Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

FIM Error:: Unable to connect to Synchronization Service

0
0

Hi! after installing sharepoint 2010 foundation on Windows Server 2008 R2 Standard where there is IIS 7.0, i installed FIM Synchronization Service after successful installation when i open Synchronization Service it throws below error

Unable to connect to the Synchronization Service.

Some possible reasons are:
1) The service is not started.
2) Your account is not a member of a required security group.

See the Synchronization Service documentation for details

1) Here i have made the setspn account for the user account SPService andFIMService.

2) FIMSynchService is the user account which i am using when i am installing FIMSynchronization Service.


How to update an extension dll

0
0

Is there any documents or could someone let me know how to update an extension dll?  i have some code that needs to be updated and have never compiled one before. 

Thanks@!

Set based on expiration time is not present

0
0

Im trying to create a set that will include a date fields that i would like to check if one is not present. Obviously this can't be done through adding statements due to the lack of "is present"  & "is not present".  Would be nice to have considering the sync manager has these.  I know the below filter is for expirationtime is present...but that doesn't work either.

I received an error when trying to add this to the filter:

<Filter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Dialect="http://schemas.microsoft.com/2006/11/XPathFilterDialect" xmlns="http://schemas.xmlsoap.org/ws/2004/09/enumeration">/Person[(EmployeeType = 'Employee') and (EmergencyTerm = False) and (EmployeeEndDate &lt; fn:current-dateTime()) and (ExpirationTime,'%')]</Filter>

Thoughts?


UocDropDownList does not display values when containing international characters

0
0

Hi,

I have a dropdown Control in the FIM portal where the values specified in the attribute regular expression validation contains international characters. For example^(Administratör|Förman|Säkerhetschef)?$

When selecting this dropdown in the portal it gets empty. If I modify the validation to^(Administrator|Forman|Sakerhetschef)?$ the Control renders correctly an displays the values. I get the same behavour when values contains other chars like ( or ).

Is it possible to get around this limitation or is this by design? I have seen some other threads about using a custom resource type to solve limitation with large dropdowns containing many values. I guess that could be a solution around this as well if the identity picker Control can handle objects with international chars. But Before I go for that solution I thought I seek a simpler one if it exists.

Regards

Patrik

FIM Password Reset Portal (Error 3000) Details: System.ArgumentException: data contains an invalid number of tokens

0
0

Hello,

   I have hundreds of pilot users that can register and change their passwords in SSPR. Yet I have another pool of users that get the following 2 errors. I have checked MPR's, Sets, Object Sid's, and am not sure what the issue could be. Any assistance would be greatly appreciated.

The error page was displayed to the user.

Details:

Title:
Error

Message: An error
has occurred. Please try again, and if the problem persists, contact your help
desk or system administrator. (Error 3000)

Source:

Attributes:

Details:
System.ArgumentException: data contains an invalid number of tokens

   at
Microsoft.IdentityManagement.CredentialManagement.Portal.Gates.GateData..ctor(Byte[]
data)

   at
Microsoft.IdentityManagement.CredentialManagement.Portal.Gates.QAGateControl.Initialize(Mode
mode, Byte[] data, Byte[] settings)

   at
Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetCurrentGate()

   at
Microsoft.IdentityManagement.CredentialManagement.Portal.BasePage.ShowCurrentGate(Control
container)

   at
Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.MoveToAuthenticationGates()

   at
System.Web.UI.WebControls.Button.OnClick(EventArgs e)

   at
System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument)

   at
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,
String eventArgument)

   at
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)

CorrelationId:

RequestId:

ErrorCode:
3000

CaughtTime:
08/06/2013 06:36:45

 

Web Portal: FIM
Password Reset Portal

Session Id:
nk43lwq5lbbrpx45js0wkw45

IP Address:
10.2.32.56

 

 

The error page was
displayed to the user.

Details:

Title:
Error

Message: An error
has occurred. Please try again, and if the problem persists, contact your help
desk or system administrator. (Error 3000)

Source:

Attributes:

Details:
System.Web.HttpException: Validation of viewstate MAC failed. If this
application is hosted by a Web Farm or cluster, ensure that <machineKey>
configuration specifies the same validationKey and validation algorithm.
AutoGenerate cannot be used in a cluster. --->
System.Web.UI.ViewStateException: Invalid viewstate.

