I would like to copy development FIM environment to test FIM environment.

I backuped SQL2008DB of development FIM and restore DB to test FIM SQL2008 environment.

I tried to reconfigure FIM using fim installer and during that , it start to Updating connector space indexes .

It looks it take long time.

Is there any way to good way to rapidly copy development FIM environment to test FIM environment ?

If Updating connector space indexes is inevitable, how could I speed up that proccess ?

Test environment is Hyper-V guest and have a lot of CPU,memory resources.

I set max memory limit of test SQL2008 to speed up Updating connector space indexes.

or should I increase max memory of test SQL2008 ?

Hi,

We have deployed FIM 2010 R2 in our client environment.

We are facing issues in FIM Portal.  For all the authorization workflows, we have created custom approval activities.Whenever the approver approves requests in bulk (20 requests or more), the following behaviour is observed:

1. the approval response is generated and the approval status is updated in the request window as "Approved" but the request status is set to "Failed" or "PostProcessing" or "PostProcessingError".
2. The transaction running to set the value of an attribute is not completed.
3. Action workflows not running after completion of Authorization workflows.

We are not running any parallel workflows. When we have analyzed the event viewer logs on FIM Portal machine, we have got the below Warning / errors:

Administrative / Application Logs

The Forefront Identity Manager Service was not able to perform the following operation 'Resume Request 5xxxxxd9-xxxx-4c04-b18c-xxd77ccba2f8' successfully.

The Forefront Identity Manager Service will attempt execution of this operation in the future if the operation is recoverable, or will cancel the operation.  If this warning is repeated for the same operation, it is likely the Forefront Identity Manager Service will not be able to complete or cancel the operation automatically.  There may be no automated recovery for this issue.

Restart the Forefront Identity Manager Service.

Forefront Identity Manager Logs:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 13, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1205, Level 13, State 56, Procedure DoDeleteCachedRequest, Line 47, Message: Transaction (Process ID 53) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
   at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
   at Microsoft.ResourceManagement.Data.DataAccess.UpdateRequest(RequestType request, IEnumerable`1 updates)
   --- End of inner exception stack trace ---

Is this a bug or limitation for FIM Portal?
Can somebody help me to identify the issue? has anyone seen this issue earlier?

Quick response will be really helpful.

Thanks,

Sanjog

I have FIM 2010 R2 with a FIM MA and a ECMA connector to Dynamics AX which is not exporting or creating any useful errors. Imports work as expected from the connector, but exports simply fail seemingly before calling PutExportEntriesResults with no error messages other than "stopped server." I found one other post utilizing a ECMA connector that had similar export issues and a reinstallation of FIM fixed it (http://social.technet.microsoft.com/Forums/en-US/df3cb058-dde6-428b-b9e2-41570e8b4b44/fim-ecma-20-export-fails-with-stoppedserver), so I rebuilt the environment on Windows 2008 R2 instead of Server 2012, but continue to get the stopped-server errors.

Here is the code for the extension:

using System;
using System.IO;
using System.Xml;
using System.Text;
using System.Collections.Specialized;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using Microsoft.MetadirectoryServices;
using Microsoft.Dynamics.BusinessConnectorNet;
using System.Security.Principal;
using System.Data;
using NLog;

namespace FimSync_Ezma
{
    public class EzmaExtension :
    IMAExtensible2CallExport,
    IMAExtensible2CallImport,
        //IMAExtensible2FileImport,
        //IMAExtensible2FileExport,
        //IMAExtensible2GetHierarchy,
     IMAExtensible2GetSchema,
     IMAExtensible2GetCapabilities,
     IMAExtensible2GetParameters
    //IMAExtensible2GetPartitions
    {
        private int m_importDefaultPageSize = 12;
        private int m_importMaxPageSize = 1000;
        private int m_exportDefaultPageSize = 10;
        private int m_exportMaxPageSize = 20;
        public string myUser;
        public string myBcPassword;
        public string myBcUser;
        public string myDomain;
        public string myCompany;
        public string myServer;
        public string myLanguage;
        DataSet da;
        public string myFirst;
        public string myLast;
        public string myEmail;
        //public string myEmpID;
        public string myFull;
        public string myNetworkDomain;
        public string mySamAccountName;
        public object myObjectSid;
        public string myUserAccountControl;
        public string myCo;
        public string myConfigPath;

