Configuring FIM GALSYNC where contacts already exists

January 25, 2014, 10:09 am

≫ Next: SQL 2012 Version Error while installing SCSM 2012

≪ Previous: Azure AD MA Import - completed no objects

$

0

0

I am run in the process of configuring FIM 2010R2 GALSYNC between multiple AD Forests but there are few challenges which I need to understand how FIM will react to it.

1. The environment I am trying to configure GALSYNC on used to have MIIS AD MA connectors many years back. They decided to migrate from MIIS to FIM2010. After the migration there were some issues so they stopped using FIM2010 (it was still using AD DS management agent inherited from MIIS) for GALSYNC.

2. We then moved to powershell scripts through which we manually imported and exported contacts in each domain.

3. Finally it has been decided to deploy a new FIM2010R2 machine dedicated only for the purpose of GALSYNC (which will have AD GAL management agent connector). The server is ready with the management agents ready but here is what I need to understand. If we delete the existing contacts on the target contacts OU from each forest and FIM do a new sync it will create new contacts. I know the emails will be working but there will be NDR issues if users send emails to older mails because the the routing of mail in Exchange recipients is done with the legacyExchangeDN attribute, and the legacyExchangeDN attribute is changed when you recreate the mailbox. And if leave the existing contacts as it is it will try to create duplicate mail enabled contacts or perhaps give existing contact error or something.

I know about the joiner rule mechanism which I have done manually. Is it possible that within the FIM code we can enter the joiner rule instead of the provisioning rule on the GALSYNC MA? Will FIM detect the contacts created by MIIS couple of years ago and will FIM also detect and join manually created contacts? Please advise.

---

Jimmy George

---

SQL 2012 Version Error while installing SCSM 2012

January 26, 2014, 1:40 pm

≫ Next: Configuration for fim 2010 r2 password registration language pack.

≪ Previous: Configuring FIM GALSYNC where contacts already exists

$

0

0

Hi

I get below error when installing SCSM 2012, when I already have SQL 2012\SQL 2008 SP2 on my instance.

"The SQL Server name is not running version SQL Server 2008 or SQL Server 2012. Please update it to the newest version and retry."

I tried the article to fix the sql mof file under below folder, but no success.
C:\Program Files (x86)\Microsoft SQL Server\100\Shared

mofcomp sqlmgmproviderxpsp2up.mof

Any one came aross the error?

---

Aswathy Raj

Configuration for fim 2010 r2 password registration language pack.

January 26, 2014, 9:11 pm

≫ Next: FIM 2010 R2 SP1 install on Server 2012 with Basic Deployment

≪ Previous: SQL 2012 Version Error while installing SCSM 2012

$

0

0

Hi,
 
I am trying to implement configuration for fim 2010 r2 password registration language pack.In my environment Password Registration and Password Reset portal working fine but now want to implement multi Language senario specially for Hindi Language.I installed language pack in Password Registration and Reset Machine and do some configuration for Hindi Language like first create one Set,Workflow and MPR for Hindi Language and also create Customization folder in root directory of FIM Password Registration and Reset and also create a Strings.hi-IN.Resources file in Customization folder but this is not reflected in my environment this take English Language by default.So please suggestiom me where i am wrong.
 
and also provide some setting for Hindi Language in Internet Explorer(Browser).

Regards
 
Anil Kumar

FIM 2010 R2 SP1 install on Server 2012 with Basic Deployment

January 26, 2014, 9:12 pm

≫ Next: Installing FIM Reporting in Productrion Server with mutilple portal

≪ Previous: Configuration for fim 2010 r2 password registration language pack.

$

0

0

Hello everyone,

I wondered if anyone here would be kind enough to help me connect the dots...

I am new to FIM 2010 and I am trying to get an environment up and running but I keep running into issues.

My goal is to us FIM for Password Change Management and GALSYNC.

To start the process I built 4 servers on Windows Server 2012.

Here is how I planned to build-out the environment;

Server 1

   SQL 2012 SP1 with Database feature.

   FIM 2010 R2 SP1 Synchronization Service and Sync Database.

