Windows cannot start Forefront Identity Manager after reboot
FIM 2010 R2 SP1 Addin and extensions password reset via IntERnet?
Will the password reset addins and extensions for FIM 2010 R2 SP1 work via the internet when the FIM server is exposed to the Internet? Is there any way to get this working?
count per month requests coming to FIM Portal
Hi There,
I am creating FIM portal dashboard per month ( 30 days) report and displaying on FIM portal with statistics :
Example :
Number of Display Name Updates : 64
Number of Photo Upload: 351
Number of Extension Update:115
Number of Contact Info Update: 718
Number of New Group Creations: 132
Number of Group Modification Requests: 2142
Total End User self-services: 3522
Could you please tell me how to query using Xpath or using power shell script to fetch the count for how many request coming per month to update the (display name, telephone/phone, creation of DG and group modification).
I appreciate if anyone reply me.
Thanks in advance.
Thanks, No End.
Self-Service Password Registration
Hi,
I have configured Self-service password reset and registration for Intranet and it is working fine. However users access accessing from internet prompting for usersname and password before accessing the registration page. Is there any possibility to avoid that screen and only registration screen appear where users give their username and password to authenticate for registration. Is is possible to you basic authentication that allows to avoid typing domain name.
Regards
Sarwar
Sarwar
FIM 2010 R2 SP1 Setup query
Hi Im trying to setup a test lab for FIM 2010 R2 SP1 following will be my windows server 2008 r2 sp1 VMs
1. FIMDC --- server for domain controller
2. FIMPORTAL-- server for Fim portal server with fim service
3. FIMSYNC ---server for fim sync service
4.FIMSSPR --- server for Fim Self service portals
5.FIMEX --- server for exchange 2010
6.FIMDB --- server for fim sync and fim service databases
The service accounts are as follows
1. fimportaladmin for Fim portal in sharepoint foundation 2010
2. fimserviceadmin for FIM service
3. fimdbadmin for sql services
4. fimsyncadmin for fim synchronization service.
i have configured following SPNs and delegation but i can get the identity management portal to view itself.
Setspn.exe –S HTTP/FIMPORTAL testlab\fimportaladmin
Setspn.exe –S HTTP/fimportal.testlab.com testlab\fimportaladmin
Setspn.exe –S FIMService/fimportal testlab\fimserviceadmin
Setspn.exe –S FIMService/fimportal.testlab.com testlab\fimserviceadmin
Setspn –S MSSQLsvc/fimdb.testlab.com:1433 testlab\fimdbadmin
Setspn –S MSSQLsvc/fimdb:1433 testlab\fimdbadmin
I have delegated sharepoint (fimportaladmin) account to Fim service(fimserviceadmin) and fimserviceadmin to fimservice
I have used sharepoint app pool to use the service account (fimportaladmin) and configured machine.config to use useapppoolcredentials to true.
I disabled the custom error module in portal and seems the security token is not properly created.
I checked with kerbtray tool and no kerberos tickets were generated.
Could you please point me in right way since i am unable to view the portal itself.
Im not sure of the SPNs i have configured.
Also is there any wrong in the choosen setup like one more server for fim service.
-Dhayanandh
Service Accounts
Hello Everyone,
I would like to know the minimum number of accounts that one must have to install and work with FIM 2010 R2, from Ms documentation i can see 12 accounts which to me they seem so many.
Meshack
Can we arrange a Inbound Sync Rule and Classic rules (import to mv) extension to work together?
Is it possible for Us to combine a sync rule and a Rules extension for same MA.
We want to use an Inbound Sync Rule for an HR feed MA for 90% of attributes but also utilize extension rules to provide the commonname, samaccountname, mailnickname and useraccountcontrol attributes to the MV for this entry.
In the sync rule we would not define these 4.
In the attribute flow section of the MA properties we just define these 4 import attribute flows + MV rule extension dll.
Is this OK? Will FIM allow this duality?
P.s. useraccountcontrol is a pain as many of the new users are inactive yet require mailboxes and Exchange only likes to make mailboxes for active users!
Changing Mail Server setting on FIMService : Running Change Install vs editing Microsoft.ResourceManagement.Service.exe.config
Due to a cross forest AD/Exchange migration we are in a position where we need to update our FIMService/FIMPortal configuration as the OWA / Exchange EWS URL that the FIMService uses to send email notifications will be changing, and so will the "send" email address of the FIMService mailbox that we send notifications from.