        Microsoft.Dynamics.BusinessConnectorNet.Axapta DynAx;
        Microsoft.Dynamics.BusinessConnectorNet.AxaptaRecord DynRec;

        NLog.Logger log;

        //
        // Constructor
        //

        public EzmaExtension()
        {
            log = LogManager.GetLogger("FIM-DynamicsSync");
            log.Trace("Extension Started");

            DynAx = new Axapta();
        }

        public MACapabilities Capabilities
        {
            get
            {
                MACapabilities myCapabilities = new MACapabilities();

                myCapabilities.ConcurrentOperation = true;
                myCapabilities.ObjectRename = false;
                myCapabilities.DeleteAddAsReplace = true;
                myCapabilities.DeltaImport = false;
                myCapabilities.DistinguishedNameStyle = MADistinguishedNameStyle.None;
                myCapabilities.ExportType = MAExportType.AttributeUpdate;
                myCapabilities.NoReferenceValuesInFirstExport = false;
                myCapabilities.Normalizations = MANormalizations.None;

                return myCapabilities;
            }
        }

        /// <summary>
        /// This Function describes the configuration parameters that will be 
        /// required by the management agent to successfully make a connection to the call based system,
        /// for example a webservice.
        /// </summary>
        /// <param name="configParameters"></param>
        /// <param name="page"></param>
        /// <returns></returns>
        public IList<ConfigParameterDefinition> GetConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                            ConfigParameterPage page)
        {
            log.Trace("Getting Config Parameters");

            List<ConfigParameterDefinition> configParametersDefinitions = new List<ConfigParameterDefinition>();

            switch (page)
            {
                case ConfigParameterPage.Connectivity:

                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("User Name", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("bcUser", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("bcPassword", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Domain", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Company", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Server", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("Language", ""));
                    configParametersDefinitions.Add(ConfigParameterDefinition.CreateStringParameter("ConfigPath", ""));
                    break;


                case ConfigParameterPage.Global:
                    break;

                case ConfigParameterPage.Partition:
                    break;

                case ConfigParameterPage.RunStep:
                    break;
            }

            return configParametersDefinitions;
        }

        public ParameterValidationResult ValidateConfigParameters(KeyedCollection<string, ConfigParameter> configParameters,
                                                                   ConfigParameterPage page)
        {


            ParameterValidationResult myResults = new ParameterValidationResult();

            return myResults;

        }

        /// <summary>
        /// This function describes the Schema pertaining to an object in the external 
        /// system. It contains attributes for a relevantobject in the external system,
        /// for example fields/columns of a table.
        /// </summary>
        /// <param name="configParameters"></param>
        /// <returns></returns>
        public Schema GetSchema(KeyedCollection<string, ConfigParameter> configParameters)
        {
            log.Trace("Getting Schema");

            Microsoft.MetadirectoryServices.SchemaType personType = Microsoft.MetadirectoryServices.SchemaType.Create("Person", false);

            myUser = configParameters["User Name"].Value;
            myBcPassword = configParameters["bcPassword"].Value;
            myBcUser = configParameters["bcUser"].Value;
            myDomain = configParameters["Domain"].Value;
            myCompany = configParameters["Company"].Value;
            myServer = configParameters["Server"].Value;
            myLanguage = configParameters["Language"].Value;
            myConfigPath = configParameters["ConfigPath"].Value;

            var myData = this.DynAXSchema(myUser, myBcPassword, myDomain, myServer, myCompany, myLanguage);

            foreach (var item in myData)
            {
                log.Trace("Item: {0}", item.ToString());

                if ("networkalias" == item.ToLower())
                {
                    log.Trace("anchor attribute");
                    personType.Attributes.Add(SchemaAttribute.CreateAnchorAttribute(item, AttributeType.String));
                }
                else if ("objectsid" == item.ToLower())
                {
                    personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute(item, AttributeType.Binary));
                }
                else
                {
                    personType.Attributes.Add(SchemaAttribute.CreateSingleValuedAttribute(item, AttributeType.String));
                }
            }