Server 2 & 3

   FIM Service, portal, password registration and password reset.

   SharePoint 2013 Foundation (FARM)

   NLB setup with 3 virtual IP addresses ( my goal is to have two external accessible servers for redundancy to help support the change password features.

      IP1: portal.company.com (dns record)

      IP2: passwordregistration.company.com (dns record)

      IP3: passwordreset.company.com (dns record)

Server 4

   SQL 2012 sp1 with Database, Reporting and Analisys features

So for server 2&3, I installed SP2013 foundation, removed the default web site on both servers and followed the internet resources on how to create a new 2010 site using powershell and I ran the powershell commands needed to support FIM2010 R2 SP1 on Server 2012 with SharePoint 2013 Foundation.

During my sharepoint installed, I used SERVER 4 as my database server and I also used my internal CA to assign certificates for; portal.company.com, passwordreset.company.com and passwordregistration.company.com

At this point I can run the sharepoint sites from servers 1 & 2 and I can login to the just fine using HTTPS.

Here is where things start to get ugly for me...

Now, I Installed FIM2010 R2 SP1 using SERVER 4 as my database server. The installation completes and everything seem ok.

But if I go to: https://portal.company.com/identitymanagement it says that the page could not be displayed. I can get tohttps://portal.company.com and I get the login and it gets me into the SP site just fine. I can also bring uphttps://passwordreset.company.com andhttps://passwordregistration.company.com

Can anyone point out any issues with my deployment efforts? At this point I ran the uninstall, deleted the FIM database and I back tracking my steps but I have been on this for days (HARD) and I cant seem to find out whats going on.

I would really appreciate any sort of feed back on this.

Installing FIM Reporting in Productrion Server with mutilple portal

January 27, 2014, 2:44 am

≫ Next: Custom url to the portal (containing search criteria)

≪ Previous: FIM 2010 R2 SP1 install on Server 2012 with Basic Deployment

$

0

0

Hi,

I have 5 FIM Portal Server in production. I need below clarification.

Can you confirm if I can install FIM Reporting in just one server which have FIM Service installed on that?

Or

Should we run this on every FIM Service Portal [Suppose we have 5 Portal Servers]?

Can someone clarify my doubt?

I understand FIM Reporting is a component of FIM Service. So FIM Reporting installation should not depend on how many portal production architecture have, it can be installed on one of the FIM Service Server.

---

Aswathy Raj

Custom url to the portal (containing search criteria)

January 27, 2014, 4:13 am

≫ Next: FIM CM Is it possible to achieve that a Certificate Manager can initiate and execute/complete a smartcard retire workflow by himself.

≪ Previous: Installing FIM Reporting in Productrion Server with mutilple portal

$

0

0

Hi,

I want to open portal from external application on some specific object. Can I build url to the portal which will execute search for some object?

---

Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

FIM CM Is it possible to achieve that a Certificate Manager can initiate and execute/complete a smartcard retire workflow by himself.

January 27, 2014, 6:46 am

≫ Next: EscapeDNComponent

≪ Previous: Custom url to the portal (containing search criteria)

$

0

0

Hi,

I have a scenario where i would like the Certificate Managers to be able to initiate retire the smartcards.

Is that possible? What i can understand and what my have confirmed is that the execution part of the workflow must be handed over to the certificate subscriber.

Kind regards

Mikael

EscapeDNComponent

January 27, 2014, 7:10 am

≫ Next: Installing hotfix Build 4.1.3441.0: KB2832389

≪ Previous: FIM CM Is it possible to achieve that a Certificate Manager can initiate and execute/complete a smartcard retire workflow by himself.

$

0

0

Hi,

I use a display name format of lastname, firstname so I'm trying to use EscapeDNComponent to escape the comma. However, I get an error when the WF executes:

Object Reference not set to an instance of an object

If I use "DisplayName" directly, the WF generates the correct string. 