I haven't been able to find a conclusive statement from Microsoft on how we should achieve this, but other MS forum posts that I've read suggest either updating the Microsoft.ResourceManagement.Service.exe.config file directly or running a "Change" install on the FIMService/FIMportal server. (See http://social.technet.microsoft.com/Forums/en-US/aec634d2-165e-49c9-960e-0eaa6625b040/can-mail-server-be-configure-in-fim-post-install?forum=ilm2)
I have no idea whether updating the Microsoft.ResourceManagement.Service.exe.config file is supported by Microsoft (there doesn't seem to be any recommendation either way as to whether you can or can't use this method).
A "change" install feels like the right thing to do as this feature has been built into the installer. I tried this but found the following :
The original install was FIM 2010 R2 SP1 but we have since installed patch level 4.1.3114.0. When I ran the change install it asked me for the installation media half way through (even though the only thing that was changing was the mail server address and the FIMService mailbox SMTP address). The only way I could proceed was by pointing the installer back at the original FIM 2010 R2 SP1 media, however during the process the installer then said "Copying new files" which makes me nervous as we were on a later patch level. The installer did complete successfully and after it finished the version in "Help/About" still showed as 4.1.3114.0, as did the version level when I looked at Add/Remove Programs. All seemed to be ok at this point, the FIMService was started ok, I could get into the portal, the FIM MA exports/imports/syncs all worked ok, so all seemed fine. It was just the "copying new files" that had me a little concerned.
I subsequently tried reapplying the 4.1.3114.0 patch and this turned out to be a really bad move, the installer crashed out during the database upgrade phase with an unhandled exception type error. Luckily I had backups/snapshots before I started.
So I'm in a bit of a quandary now as to whether I should just update the config file (with no clue as to whether this is supported) or go with the change install with questionmarks over file versions.
Any suggestions would be gratefully received.Mangled Portal UI (when accessed using nlb name)
Hi, my FIM portal is installed on 2 servers for Load Balancing (Windows 2012, SharePoint Foundation 2013).
When I'm accessing it by using name defined for NLB (using hardware LB) UI sometimes (approximately 50%) shows in corrupted way - similar as it was with problem: http://social.technet.microsoft.com/Forums/en-US/2165289c-e91b-477b-a1c3-f30da9467d8a/mangled-portal-ui?forum=ilm2
When I'm accessing it by using name of first or second server it always shows correctly.
It is not redirection issue this time (but I think something similar).
Any idea?
error when resetting password on SSPR
Hi,
we are experiencing some issues on SSPR. When the users try to reset, answer all the collenge question right and then input the new password, it waits for about a minute and come back with error "Error while attempting to reset password.".
On the FIM service/portal server, i can see the following the in the Event log:
====================
There was a timeout error while resetting the user's password.
Details:
System.TimeoutException: The request channel timed out while waiting for a reply after 00:00:59.9941404. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The HTTP request to 'http://<portalserver name>.local:5726/ResourceManagementService/WorkflowManager/79315438-c20b-465e-bcd6-677685f2783a/7' has exceeded the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. ---> System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest.GetResponse()
========================
I don't find a lot of information but looks like it cannot talk to back to the FIM portal for workflows but I have no idea on how to fix it.
CAn you please help?
Thanks,
FIM Problem can not import Multivalue attribute during import
i am trying to do the import for the members attribute for a group using a Extensible Connectivity 2.0 MA to import data from SQL to AD. I have created a schema which contains a multivalued attribute, I would appreciate to help with following:
1- the schema = should be like "schemaType.Attributes.Add(SchemaAttribute.CreateMultiValuedAttribute("Members", Microsoft.MetadirectoryServices.AttributeType.String));" or "SchemaAttribute.CreateMultiValuedAttribute("Member", AttributeType.Reference);"
2- would you provide the sample code of the GetImportEntries(GetImportEntriesRunStep importRunStep)
Thanks,
Loai K.Dawood
Nullifying a metaverse atttibute in an Import FlowRule extension
Hellos.