               
Client IP: 10.2.32.56

               
Port: 64616

               
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64;
Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR
3.0.30729)

               
ViewState:
P4rTx3XBg2WHUTff5SsUWRuGA20F5hJgKCn0hKPNnpul9khWSdwbdETT3aeYtTwzd2sauX012vCI6J059STaIcG/Uv/QT9Cu2irCze+iIra5PuvP8dszi0HCMveKSLxvYqntCG2FrZVuM7qLNKVHvEYV7nSdcyNbp/om44964eKdPtedTsMrnY275V7cQlBHkypiwHUF8zqzCgNPS06BTEuZ+PQG6VkKxsqvMBHfVZyE85f21sNxX/5vYSmkcDqncrHMRnO88H0DtCC0IjBc0tKAMstyLQQAp+00TnR05ebcYSCFdiFPW+ufWyQZJ18zkqiq46SW5T7qqm/1cFjotWDmJfQMUfrGRAVtICiHMOssHZsFqiYORpgwUpaCX8lOx6+SNVxUSQLFueH4dOWqWywjwMPsLIHo+aUCmmjy6JPbl1nSxv1NJUvEl0AYFhzwAWuwIfIKGEFE3qg6Y4Lg8sjKzh0ek1cuYVl56Y4/IwgV2VL25z8Y7iLfY/jNhwnI/1awDkYwqShrKGT89b64GW/Ui+OzLxS0v/SFZ5CeEciaCGamVj2Q/mkBfQyz97Cv10JZ++zTC7B96pwFpHDOa7POrNgXvyXNRDX6cLxrco0Kgp8qzhYshrCiDPq0anfQI1rauIZ70v7fNgcF86WhcxGXDo7Ydq+2b8ApNpg5LzJBxhmyFxrML5QMBJchrMJ9uOvjt8nVaOGkc30TYJbnW2qvVLGM1oDck5Zxub13viyQNokw7IJey29mjIMFuESJOOciF4eOBzyJDlzHQ/Msf1QQvHJGO7r5MItj2CBmq3z03uT85...

   --- End of inner
exception stack trace ---

   at
System.Web.UI.ViewStateException.ThrowError(Exception inner, String
persistedState, String errorPageMessage, Boolean macValidationError)

   at
System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)

   at
System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String
serializedState)

   at
System.Web.UI.HiddenFieldPageStatePersister.Load()

   at
System.Web.UI.Page.LoadPageStateFromPersistenceMedium()

   at
System.Web.UI.Page.LoadAllState()

   at
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)

CorrelationId:

RequestId:

ErrorCode:
3000

Thank you for any assistance.

Bill K,


Bill K,

state machine workflow

0
0

Hi  How can i create a state machine workflow to approve my request after 3days if my manager not approves it.

If he approves it before 3days the process has to continu.

pls help me in this.......

FIM 2010 do not sync manager attribute for disabled users.

0
0

Hi,

I am pretty much new to FIM, and exploring it further.

I would like to stop synchronizing the manager field from HR system and pushing the manager field to AD for disabled users.

Please help me with the above requirement.

Thanks

-Kunal Jain

Password Change Notification Service Installation - Error 25011 SetInfo()

0
0

I'm attempting to setup the FIM PCNS on a domain controller I'm promoting.  I'm running into an error with the installer.

Error 25011. The Forefront Identity Manager Password Change Notification Service Setup Wizard failed calling SetInfo() on the Active Directory object LDAP://CN=System,DC=domain,DC=com.
Access is denied.

I'm running the installer using the default domain admin account for this installation.


PeoplePicker showing DisplayName

0
0

Hello pips!

Does`s anybody know if it is possible to have the PeoplePicker show another attribute then DisplayName when you have selected a object?

I don`t use DisplayName on the given objecttype, and therefore the list is "empty" even though I selected one.


Regards, Remi www.iamblogg.com

Allow help desk to read password challenge questions

0
0

I know this has been asked a couple of time but I just wanted to confirm that it is not possible at this time to grant help desk users the ability to read the password challenge answers for another user.

Basically, we want to make these answers read only objects on a user profile so if someone calls in, the help desk can use this information to authenticate the caller based on their registration.  If anyone has any insight or suggestions on this scenario, please speak up!

Cheers!

What task fim operators group member can do ?

0
0

We plan to introdue FIM.

What task fim operators group member  can do ?

Is it possible to hide attributes in an RCDC if a particular value is true?

