal.  I renamed it to Shawn Paul.  Now, at the login screen, the account name says Shawn Paul.  The name at the top of the start menu says Shawn Paul.  But, if I go into the users folder, my folder that should say Shawn Paul still says stephenveal.  I tried renaming and deleting it, but I got the error message that says that a file or program in the folder is still open.  I went into the admin account and tried doing the same thing and I got the same error message.  I also tried moving all the perishable files into the admin account and then renaming or deleting the folder, but I got the same results.

Intranet/Extranet password reset portal

July 18, 2013, 2:25 am

≫ Next: FIM 2010 R2 Outbound System Scoping Filters - OR Condition?

≪ Previous: Change Username

$

0

0

Hello, 

i want to have two portals one intranet and extranet password reset portals. 

For the intranet users i want to have Q/A WF with sending password by email 

For the extranet users i want to send security code by sms. By the way is there some API to send password for FIM

Is it possible to do that ? 

Thanks 

---

FIM 2010 R2 Outbound System Scoping Filters - OR Condition?

July 18, 2013, 5:00 am

≫ Next: Scripting Identity Integration Server 2003

≪ Previous: Intranet/Extranet password reset portal

$

0

0

Hi,

 

I'd like to find out if it is possible to configure and OR condition on an Outbound System Scoping Filter for an outbound sync rule.  The scenario is this:

We're provisioning data to an external system based on an attribute in the MV called employeeType.  Each MV person can only have one employeeType.  There are several different possible values for employeeType such as Permanent, Contractor, Temp etc .etc.

We only want to export data when the employeeType is Permanent OR Contractor.  If you create two conditions in the scoping filter though, they seem to be tested with a boolean AND resulting in no records being provisioned to the external system.

With only one condition in the scoping filter, records of the type specified in the filter are provisioned fine.

Any assistance here would be most appreciated.

Kind regards

Adrian Thomas

Scripting Identity Integration Server 2003

July 18, 2013, 6:40 am

≫ Next: Attribute only in MV

≪ Previous: FIM 2010 R2 Outbound System Scoping Filters - OR Condition?

$

0

0

We're using MIIS 2003 (v3.2 SP2) to import to Active Directory from eDirectory.

I've created a simple PowerShell script that uses WMI to trigger the Run Profiles of the Management Agents on demand.  I can parse the resulting RunDetails' XML to find the number of users added into AD:

[xml]$xmlAD=$activeDirectoryMA.RunDetails().ReturnValue
$xmlAD."run-history"."run-details"."step-details"."export-counters"."export-add"."#text"

 How do I find out WHO was added?  I can see the details (distinguished names) of synchronisation errors but not of what was added (or updated) successfully.  This is easily viewable in the GUI.

Is this level of detail accessible over WMI?

Thanks!

Attribute only in MV

July 18, 2013, 3:12 pm

≫ Next: FIM 2010 GALSYNC contact to be created with Display name and company name

≪ Previous: Scripting Identity Integration Server 2003

$

0

0

Is there a way to calculate the value of an attribute only in metaverse without making portal to calculate it? I want to use this value just as a join so I am wondering if I can do it without the fimma atribute flows and workflows?

Fimma is already passing accountName to MV and I want to use accountName@domain.edu as a join for other DS.

Thanks in advance.

FIM 2010 GALSYNC contact to be created with Display name and company name

July 18, 2013, 4:27 pm

≫ Next: FIM R2 Reporting Custom Reports and Extensibility

≪ Previous: Attribute only in MV

$

0

0

Hi All,

I am working on FIM 2010 to create galsync between multiple forest. There are around 10 different forest which have to be synchronized. I want to know if the contacts created in AD can be shown with users display name and company name. just like the below format.

TOM [ABC]

Tom - Users Display name

ABC - Company name

appreciate if anybody can provide an article or guide me to achieve this.

Thanks,

FIM R2 Reporting Custom Reports and Extensibility

July 19, 2013, 12:13 am

≫ Next: FIM web service connector - how to pass the multivalued attribute value of reference type (Export)

≪ Previous: FIM 2010 GALSYNC contact to be created with Display name and company name

$

0

0

I want the report to be extended to include a custom attribute on the person object, so I followed the instruction as perhttp://technet.microsoft.com/en-us/library/jj133861(v=ws.10).aspx 

1. Schema validation/import using powershell were successful, I can see the datawarehouse binding object in the FIM portal.  
2. I checked the DB, the Dataware house binding and schema were created, and I can see the new tables and columns created in the DWRepository and DWDataMart database. 