What is the trick here? I have learned that we can fiddle a null value into a MV attribute value via a SYNC Rule by assigning a never populated MV (null) attribute to the target MV attribute. This works.
How do I do something similar in my FlowRule extension. I get exception errors saying null not allowed! On the MA Properties dialog I have no option about allowing nulls or not in this "Advanced" flow.
I am trying simple stuff like:
switch (FlowRuleName)
{
case "HaagaEmployeeID":
// the MetaVerse employeeID value
if (mventry["employeeID"].IsPresent)
{
// skip if this has been already added for Haaga ou
if (mventry["ou"].Value == "Haaga")
{
// done already, no change
}
else
{
// nullify. No values for other OUs!
mventry["employeeID"].Value = null;
}
}
else ....
FIM Password Reset Portal
Hi All,
I have registered in FIM-Password Registration Portal.
After That I tried to reset the password by giving username and security questions.
when i typed the new password and clisk next its showing following error.
An error has occurred. Please try again, and if the
problem persists, contact your help desk or system administrator. (Error 3000)
The EventViewer Log is :
The error page was displayed to the user. Details: Title: Error Message: An
error has occurred. Please try again, and if the problem persists, contact your
help desk or system administrator. (Error 3000) Source: Attributes: Details:
System.InvalidProgramException: Error while performing the password reset
operation: PWUnrecoverableError at
Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,
String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId: RequestId: ErrorCode: 3000 CaughtTime: 11/13/2013 03:12:15 Web
Portal: FIM Password Reset Portal Session Id: 4pwihjadg0wftjfqi3o4eij2 IP
Address: fe80::3c8a:f29c:bb6a:bae4%10 .
Please help me out...
FIM- Password Reset Portal Error
Hi All,
I have registered in FIM-Password Registration Portal.
After That I tried to reset the password by giving username and security questions.
when i typed the new password and clisk next its showing following error.
An error has occurred. Please try again, and if the
problem persists, contact your help desk or system administrator. (Error 3000)
The EventViewer Log is :
The error page was displayed to the user. Details: Title: Error Message: An
error has occurred. Please try again, and if the problem persists, contact your
help desk or system administrator. (Error 3000) Source: Attributes: Details:
System.InvalidProgramException: Error while performing the password reset
operation: PWUnrecoverableError at
Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,
String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId: RequestId: ErrorCode: 3000 CaughtTime: 11/13/2013 03:12:15 Web
Portal: FIM Password Reset Portal Session Id: 4pwihjadg0wftjfqi3o4eij2 IP
Address: fe80::3c8a:f29c:bb6a:bae4%10 .
Please help me out...
Monitoring Management Pack...
Opper....
Skipped: No Precedence issue on export to AD from FIM MA
Hi,
I have an unexpected behaviour when changing an attribute in the AD, getting Skipped: No Precedence reported for the attribute that is changed. Some background:
I am running FIM 2010 R2 SP1. The attribute in question is the email address. The scenario is that when an employee leaves the company, we move the user to a different OU in the AD, disables the account, hide the user from the address book and changes the email address by adding a 0 in front to prevent email from been delivered to the user while in the exit OU in AD, we also change the proxy address to be the same. This is done from the FIM portal with a sync rule modifying the attributes in the AD CS. I have precedence defined in the MV for the AD on the email address and proxy address and another MA, not the FIM MA, the FIM MA is not contributing any of these attributes to the MV.
Interestingly the proxy address is modified but not the email address giving the Skipped: No Precedence message on the email attribute.
Is this expected, if so why does the proxy address gets updated but not the mail attribute?
Any help is appreciated
Thanks
Johan Marais
JkM6228
Replication b/w the forests Stopped
FIM Experts out there!
Good day :) hoping to get some trick to set the FIM back.
We have FIM 2010 sitting in between forest A and Forest B. FIM responsible to replicate all the user accounts from Forest A (2003 AD) to Forest B (2008 AD) as mailuser accounts. this seems to be working fine till a week ago.
We decommisioned couple of Forest A DCs in US and we have other DC's of forest A in a different datacenters not sure what went wrong the replicaton now d/w these two forests is stopped. Forest A user account are not being replicated as mailusers to forest B.