0
0
You can base the visibility of an attribute in an RCDC off of a boolean attribute by binding it to the my:Visible property:

<my:Control my:Name="PositionRef" my:TypeName="UocIdentityPicker" my:Caption="Position Reference" my:Description="%SYMBOL_PositionRefDescription_END%"my:Hint="%SYMBOL_PositionRefHint_END%" 
my:Visible="{Binding Source=object, Path=IsInChris21, Mode=TwoWay}"

Is it possible to set this using the inverse of the attribute instead? In other words, when it's true, to hide a control instead? 

Reference attribute to string on export

0
0

Hi!

Im currently configuring a way for my customer to handle telephone numbers in FIM portal. Therefore, we have created a new object /telephone. This object are then referenced from the user, a way for my customer to assign telephone objects to the users instead of writing in the number as a string on the user. This way my customer can handle number series delivered from their provider. Why we do this is because some users share phone numbers and it is a way of sorting different kinds of numbers like, fax, mobile, system number etc. These numbers are then used in export to ad, adlds, lync etc.

Anyway. Everything works great when it comes to referencing the numbers from the users. I now have a user like this: AccountName: remi - string
EmployeeID: 2222 - string
DisplayName: Remi remi - string
Mobile: 22222222 - reference

I synced all the info and the new object (/telephone) to MV and now I need a way to export a string value of "Mobile" to ex. AD/ADLDS. It doesn`t seem like a strait forward procedure though.

I have read this:http://social.technet.microsoft.com/Forums/en-US/2b529085-3368-421b-9ac1-3ba20411c55c/passing-reference-and-string-attribute-in-advanced-mapping-from-metaverse-to-active-directory

But it is not giving me any idea on how to proceed. I know how to solve this on an IMPORT rule, but not on EXPORT. The thing is that it is the FIM portal who will be authorative for all numbers so we can`t import them from elsewhere.

Now I need someone to play ball withJ



Regards, Remi www.iamblogg.com

Provisioning Sharepoint 2013 with FIM 2010R2

0
0

Hi guys,

I'm using SP2013 Ent in my enviroment and currently installed FIM 2010 R2 on a different server with SP 2013 Foundation. Is it possible to provision users from AD to SP2013 Ent portal or I need to reinstall FIM on the same portal where UPS is?

And one more sub question: I have AD users in FIM metaverse space, but when I open Users page on FIM portal I can see only FIMSERVICE account. Do I need to provision users from metaverse to FIM portal or FIM portal Users is just a group of management accounts?

Need to create a script on MIIS

0
0

Would someone help me in creating a script read from CSV file to disconnect objects form a CS, only one connector needs to be disabled from object that has 3 connectors.

I’m using MIIS server 2003 SP2, and windows Server 2003 enterprise SP2


Code question...

0
0
 Im having an issue when trying to do a check to see if an attribute is present or if the attribute has a value of not true, but when using the code snip below, the sync server returns a bunch of "extension-attribute-not-present" errors stating: Microsoft.MetadirectoryServices.AttributeNotPresentException: Attribute "Attribute1" is not present.  When i remove the "Or Not mventry("Attribute").Value = "True" Then" piece, it will run without errors, but skips accounts that should be run through the rest of the script to evaluate if the person should be termed or not.  basically, i would like to check to see if the attribute is present or not true.  Any ideas?

  If Not mventry("Attribute1").IsPresent Or Not mventry("Attribute").Value = "True" Then

PostProcessing Error on deleting a user

0
0

Hi,

I've been trying to learn how to code custom workflow activities, all to do with creating users to start with. I noticed now that when I delete any user in the FIM portal, I get a PostProcessing Error in the Request. The event Manager shows this:

System.InvalidOperationException: The system configuration is incorrect.  The target object 'b5dcb92d-7ba3-45ff-8de7-9ae18d9bf58b' cannot be found.  This can happen if the target object was deleted during the processing of this request.
   at Microsoft.ResourceManagement.Workflow.Activities.SynchronizationRuleActivity.GenerateTargetExpectedRulesList()
   at Microsoft.ResourceManagement.Workflow.Activities.SynchronizationRuleActivity.GenerateRemoveExpectedRuleEntry(ActivityExecutionContext executionContext)
   at Microsoft.ResourceManagement.Workflow.Activities.SynchronizationRuleActivity.Execute(ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

The only MPRs applied when deleting a user is "Administrators can delete non-administrators or users"

Any idea why I'm getting these errors? 