            Schema schema = Schema.Create();
            schema.Types.Add(personType);

            log.Trace("Schema Created");

            return schema;

        }

        /// <summary>
        /// Creates a custom schema
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <param name="domain"></param>
        /// <param name="server"></param>
        /// <param name="company"></param>
        /// <param name="language"></param>
        /// <returns></returns>
        /// <remarks>
        /// <para>Created the custom schema from the documentation - http://msdn.microsoft.com/en-us/library/aa596081(v=ax.50).aspx </para>

        /// </remarks>
        public List<string> DynAXSchema(string username, string password, string domain, string server, string company, string language)
        {
            //System.Net.NetworkCredential nc = new System.Net.NetworkCredential(username, password);
            //DynAx.LogonAs(username, domain, nc, company, language, server, null);

            log.Trace("Setting up Schema");

            var results = new List<string>();


            results.Add("id");
            results.Add("name");
            //results.Add("email");
            //results.Add("enable");
            results.Add("company");
            results.Add("objectSid");
            results.Add("networkDomain");
            results.Add("networkAlias");
            //results.Add("externalUser");


            return results;
        }

        /// <summary>
        /// This function is used to implement logic for connecting to the 
        /// external system when an import run is executed in FIM 2010 Synchronization Service. 
        /// </summary>
        /// <param name="configParameters"></param>
        /// <param name="types"></param>
        /// <param name="importRunStep"></param>
        /// <returns></returns>
        public OpenImportConnectionResults OpenImportConnection(
                                       KeyedCollection<string, ConfigParameter> configParameters,
                                       Schema types,
                                       OpenImportConnectionRunStep importRunStep)
        {
            log.Trace("Open Import Connection");

            myUser = configParameters["User Name"].Value;
            myBcPassword = configParameters["bcPassword"].Value;
            myBcUser = configParameters["bcUser"].Value;
            myDomain = configParameters["Domain"].Value;
            myCompany = configParameters["Company"].Value;
            myServer = configParameters["Server"].Value;
            myLanguage = configParameters["Language"].Value;
            myConfigPath = configParameters["ConfigPath"].Value;

            log.Trace("read config values");
            log.Trace("Config Params - User {0} | Password Length {1} | Domain {2} | Company {3} | Server {4} | Language {5}", myUser, myBcPassword.Length.ToString(), myDomain, myCompany, myServer, myLanguage);

            System.Net.NetworkCredential nc = new System.Net.NetworkCredential(myBcUser, myBcPassword, myDomain);

            log.Trace("setup Network Credentials using the User:{0}", nc.UserName);

            DynAx.LogonAs(myUser, myDomain, nc, myCompany, string.IsNullOrEmpty(myLanguage) ? null : myLanguage, string.IsNullOrEmpty(myServer) ? null : myServer, string.IsNullOrEmpty(myConfigPath) ? null : myConfigPath);

            log.Trace("Open Import Connection Called");

            return new OpenImportConnectionResults();
        }

        /// <summary>
        /// This function is executed when an import run is executed on FIM 2010 
        /// Synchronization Service. In this function you should program the logic to import Adds, 
        /// Deletes and Updates to the data into FIM 2010 Connector Space etc.  
        /// </summary>
        /// <param name="importRunStep"></param>
        /// <returns></returns>
        public GetImportEntriesResults GetImportEntries(GetImportEntriesRunStep importRunStep)
        {
            GetImportEntriesResults importReturnInfo = new GetImportEntriesResults();
            List<CSEntryChange> csentries = new List<CSEntryChange>();

            try
            {
                using (AxaptaRecord users = DynAx.CreateAxaptaRecord("UserInfo"))
                {
                    users.ExecuteStmt("select * from %1");
                    while (users.Found)
                    {
                        CSEntryChange csentry1 = CSEntryChange.Create();
                        csentry1.ObjectModificationType = ObjectModificationType.Add;
                        csentry1.ObjectType = "Person";

                        var userName = users.get_Field("name");
                        //string[] sep = { " " };
                        //var part = userName.ToString().Split(sep, StringSplitOptions.None);
                        var stringSid = users.get_Field("sid").ToString();
                        byte[] binarySid = new byte[] { 00 };
                        log.Trace("Mapping Dynamics Data to FIM for {0}, objectSid {1}", userName, stringSid);