We have 2 mgmt agents (for delta import and delta exports may be) in FIM sync service manager which are seems to be throwing generic errors "Completed-sync errors"
When we perform the full sync it throws an error saying "LDAP authentication Failed", please refer the below event Logs
====================================================================
The management agent "<< >>" step execution completed on run profile "Delta Sync" with errors.
Additional Information
Discovery Errors : "0"
Synchronization Errors : "2"
Metaverse Retry Errors : "0"
Export Errors : "0"
Warnings : "0"
User Action
View the management agent run history for details.
=============================================================================
The management agent "<< >>" failed to run because the credentials were invalid.
User Action
Verify the credentials and configuration for the management agent.
NOTE: But the credentials we provide are correct.
====================================================================
Please suggest.
Thanks in Advance
Naveen Rao
FIM 2010 R2 to R2 SP1 update fails
Hi all,
I hope you can help me with this issue. We have a FIM 2010 R2 Sync Engine, Service and Portal running. Now I'm trying to run to install SP1 for that but it fails.
- FIM Sync Engine is no problem and patches correctly to R2 SP1
- FIM Service and Portal ends prematurly during the upgrade, leaving the database corrupted(version-1) etc.
I've run an MSI verbose logging, but that doesnt help much:
-------------------------------------------------------------------------------------------------
MSI (c) (E0:70) [10:59:25:371]: Transforming table Binary.
MSI (c) (E0:70) [10:59:25:371]: Note: 1: 2262 2: Binary 3: -2147287038
Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity
Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"XXXX" /FimServiceDatabaseName:"FIMService"
MSI (s) (44:94) [10:59:28:877]: Product: Forefront Identity Manager Service and Portal -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package
vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=XXXXX;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection
Timeout=225" /FimServiceAccountName:"XXXXXX" /FimServiceDatabaseName:"FIMService"
Action ended 10:59:28: InstallExecute. Return value 3.
Rollback starts from here.
-------------------------------------------------------------------------------------------------
I've found the following in the Microsoft.IdentityManagement.DatabaseUpgrade_tracelog.txt and I guess this is what goes wrong:
-------------------------------------------------------------------------------------------------
Microsoft.ResourceManagement Verbose: 0 : Executing Batch #: 1
DateTime=2013-11-14T13:00:10.2511860Z
Microsoft.ResourceManagement Verbose: 0 : --********************************************************
--*
DateTime=2013-11-14T13:00:10.2511860Z
Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Completed processing pre object import file DisableUsageKeywordCheck.sql.
DateTime=2013-11-14T13:00:10.2570456Z
Microsoft.ResourceManagement Verbose: 0 : Out-of-box object import : Started processing object import file ConfigurationChange1113Attribute.xml.
DateTime=2013-11-14T13:00:10.2580222Z
Microsoft.ResourceManagement Verbose: 0 : PlatformBasics is starting. IsService = 'False'.
DateTime=2013-11-14T13:00:11.0822726Z
Microsoft.ResourceManagement Verbose: 0 : Application Registered as ServiceId '2', ServicePartitionId '2'.
DateTime=2013-11-14T13:00:11.1564942Z
Microsoft.ResourceManagement Verbose: 0 : Request '' status was updated in-memory from 'NotFound' to 'Validating'.
DateTime=2013-11-14T13:00:11.7063200Z
Microsoft.ResourceManagement Verbose: 0 : Request created: 'Create Resource: 'Deferred Evaluation' Request'
<RequestParameter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xsi:type="CreateRequestParameter"><Calculated>false</Calculated><Target>35c27ca4-3925-468e-8e10-e68b5882b6b4</Target><PropertyName>UsageKeyword</PropertyName><Value xsi:type="xsd:string">Microsoft.ResourceManagement.WebServices</Value><Operation>Create</Operation></RequestParameter>
<RequestParameter xmlns:xsi="http:
DateTime=2013-11-14T13:00:13.0325428Z
Microsoft.ResourceManagement Verbose: 0 : Entered RequestDispatcher with Request Object; RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'.
DateTime=2013-11-14T13:00:13.0462152Z
Microsoft.ResourceManagement Verbose: 0 : Add request '60f2fc53-de87-4837-8139-9f3efcec3b06' to cache with RequestStatus 'Validating'.
DateTime=2013-11-14T13:00:13.0510982Z
Microsoft.ResourceManagement Information: 1 : RequestDispatcher enter processing pipeline; RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06'; Operation 'Create'; Object 'Resource'; RequestStatus 'Validating'.