I've run the scripts

1. Start-FIMReportingInitialSync
2. Start-FIMReportingIncrementalSync
3. and the ETL script

All completed successfully.

However no data is being imported into the new FIMPersonExtensionDimtable (my extended person DW table) in either the DWRepositoryand DWDataMart database, though the users appear in the defaultFIMPersonDim.  So the report doesn't work.

Is there any step I missed?

snippets of the binding and schema as below

<ClassBindings><!-- Person --> <ClassBinding><SystemObjectAttribute ObjectTypeName="Person" AttributeName="InfraUserType"/><DataWarehouseClassProperty ClassTypeIdentity="FIMDW.FIMPersonExtension" PropertyIdentity="FIMPersonInfraUser" ManagementPackIdentity="Microsoft.Forefront.IdentityManager.Datawarehouse.TEST.Extensibility" ManagementPackVersion="1.0.0.1"/></ClassBinding></ClassBindings>

<TypeDefinitions><EntityTypes><ClassTypes><ClassType ID="FIMDW.FIMPersonExtensionInfra" Accessibility="Public" Abstract="false" Base="FIMDW!FIMDW.FIMPerson" Hosted="false" Singleton="false" Extension="true"><Property ID="FIMPersonInfraUser" Type="string" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="25" MinLength="0" Required="false"/></ClassType></ClassTypes></EntityTypes></TypeDefinitions><Warehouse><Dimensions><Dimension ID="FIMPersonExtensionTESTDim" Accessibility="Public" InferredDimension="true" Target="FIMDW.FIMPersonExtension" HierarchySupport="IncludeExtendedClassProperties" Reconcile="false"/></Dimensions></Warehouse>

Thanks

John

FIM web service connector - how to pass the multivalued attribute value of reference type (Export)

July 19, 2013, 5:06 am

≫ Next: FIMSynchronizationService Parameters

≪ Previous: FIM R2 Reporting Custom Reports and Extensibility

$

0

0

Hello,

how should I configure a workflow for multivalued reference attributes in Export wokrflow by using Web Service Configuration Tool? I need to configureRoleIds multivalued reference attribute for User object.

For now I have only configured assignments for String attributes:

FIMSynchronizationService Parameters

July 19, 2013, 5:08 am

≫ Next: One to many accounts for Active Directory (Admin/Business users)

≪ Previous: FIM web service connector - how to pass the multivalued attribute value of reference type (Export)

$

0

0

I have problems with the connection to the SQL Server. I am receving a timeout error.

I found a link in the internet that mention a ConnectionTimeout parameter for the FIM

I have input this parameter in the registry but I continue with the error.

Question:  Do someone can explan me how to use this parameter?

TIA

---

One to many accounts for Active Directory (Admin/Business users)

July 19, 2013, 5:43 am

≫ Next: Error 25009 installing FIM 2010 R2 Synchronization Service "Invalid object name 'mms_management_agent'

≪ Previous: FIMSynchronizationService Parameters

$

0

0

Hey all,

I'm wondering how you handle this situation: in a lot of environments where I come some people require multiple AD accounts. For instance a lot of IT staff members have a regular account and an admin account.

In the past I've done projects where HR is linked to AD over FIM and where the FIM Portal acts as a source for Admin accounts. In this approach each "warm body" is represented twice in the MetaVerse.

Now I was wondering whether it would be a good idea to have two AD MA's (for one domain) where one MA manages the OU's with the Admin users, and another MA manages the OU with the regular users.

Is there any reason not to do this?

---

http://setspn.blogspot.com

Error 25009 installing FIM 2010 R2 Synchronization Service "Invalid object name 'mms_management_agent'

July 19, 2013, 6:19 am

≫ Next: Oracle MA failed connection start Error Code 0x80230804

≪ Previous: One to many accounts for Active Directory (Admin/Business users)

$

0

0

Hi,

I have a problem installing FIM 2010 R2 Synchronization Service at a customers site. I keep getting the 25009 error. This is a clean install and not an upgrade. The error I keep getting is:

Error 25009. The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. Invalid object name 'mms_management_agent'. A required privilege is not held by the client.