                        if (stringSid != "")
                        {
                            var dynamicsSid = new SecurityIdentifier(stringSid);
                            binarySid = new byte[dynamicsSid.BinaryLength];
                            dynamicsSid.GetBinaryForm(binarySid, 0);
                        }

                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("name", userName));
                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("company", users.get_Field("company")));
                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("networkAlias", users.get_Field("networkAlias")));
                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("networkDomain", users.get_Field("networkDomain")));
                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("id", users.get_Field("id")));
                        csentry1.AttributeChanges.Add(AttributeChange.CreateAttributeAdd("objectSid", binarySid));

                        //log.Trace("Mapping Dynamics Data to FIM for {0}", userName);

                        csentries.Add(csentry1);
                        users.Next();
                    }
                }
            }

            catch (Exception ex)
            {
                log.Trace("Error encountered: {0}", ex.Message);
            }

            //importReturnInfo = new GetImportEntriesResults();
            importReturnInfo.MoreToImport = false;
            importReturnInfo.CSEntries = csentries;
            return importReturnInfo;
        }

        /// <summary>
        /// This function is executed when animport run has been executed 
        /// completely with or without errors. In this function you should program the logic for closing 
        /// the connection anythingthat is required before or after closing. 
        /// </summary>
        /// <param name="importRunStepInfo"></param>
        /// <returns></returns>
        public CloseImportConnectionResults CloseImportConnection(CloseImportConnectionRunStep importRunStepInfo)
        {
            log.Trace("Closing Import Connection");
            DynAx.Logoff();
            return new CloseImportConnectionResults();
        }

        public int ImportMaxPageSize
        {
            get
            {
                return m_importMaxPageSize;
            }
        }

        public int ImportDefaultPageSize
        {
            get
            {
                return m_importDefaultPageSize;
            }
        }

        /// <summary>
        /// This function is used to implement logic for connecting to the 
        /// external system when an export run is executed in FIM 2010 Synchronization Service. 
        /// </summary>
        /// <param name="configParameters"></param>
        /// <param name="types"></param>
        /// <param name="exportRunStep"></param>
        public void OpenExportConnection(KeyedCollection<string, ConfigParameter> configParameters,
                            Schema types,
                            OpenExportConnectionRunStep exportRunStep)
        {
            log.Trace("Open Export Connection");

            myUser = configParameters["User Name"].Value;
            myBcPassword = configParameters["bcPassword"].Value;
            myBcUser = configParameters["bcUser"].Value;
            myDomain = configParameters["Domain"].Value;
            myCompany = configParameters["Company"].Value;
            myServer = configParameters["Server"].Value;
            myLanguage = configParameters["Language"].Value;
            myConfigPath = configParameters["ConfigPath"].Value;

            System.Net.NetworkCredential nc = new System.Net.NetworkCredential(myBcUser, myBcPassword, myDomain);

            log.Trace("setup Network Credentials using the User:{0}", nc.UserName);

            try
            {
                DynAx.LogonAs(myUser, myDomain, nc, myCompany, string.IsNullOrEmpty(myLanguage) ? null : myLanguage, string.IsNullOrEmpty(myServer) ? null : myServer, string.IsNullOrEmpty(myConfigPath) ? null : myConfigPath);
            }
            catch (Exception ex)
            {
                log.ErrorException("Exception on export connection:", ex);
                log.Trace("Session ID: {0}", DynAx.Session().ToString());
           }
        }

        /// <summary>
        /// This function is executed when an export run is executed on FIM 2010 
        /// Synchronization Service. In this function you should program the logic to export Adds, 
        /// Deletes and Updates to the data from the FIM 2010 Connector Space to the External System. 
        /// </summary>
        /// <param name="csentries"></param>
        /// <returns></returns>
        public PutExportEntriesResults PutExportEntries(IList<CSEntryChange> csentries)
        {
            log.Debug("Entering method PutExportEntries");
            log.Debug("Count of csentries {0}", csentries.Count.ToString());
            PutExportEntriesResults exportEntriesResults = new PutExportEntriesResults();
            log.Trace("In PutExportEntriesResults");