My customexpression looks like so:

EscapeDNComponent("CN=" + DisplayName)

I'm sure its bombing out at this point. If I remove the CustomExpression and do a simple "CN=" + DisplayName, the correct string is generated (but ofcourse that won't work when provisioning to AD)

Also, I'm trying to use this as part of a function evaluator which constructs the DN then passes it to the sync rule. Is there a limitation that EscapeDNComponent cannot be used inside a function evaluator?

Thanks

---

Installing hotfix Build 4.1.3441.0: KB2832389

January 27, 2014, 1:12 pm

≫ Next: Approval (send from Outlook) produce Mail lstener error

≪ Previous: EscapeDNComponent

$

0

0

Hi,

 I'm performing a green installation of FIM 2010 R2 and am looking at installing hotfix Build 4.1.3441.0:KB2832389  

 I've seen issues described by the hotfix in my lab environment, but not in the production one (yet). I have two questions:

1. Do people generally install these?
2. what's the installation process when you split the FIM service, FIM sync service and SSPR portals over 3 servers? Is the hotfix needed on all three?

thanks

---

IT Support/Everything

Approval (send from Outlook) produce Mail lstener error

January 28, 2014, 4:43 pm

≫ Next: FIM Password reset functionality

≪ Previous: Installing hotfix Build 4.1.3441.0: KB2832389

$

0

0

Hi,

I have approval proces and it works fine if approval is done from portal ut if it is done from Outlook then following error is logged:

Requestor: urn:uuid:5fc8629d-bd10-483d-a17b-ed0b842e4d84
Correlation Identifier: f3050e15-eec3-4483-967c-d2b5d7b3bee2
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
   at System.ThrowHelper.ThrowKeyNotFoundException()
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Microsoft.ResourceManagement.Query.QueryParametersGenerator.WriteRequestedAttributes()
   at Microsoft.ResourceManagement.Query.QueryParametersGenerator.BuildParameterString()
   at Microsoft.ResourceManagement.Query.QueryProcessor.BuildSqlCommand(Query objectRepresentation, Boolean countResultsOnly)
   at Microsoft.ResourceManagement.Query.QueryProcessor.ExecuteQuery(Query query, Nullable`1 maximumTime, Boolean& endOfSequence, Boolean countResultsOnly, Int64& resultCount, Int64& executionTime)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecutePullActionImpl(PullRequestParameter pullParameter)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteEnumerateAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
   --- End of inner exception stack trace ---

And "Mail listener error: Cannot process message" message is send in result to approver.

One more thing - I have such behaviour for one account (repeatable) bot for other account it is working correcly.

What should I check?

---

Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

FIM Password reset functionality

January 28, 2014, 10:32 pm

≫ Next: FIM Icons Missing

≪ Previous: Approval (send from Outlook) produce Mail lstener error

$

0

0

Experts,

During FIM design 'password reset' through SMS gateway.
If this feature is implemented I guess I will be able to meet following requirement.

1. When in company, user can click on 'forgot password' at the windows login screen and request for OTP in SMS.
2. When not in company, user can click click on 'forgot password' in FIM Portal and can request for OTP in SMS.

Kindly suggest if my understanding is correct.

Thanks,
Mann

FIM Icons Missing

January 29, 2014, 5:03 am

≫ Next: Access to the SharePoint Databases in FIM 2010

≪ Previous: FIM Password reset functionality

$

0

0

Hi,

I installed FIM 2010 R2, configured the time zone in the portal. My sync service and FIM service install went OK - the FIM architecture is spread over multiple databases.

I then went through the FIM post installation tasks of pre allocating space in the fim service and fim sync DBs as noted below:

http://technet.microsoft.com/en-us/library/hh322875(v=ws.10).aspx

I now have a lot of pages in my FIM portal which do not show with the correct images (not all, but most) Navigation works OK and I'm not seeing error messages, just a lot of missing icons.

Any advise on how to resolve this would be greatly appreciated.

Access to the SharePoint Databases in FIM 2010

January 29, 2014, 11:04 am

≫ Next: Initial smartcard PIN distribution during Enroll by email

≪ Previous: FIM Icons Missing

$

0

0

Hello,

What is the name to access to the SharePoint Databases in FIM 2010?

Serverename\##...?