I have verified that I am sysadmin on the SQL server. I have tried the suggestion as per Brad Turners blog post:

http://www.identitychaos.com/2009/09/issues-with-sql-server-in-windows-2008.html

But the problem still exists.... The Environment is Server 2012 for FIM and a remote SQL 2012 server. I also tested on an 2008 R2 server with SQL 2008 R2 running locally, but got the same error, so it doesn't seem to be related to OS or SQL versions but rather some domain related issue.

Any tips on how to solve this error would be much appreciated.

Regards

Patrik

Oracle MA failed connection start Error Code 0x80230804

July 20, 2013, 1:20 am

≫ Next: SSPR Queries

≪ Previous: Error 25009 installing FIM 2010 R2 Synchronization Service "Invalid object name 'mms_management_agent'

$

0

0

I got the same error in the below when importing Oracle MA by MIIS.

http://social.technet.microsoft.com/Forums/en-US/d3409d13-a064-4186-b6b4-c62741927c54/oracle-ma-failed-connection-start-error-code-0x80230804

I tried to replace OracleDB from 10g to 11g.(I know it is not supported.)

I was prompted to refresh schema and refreshed schema and did Full import , Full synchronization and it worked fine.

But I tried to import Oracle MA again it says failed connection start Error Code 0x80230804.

Which folder do I need to grant the MIIS service account to change right permission ? I tested to grant oracle 10g client folder but it did not work. 

Do I need to restart MIIS service ?

I confimed that I could login and select data from table in Oracle11gDB using sqlplus with Oracle MA access acount.

SSPR Queries

July 20, 2013, 4:32 am

≫ Next: How Delta import and Delta sync work for GALMA,ADMA,LDIFMA,OracleMA ?

≪ Previous: Oracle MA failed connection start Error Code 0x80230804

$

0

0

Hi All,

I am trying to find out the answer of below questions in respect to FIM 2010 R2 SSPR. Can anyone  please suggest me.It will great help if i got the answer of below questions.

1. If a account is locked on AD.

a. Will SSPR unlock account and reset the password on AD?

b. If account is locked, will SSPR reset the password or get an error that account is locked and cannot reset the password.

2. What automated emails can be generated to the user on successful or failed FIM reset attempts? If yes, please give some idea to implement it.

3. How can we implement pop up to force a user to register for SSPR in FIMR2 if we implemented web based password reset functionality?

4. Can any AD account be registered with FIM, and if so is it possible to enable/block certain accounts? (There are some accounts such as Service Accounts (or those without interactive logon enabled) that we may not want to allow a password reset…is the only prevention not to register questions for these?)

5. Is it possible to force the user to change the answers to the user’s registration questions periodically and how this can be done?

6. We want to prevent others/attackers from gaining access to another person’s account.

7. At some point, a user may still need to call the Service Desk to manually reset the password or unlock the account (i.e. multiple unsuccessful self-resets). How can we improve the ability to authenticate the user?

8. Can we get a report as below

1. How many times a a users tried or number of attempt to reset the password.
2. To show number of successful password resets in total and by user in one month.
3. Reports for accounts that do/don’t have their challenge questions registered in FIM

Thanks

Harry

How Delta import and Delta sync work for GALMA,ADMA,LDIFMA,OracleMA ?

July 20, 2013, 10:58 pm

≫ Next: ADFS/WS-Federation implementation

≪ Previous: SSPR Queries

$

0

0

We use MIIS for galsync.

I heard that anchor value of GALMA,ADMA is objectGUID.

Q1

I guessed that during Delta import GALMA,ADMA use objectGUID to like data source and CS object and compare object update time and if object update time are different , they are imported to CS object.

Q2

But how about SQLMA,LDIFMA,OracleMA ,AVPMA ,etc?

There is anchor setting for those MAs but, how MIIS and FIM detect data source change other than anchor attribute ?

Q3

About Delta sync I guessed that it compare CS object anchor and update time with Metaverse object and they are different , MV object are updated.

Is that correct ?