            

            foreach (CSEntryChange csentryChange in csentries)
            {
                List<AttributeChange> attributeChanges = new List<AttributeChange>();
                //csentryChange.ErrorCodeExport = MAExportError.Success; //Default State
                if (csentryChange.ObjectType == "Person")
                {
                    try
                    {
                        log.Trace("Currently performing modification type {0}", csentryChange.ObjectModificationType.ToString());
                        switch (csentryChange.ObjectModificationType)
                        {

                            case ObjectModificationType.Add:

                                //User Creation Code
                                var myId = GenerateId(mySamAccountName.Substring(0, 4));
                                createUser(csentryChange, myId);
                                attributeChanges.Add(AttributeChange.CreateAttributeUpdate("id", myId));
                                exportEntriesResults.CSEntryChangeResults.Add(CSEntryChangeResult.Create(csentryChange.Identifier, attributeChanges, MAExportError.Success));
                                break;
                            case ObjectModificationType.Delete:
                                //User Deletion Code
                                break;
                            case ObjectModificationType.Update:

                            case ObjectModificationType.Replace:
                                //User Update Code in our case does both the update and replace functions in the process
                                break;

                            default:
                                break;
                        }

                    }
                    catch (Exception ex)
                    {
                        //csentryChange.ErrorCodeExport = MAExportError.ExportErrorConnectedDirectoryError;//if any error occur it will throw a connected directory export error
                        log.ErrorException("Failure with adding  a user", ex);
                    }
                }
                exportEntriesResults.CSEntryChangeResults.Add(CSEntryChangeResult.Create(csentryChange.Identifier, attributeChanges, MAExportError.Success));
            }

            log.Trace("Putting export entry results");

            return exportEntriesResults;
        }


        /// <summary>
        /// This function is executed when an export run has been executed 
        /// completely with or without errors. In this function you should program the logic for closing 
        /// the connection anythingthat is required before or after closing. 
        /// </summary>
        /// <param name="exportRunStep"></param>
        public void CloseExportConnection(CloseExportConnectionRunStep exportRunStep)
        {
            DynAx.Logoff();


        }

        public int ExportDefaultPageSize
        {
            get
            {
                return m_exportDefaultPageSize;
            }
            set
            {
                m_exportDefaultPageSize = value;
            }
        }

        public int ExportMaxPageSize
        {
            get
            {
                return m_exportMaxPageSize;
            }
            set
            {
                m_exportMaxPageSize = value;
            }
        }

        /// <summary>
        /// </summary>
        /// <param name="userAccountControl"></param>
        /// <returns></returns>
        private bool DetermineIfAccountIsEnabled(string userAccountControl)
        {
            int flags = 0;
            int.TryParse(userAccountControl, out flags);

            if (!Convert.ToBoolean(flags & 0x0002))
            {
                return true;
            }
            else
            {
                return false;
            }
        }

        /// <summary>
        /// </summary>
        /// <param name="baseId"></param>
        /// <returns></returns>

        private void createUser(CSEntryChange csentryChange, string myId)
        {
            // Data Consistency checking for required Attributes
            foreach (string attrib in csentryChange.ChangedAttributeNames)
            {
                log.Trace("attrib {0}", attrib.ToString());
                switch (attrib)
                {
                    //case "firstName":
                    //    myFirst = csentryChange.AttributeChanges["firstName"].ValueChanges[0].Value.ToString();
                    //    break;

                    //case "lastName":
                    //    myLast = csentryChange.AttributeChanges["lastName"].ValueChanges[0].Value.ToString();
                    //    break;

                    //case "email":
                    //    myEmail = csentryChange.AttributeChanges["email"].ValueChanges[0].Value.ToString();
                    //    break;

                    //case "employeeID":
                    //    myEmpID = csentryChange.AttributeChanges["employeeID"].ValueChanges[0].Value.ToString();
                    //    break;