Alert: Database Offline
Resolution state: New
Source: WSS_Search_SOPFIMWS2
Path:                                                    SOPFIMWS2.ad;SHAREPOINT
Last modified by: System
Last modified time: 1/28/2014 2:29:38 PM
Alert description: Database WSS_Search_SOPFIMWS2 in SQL Server instance SHAREPOINT on computer SOPFIMWS2.ad is offline/recovery pending/suspect/emergency

Thanks,

Dom

---

System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

Initial smartcard PIN distribution during Enroll by email

January 29, 2014, 12:35 pm

≫ Next: FIM Reporting extensibility not supported?

≪ Previous: Access to the SharePoint Databases in FIM 2010

$

0

0

Hi,

We have selected a centralized registration model when we defined our FIM CM enroll managent policy. In the Enroll policy we defined Server Distributed PIN. Is there any option to send the intial PIN as a email to certifcate subscriber without developing code?

Kind regards

Mikael

FIM Reporting extensibility not supported?

January 29, 2014, 2:33 pm

≫ Next: FIM support for SQL 2012 AlwaysOn

≪ Previous: Initial smartcard PIN distribution during Enroll by email

$

0

0

I have a need to extend the FIM Reporting schema to include multi-valued non-reference attributes. I read hereTechNet Article that this option is not supported.

I'd hate to jam into the portal a bunch of single valued attributed.  Does anyone know if this will be supported soon?  Does anyone have a work-around?

Some assistance would be great as I'm assuming I'm not the first to want this.

Thanks,

Peter

---

FIM support for SQL 2012 AlwaysOn

January 29, 2014, 9:07 pm

≫ Next: Urgent Help - Dynamic Group Help

≪ Previous: FIM Reporting extensibility not supported?

$

0

0

Anyone know if FIM 2010 R2 SP1 supports use of AlwaysOn under SQL 2012 as a high availability option? (For both the Sync engine and the FIM Service)

If it is supported, are there any known issues that one should be aware of?

Thanks

Urgent Help - Dynamic Group Help

January 30, 2014, 5:40 am

≫ Next: bhold attestation portal main -change in ui

≪ Previous: FIM support for SQL 2012 AlwaysOn

$

0

0

Hello All,

      I ran into a wall which creating a dynamic group using the FIM portal. I was wondering is there a way to create a Dynamic Security group which the critera is the following;

the user department must = "Department1" AND the users job titles must be one of the following jobtitle = "jobtitle1"OR jobtitle = "jobtitle2" OR jobtitle = "jobtitle3" 

bhold attestation portal main -change in ui

January 30, 2014, 5:45 am

≫ Next: FIM 2010 R2 SAP Webservice Connector

≪ Previous: Urgent Help - Dynamic Group Help

$

0

0

We have a requirement to change the user interface for Attestation Portal (used for attestation).We want to add extra columns to the page and want to pull user's attributes like location,department,designation into the portal from bhold core where they are already present.

Please can anybody suggest on this.Its an important part of our customer's requirement.

Regards

Shakti

---

shakti

FIM 2010 R2 SAP Webservice Connector

January 30, 2014, 6:32 am

≫ Next: ForeFront Administration

≪ Previous: bhold attestation portal main -change in ui

$

0

0

Hello Everyone, 

this is tough one !

so i'm trying to sync my SAP users to my AD users thorugh FIM so that i can reset the password using sspr.

i deployed all that needed to be and used the default wsconfig file to create my sap web service management agent, and this causes imports to fail.

i then noticed that the default wsconfig file has totally different naming conventions and tables than my SAP so i'm thinking i have to forget the default one i create my own ?

anyone can help understand this whole thing ?

thanks !

---

Hitch Bardawil

ForeFront Administration

January 30, 2014, 12:35 pm

≫ Next: BHOLD Default Supervisor not showing up in drop down list when trying to add a role.

≪ Previous: FIM 2010 R2 SAP Webservice Connector

$

0

0

The link Administration when logged into ForeFront is controlled by what? What needs to be set to allow the link to appear when entering into ForeFront?