DateTime=2013-11-14T13:00:13.0530514Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validating'.
DateTime=2013-11-14T13:00:13.0550046Z
Microsoft.ResourceManagement Information: 1 : ManagementPolicy: EvaluatingRights
DateTime=2013-11-14T13:00:13.0579344Z
Microsoft.ResourceManagement Information: 1 : ManagementPolicy: RightsEvaluated
DateTime=2013-11-14T13:00:17.4897452Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validating' to 'Validated'.
DateTime=2013-11-14T13:00:17.4897452Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' updates have been persisted to permanent storage.
DateTime=2013-11-14T13:00:17.5854520Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Validated'.
DateTime=2013-11-14T13:00:17.5864286Z
Microsoft.ResourceManagement Verbose: 0 : Executing initial authentication.
DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Validated' to 'Authenticating'.
DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticating' to 'Authenticated'.
DateTime=2013-11-14T13:00:17.5893584Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authenticated'.
DateTime=2013-11-14T13:00:17.5903350Z
Microsoft.ResourceManagement Verbose: 0 : Request '60f2fc53-de87-4837-8139-9f3efcec3b06' status was updated in-memory from 'Authenticated' to 'Authorized'.
DateTime=2013-11-14T13:00:17.5971712Z
Microsoft.ResourceManagement Verbose: 0 : RequestDispatcher is processing RequestIdentifier '60f2fc53-de87-4837-8139-9f3efcec3b06' for a 'Create' operation on object 'Resource' with RequestStatus 'Authorized'.
DateTime=2013-11-14T13:00:17.5981478Z
Microsoft.ResourceManagement Information: 1 : WS: Action.Create.Execute.Enter
DateTime=2013-11-14T13:00:17.6010776Z
Microsoft.ResourceManagement Error: 3 : Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message:
Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal". The conflict occurred in database "FIMService",
table "fim.BindingInternal".
DateTime=2013-11-14T13:00:18.0327348Z
Microsoft.ResourceManagement Error: 3 : Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message:
Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 547, Level 16, State 1, Procedure UpdateResource, Line 220, Message: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectValueBoolean_BindingInternal".
The conflict occurred in database "FIMService", table "fim.BindingInternal".
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Microsoft.ResourceManagement.Data.DataAccess.ProcessRequest(RequestType request)
--- End of inner exception stack trace ---
DateTime=2013-11-14T13:00:18.0405476Z
-------------------------------------------------------------------------------------------------
- I have admin rights in SQL, Sharepoint etc. Account belongs to the FIM administrators group.
- I performed an upgrade from 2010 to 2010 R2 with the same account last week.
- Sync Engine upgrades succesfully
- I've run the following match:
select * from FIMService.fim.BindingInternal INNER JOIN FIMService.fim.AttributeInternal on FIMService.fim.BindingInternal.AttributeName=FIMService.fim.AttributeInternal.Name
All BindingInternal AttributeNames are present in AttributeInternal Names.
Any of you has experienced this before?
Kind regards, Robin
Need recommendations to override a reference type HR/SQL attribute with a Portal entry during AD Export
We need to implement an override attribute flow from Portal-->MV-->AD that will overwrite themanager set from the usual HR/SQL-->MV-->(Portal-->MV)-->AD route. Themanager attribute from AD does not need to be flown back into the OverrideManager attribute in Portal using inbound SR.
Currently considering the following, and need confirmation/ suggestions for an optimum solution
Create a reference type attribute in portal, OverrideManager. In the AD Export SR use IIF statement to flow OverrideManagerto AD.manager if available otherwise use manager.
Thanks
B Sunny
Migration from ILM to FIM
Hi All,
I have a slightly odd request for migration. I am being asked to create a solution whereby FIM can initially act as a connected data source to ILM.
Essentially all new connectors will go to FIM and all old ones will be migrated over time, but the initial solution proposed is to use FIM as just another connected data source and push user add/update/deletes to FIM from ILM.
Now I know an MA doesn't exist for this, so an extensible one would need to be written to achieve this.
However, is this a good idea?
Has anyone actually done it this way, or do people just generally do a big bang, copy everything, fix up code issues, import, join and then release?
Cheers,
Martin