                    //case "samAccountName":
                    //    mySamAccountName = csentryChange.AttributeChanges["sAMAccountName"].ValueChanges[0].Value.ToString();
                    //    break;

                    case "networkDomain":
                        myNetworkDomain = csentryChange.AttributeChanges["networkDomain"].ValueChanges[0].Value.ToString();
                        break;

                    case "objectSid":
                        myObjectSid = TransformSid(csentryChange.AttributeChanges["objectSid"].ValueChanges[0].Value.ToString());
                        break;

                    case "name":
                        myFull = csentryChange.AttributeChanges["name"].ValueChanges[0].Value.ToString();
                        break;

                    //case "userAccountControl":
                    //    myUserAccountControl = csentryChange.AttributeChanges["userAccountControl"].ValueChanges[0].Value.ToString();
                    //    break;

                    case "company":
                        myCo = csentryChange.AttributeChanges["company"].ValueChanges[0].Value.ToString();
                        break;

                    default:
                        log.Trace("Skipping Attribute {0}", attrib.ToString());
                        break;
                }
            }
            // if (csentryChange.AttributeChanges["DisplayName"].ValueChanges[0].Value == null)
            // {
            // csentryChange.ErrorCodeExport = MAExportError.ExportErrorMissingAnchorComponent;
            // throw new Exception("The CSEntry Attribute Value for DisplayName does not exist, please ensure that the value is present in the connector space");
            // }
            // if (csentryChange.AttributeChanges["uid"].ValueChanges[0].Value == null)
            // {
            // csentryChange.ErrorCodeExport = MAExportError.ExportErrorMissingAnchorComponent;
            // throw new Exception("The CSEntry Attribute Value for UsageLocation does not exist, please ensure that the value is present in the connector space");
            // }

            log.Trace("Adding user to FIM - {0}", mySamAccountName);
            using (AxaptaRecord user = DynAx.CreateAxaptaRecord("UserInfo"))
            {
                try
                {
                    log.Trace("Values being Added. Name {0} | Company {1} | Id {2} | network Domain {3} | network Alias {4} | object Sid {5}",
                                                myFull, myCo, myId, myNetworkDomain, myNetworkDomain, mySamAccountName, myObjectSid.ToString());

                    user.set_Field("name", myFull);
                    //user.set_Field("company", myCo);
                    user.set_Field("id", myId);
                    user.set_Field("networkDomain", myNetworkDomain);
                    user.set_Field("networkAlias", mySamAccountName);
                    user.set_Field("sid", myObjectSid);
                    //user.set_Field("enabled", 1);
                    user.Insert();

                    log.Trace("Committed Add");
                }
                catch (Exception ex)
                {
                    //csentryChange.ErrorCodeExport = MAExportError.ExportErrorConnectedDirectoryError;
                    log.ErrorException("Failure with adding  a user", ex);
                }

            }

        }

        private string GenerateId(string baseId)
        {
            using (AxaptaRecord user = DynAx.CreateAxaptaRecord("UserInfo"))
            {
                string query = string.Format("select * from %1 where id = {0} ", baseId);
                DynAx.ExecuteStmt(query, user);

                if (string.IsNullOrEmpty(user.get_Field("Name").ToString()))
                {
                    return baseId;
                }
                else
                {
                    var firstThreeCharacters = baseId.Substring(0, 3);
                    var lastCharacter = baseId.Substring(3, 1);

                    int hold = 0;
                    int.TryParse(lastCharacter, out hold);
                    hold++;

                    return GenerateId(firstThreeCharacters + hold.ToString());
                }


            }
        }

        /// <summary>
        /// </summary>
        /// <param name="baseId"></param>
        /// <returns></returns>
        /// 
        private string TransformSid(string mvSid)
        {
            if (string.IsNullOrEmpty(mvSid))
            {
                return mvSid;
            }
            else
            {
                byte[] binarySid = Convert.FromBase64String(mvSid);
                var sddlSid = new SecurityIdentifier(binarySid, 0);
                log.Trace("Metaverse: Writing objectSid value {0}", sddlSid.AccountDomainSid.ToString());

                return TransformSid(sddlSid.AccountDomainSid.ToString());
            }
        }

    };



}

Hi,

We are planning to do full user provisioning with FIM 2010 R2 and send the password via SMS to the user's mobile phone registered on the HR system.  We are currently doing provisioning, but only part of it, the service desk completes the commissioning of new users.  We want to reduce the service desk involvement in the provisioning process.