Thanks

PS: The user object does disappear from the portal albeit with that warning, but I'm worried its leaving behind entries in the SQL database

FIM Delta Import/Delta Sync not syncing attribute to Metaverse

0
0

Feel free to offer better ways to accomplish this task.

Single metaverse; mv_person

3 MAs:

- DIDS from SQL

imports cs:userPrincipalName -> mv:userPrincipalName

- Export & DIDS to o365,

exports mv:userPrincipalName -> cs:userPrincipalName

imports cs:userPrincipalName -> mv:audit_userPrincipalName

- Export to SQL audit

exports mv:audit_userPrincipalName -> cs:audit_userPrincipalName

Data flows from SQL source to o365 perfectly. o365 delta import sees the data change but does not sync the data to the metaverse. Generating a full preview works as expected. From everything I've read, I would expect a DI DS to change the data in the metaverse? 

Running a full sync catches the change and things flow as expected.

Authentication Issues with IE 10 on Windows 8 domain-joined machines

0
0

Performing some user testing this week and have noticed that users running IE 10 on Windows 8 machines joined to different domains are unable to authenticate properly with the FIM Portal.

None of the usual suspects:

  • Confirmed the issue is explicitly IE10/Win8 Enterprise/domain-joined. Can login using the same credentials on IE10/Win 8 Professional/no-domain
  • Other users using IE10/Win7 can login fine
  • The same credentials on IE10/Win7 work fine.
  • Ran through the MS instructions at http://technet.microsoft.com/en-us/library/jj863245(v=ws.10).aspx - get told that the update isn't applicable to our version of Windows.
  • Added FIM Portal site to trusted/intranet sites and with lowered security permissions

Currently running FIM 2010 R2 SP1 on WSS 3.0.

Next step is to try upgrading to SPF 2010, but not sure that will help in this case.

Anyone got any ideas?

- Ross Currie


FIMSpecialist.com | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

Creating custom workflows using powershell

0
0

I am trying to create a workflow using the FIM powershell module from codeplex.
I have created a attribute in FIM called "mygroupexpiration" and it is linked to user object.
My aim is to add current date + 90 days to "mygroupexpiration"  when user transition in to a set.
I have created transition in MPR and which in turn calls a custom workflow to add date to mygroupexpiration.

In the custom workflow, i have selected action and selected powershell module and added the following script , but in the portal request section i am getting an error that workflow was aborted.
<RequestStatusDetail xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" DetailLevel="Information" EntryTime="2013-08-07T11:09:49.4741289Z">Workflow Instance '8584232d-c896-437e-af02-39c3584ae583' was aborted.</RequestStatusDetail>

Any suggestion or help in the script is highly appreciated.

##--------------start of the script------------------

### Load the FIM PowerShell Module
###
if (-not (Get-Module FimPowerShellModule))
{
    Write-Verbose "Loading the FIM Service Config Module from: C:\CodePlex\FimPowerShellModule"
if (-not (Test-Path C:\installers\FimPowerShellModule.psm1))
{
Throw "This script requires the FimPowerShellModule from http://fimpowershellmodule.codeplex.com"
}
    Import-Module C:\installers\FimPowerShellModule.psm1 -Verbose:$false
}

Add-PSSnapin FIMAutomation -Verbose:$false

$ErrorActionPreference = 'Stop'
$ProgressPreference = 'SilentlyContinue'
$ENV:ADPS_LoadDefaultDrive = 0

$dates =([DateTime]::Now).ToString('M/d/yyyy')

### 
### Get the Target
### 
Write-Verbose ("Getting the Targetby ObjectID: {0}" -F $fimwf.TargetId.Guid)
###$Target= Export-FimConfig -CustomConfig ("*[ObjectID='{0}']" -F ###$fimwf.TargetId.Guid) | Convert-FimExportToPSObject 
$Target = Export-FIMConfig -CustomConfig [System.String]::Format("*[ObjectID='{0}']") -Uri "http://localhost:5725" | Convert-FimExportToPSObject

New-FimImportObject -ObjectType Person -State Put -AnchorPairs @{ObjectID = $Target } -Changes @(New-FimImportChange -Operation replace -AttributeName 'mygroupexpiration' -AttributeValue $dates ) -ApplyNow


##-------------End of script---------------------------

 

AdiKumar

Viewing all 4767 articles
Browse latest View live




Latest Images