I was thinking that it should be possible similar to how the OTP via SMS works for SSPR.  Can this WF activity be used for this? or would one need to write a new WF activity for this? Or better yet, is there already a WF activity which will do this?

Any help is appreciated.

Thanks

Johan Marais

JkM6228

Hi All,

I am getting a stopped-server error on export from the FIM MA.  This doesn't happen with every run, but at random times, for example everything will run fine for 3 - 4 days and the suddenly this error.  It almost seems like a buffer problem.  Interestingly, I can still do an import on the FIM MA as well as sync.  It is only the export that fails with this error. The only way to recover from this is to start all the servers in the solution.

This is a production deployment running on three servers with Windows Server 2012 and Share Point 2013. The FIM version is 2010 R2.

The following is logged in the application log on the synchronization server:

The management agent controller encountered an unexpected error.
 
"BAIL: MMS(19764): d:\bt\2172\private\source\miis\ma\managed\manhost\manhost.cpp(2089): 0x80230709 (unable to get error text)
BAIL: MMS(19764): d:\bt\2172\private\source\miis\ma\managed\nathost\nathost.cpp(837): 0x80230020 (unable to get error text)
BAIL: MMS(19764): d:\bt\2172\private\source\miis\cntrler\cntrler.cpp(3677): 0x80230020 (unable to get error text)
BAIL: MMS(19764): d:\bt\2172\private\source\miis\ma\managed\manhost\manhost.cpp(2114): 0x80230709 (unable to get error text)
BAIL: MMS(19764): d:\bt\2172\private\source\miis\ma\managed\nathost\nathost.cpp(869): 0x80230709 (unable to get error text)
Forefront Identity Manager 4.1.3114.0"

Have looked at various posts for this type of error but is not closer to a solution.  I am also not sure what is happening to cause this. 

Has anyone else experienced this or knows why this happens?  Where can one get explanation of the MMS BAIL error codes?

Thank you

Johan Marais

JkM6228

Hi,

I am back with the dreaded failed-modification-via-web-services error when exporting the FIM MA. Below is the detailed error description form the FIM MA error:

"Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Reraised Error 2627, Level 14, State 1, Procedure DoEvaluateRequestInner, Line 1073, Message: Violation of PRIMARY KEY constraint 'PK__#B7A75C2__5330D077D2B88198'. Cannot insert duplicate key in object'dbo.@transitionOutApplicableRuleBuffer'. The duplicate key value is (13859, 1264507, 147).
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader()
   at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)
   --- End of inner exception stack trace ---
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource><AdditionalTextDetails>Request could not be dispatched.</AdditionalTextDetails></DispatchRequestAdministratorDetails><CorrelationId>0fcee2a4-5607-4e4f-8042-ad0bada98b14</CorrelationId></DispatchRequestFailures>"

What is interesting to me is that if I modify one of the attributes directly in the FIM portal which was in the export to the portal, all the MPRs apply and the error goes away.  Also interesting is that if I create another similar user in AD and perform exactly the same steps on that users I don't get the failed-modification-via-web-services error on that user!

Now it seems that there are a few users with this problem.  When looking at the requests on the user object in the FIM portal I see this:

Is it possible that a previous request is stuck somewhere? and can this be removed or rectified in some way?

Thanks

Johan Marais

JkM6228

Hi,

I have added a new attribute to the FIM schema which is mapped to the "Group" type. Is it possible to assign a default value to this attribute, so that whenever a group is created this attribute has some default value?

I know this can be done using sets and MPRs, but I really would like to do this by setting a default value on the attribute itself.

Thanks

I thought , Import(StageOnly) and Export read,write each MAs Connector Space tables and deadlock will not happen.

Is it OK to run mutiple MAs Import(StageOnly) and Export at same time if server performance is OK ?

Hi,

I have a database with users and groups and a domain (one forest one domain with level 2008 R2) with users and groups

Users and groups are projected from the database to the metaverse.

Groups are provisioned to AD by FIM, whereas users are joined. I'm not using the portal only sync service.

In the metaverse, a group has 3000 members but in Active Directory only 158.

If I can take one user that should be in the AD group but is not:

• I can see that the user has a connector to AD.
• I can see that the user is member of the group (by looking at its GUID)

I have done several Full import/Full synchronization from AD or the database, or just by using the preview/commit feature. I even suppress the whole connector space but nothing changed.

I'm using FIM 2010 build 4.0.3594.2.

Do you have any ideas?

Tim Macaulay Security Identity Support Team Support Escalation Engineer

Hi,

I'm trying to download the 180 day trial version of FIM 2010 R2 but I always end up at the virtual lab page for FIM 2010 R2.

Would anyone know if the trail version is still downloadable from Microsoft or whether the virtual lab is all that's available for evaluation?

Cheers,

Soon

Hello,

i need to export country and country code from to AD . 

is there a solution to automate the calculation of the country code based on coutry selection ? 

Thanks

Hi,

Having an Issue with Security Group nesting in FIM as follows:

Domain B trusts Domain A

In FIM security groups i'm attempting to add a domain global group from Domain A into a domain local group in Domain B using manually managed memberships. This is possible directly in AD.  Initially FIM doesn't complain and the operation completes, however, on returning to the members tab after submitting the request the group from Domain A now shows as an invalid member.  The RCDC dialogue states that 'Current members who do not meet Active Directory criteria for membership in this group' are invalid members, but of course this is not the case as you can nest a global from Domain A into the local in Domain B in AD.

Any ideas??  Is this a Foreign Security Principle issue?

If you have resolved this please shed some light but do not refer me to the Cross-Forest Management Deployment guide, as like several others this guide doesn't make easy reading or understanding

 Thanks

Rob

I am following the document "How do I synchronize Groups from Active Directory Domain Services to FIM"

This mentions creating a custom expression on the inbound sync rule as below

CustomeExpression - (IIF(Eq(BitOr(14,groupType),14),"Distribution","Security"))

For some reason everytime I try this, I receive the error "The Function named could not be located"

All these functions are built-in and not ones you need to build yourself....so I'm at a bit of a loss.....any ideas?

I am in the process of deploying the SSPR client for my originization and during one of the pilot test I came across a generic error. "An error occured when attempting to reset your password, please try again." I found an error in the event logs but couldn't find much information about it.

Microsoft.ResourceManagement: The web service client has encountered the following class of error: IdentityIsNotFound
Details: Additional Text Details: The requestor’s identity was not found.
Correlation Identifier: 5bfb462b-201a-40ed-9882-c93723ce0088
Failure Message:
Request Identifier:

The reason this is confusing to me is becuase, in our environment we have two servers with web services running with a load balancer. When I point directly to one server the reset will work from one computer, then I go to a different computer point the reset to the same server and it will fail. If a point the second computer to the other server the reset will work. To kind of draw it out: Computer:A reset works with Server:A; Computer:B reset works with Server:B. The reset doesn't work if Computer:A is pointed to Server:B or Computer:B is pointed to Server:A.

We use MIIS for galysnc.

We use GALMA, and usually during MV object deletion cause GALMA CS object deletion by deprovisioning rule.

But in somehow, I found there were several unneeded GALMA normal disconnectors which do not have relatee MV object.

How could I delete those abandoned CS objects of GALMA without any negative impact to current MIIS ?

We are looking at implementing Forefront Identity Management.

I have two questions regarding FIM. One is about licensing and the other is technical.

The first question, the licensing data sheet says that you need a cal for every user account managed by FIM, it also states you need a cal for every smartcard managed by FIM. Here smart cards are our primary means of two factor authentication. So is that one or two cals per user based on the fact that every user has an account and every user has a smart card to go with the account.

Second question and I have researched this but been unable to find a definite answer. I know Forefront Identity manager can be used with filters to move user and computer accounts. My question is with those filters and some customization can I use Forefront to query find stale/inactive user/computer accounts and then both move them to another OU and disable them. The organization is looking for an alternative way to powershell to automate this.

Ric

Ric Nagy

I've been trying to get PCNS up and running at a customer site. It was working fine to the old ILM server, but I cannot get it to connect to the new FIM server. The PCNS target for the FIM server seems to be fine the SPNs look ok. There is a firewall in between the servers.

I get a couple different error messages about the RPC server:

Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com