Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

SQL Deadlock after deleting person object in FIM portal

0
0

Hello everybody,

I have an issue on FIM portal after deleting person object.

On FIM Portal, I have an error message: access denied.

I'm on 4.1.3496.0 version.

On event viewer, I see following deadlock:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 1205, Level 13, State 51, Procedure CalculateRequestSetTranstionsMembershipConditionEvaluation, Line 2298, Message: Transaction (Process ID 54) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)

at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)

at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()

at System.Data.SqlClient.SqlDataReader.get_MetaData()

at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)

at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)

at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)

at System.Data.SqlClient.SqlCommand.ExecuteReader()

at Microsoft.ResourceManagement.Data.DataAccess.DoRequestCreation(RequestType request, Guid cause, Guid requestMarker, Boolean doEvaluation, Int16 serviceId, Int16 servicePartitionId)

--- End of inner exception stack trace ---

Did you ever see that ?

Thank you.

Antho


SSPR with google chrome

0
0

Hello, 

I'am using SSPR with google chrome browser and i'am pormpted , when i click OK without writing anything it's ok. 

With IE i'am not prompted 

Any idea about kerberos and google chrome ??

Thanks

2 gateway, How to use it in "TMG"? help

0
0

I have two providers for internet:

1- ADSL
2- FiberLine

I want to make group of users be on the Fiber line, remaining on the ADSL line.

Using forefront TMG>>>>>

by use ISP Redundancy or other, I don't care, it is important to identify each user on line what I want for each users.

Possible? if yes,,, how?~~~

thanks

Can FIM directly manage the Distribution Groups exists on O365

0
0

There are few Distribution Groups on O365(which is on Cloud) andthese Distribution groups are not in Active Directory.

so CAN FIM directly manage those distribution Groups exist on O365(which is on cloud).

please suggest some thing.

Datacard IDCentre Gold supported for smartcard printing?

0
0

Hi all

Quick question... I know that Datacard IDWorks Enterprise is supported for FIMCM when using with smartcard printing, but the question is, is Datacard IDCentre Gold also supported? For what I've heard, they are the same product.

Sending Notification to FIM ADMIN when the new user has been created in FIM

0
0

My scenario is that when the new user is created in the Forefront Identity Manager then the administrator should get the alert in his mail box that the new user has been created.

Please guide me with the proper steps.

Your response will be higly appreciated

Regards,

Aman Khanna

Full export CSV file

0
0

Hello, 

I have a CSV management agent,  i know that we can only do a delta export. 

How without using SSIS can i run a full export in the csv file ? 

Any idea 

FIM Self-Service Password Reset Stats and Reports.

0
0

Hi,

I am looking for a way to extract stats/reports for a customer around Self-Service Password Reset of ROI information.

e.g.

1.How many users have registered

2.List of account and displayname of users that have registered.

2.List of account and displayname of users that have not registered yet

3.  How many user have successfully been able to reset there passwords for the week/month

4.Nice to have would be a more detailed report on password resets. e.g time of day, resets per day etc.

This customer does not have the FIM Reporting component installed and need to extract this from the FIM service DB.

Any info would be appreciated.

 


Creating Mail enabled users using FIM

Microsoft TechNet Wiki FIM Guru - Winners for January!!

0
0

The results for January's TechNet Guru competition were posted!

http://blogs.technet.com/b/wikininjas/archive/2014/02/16/technet-guru-awards-january-2014.aspx


Post your FEBRUARY contributions here:

http://social.technet.microsoft.com/wiki/contents/articles/22885.technet-guru-contributions-for-february.aspx


A great big thank you to EVERYONE who contributed an article to last month's competition.

Hopefully we will see you ALL again in this month's listings?

Unfortunately, forum restrictions have prevented me from posting the winners here.

You will find the complete post, comments and feedback on the main announcement post.

Please join the discussion, add a comment, or suggest future categories.

If you have not yet contributed an article for this month, and you think you can write a more useful, clever, or better produced wiki article than last month's winners, here's your chance! :D

Best regards,
Pete Laker

More about the TechNet Guru Awards:



#PEJL

Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and onlyTechNet Wiki, for future generations to benefit from! You'll never get archived again!

If you are a member of any user groups, please make sure you list them in the Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.

Why is Domain required for an identity in the FIM Service?

0
0

I have a scenario where FIM is managing identity, but not all identities have an Active Directory account. I have a flag in the FIM Portal (Service) that indicates if a particular user is entitled to an AD account or not. My provisioning setup adds or removes the AD account as appropriate. To support FIM Portal activities for those that do have AD accounts, I populate AccountName, Domain, and ObjectSID in the FIM Service from their corresponding attributes in AD.

What I have noticed is that it does not seem possible to null out or delete the Domain attribute for a user in the FIM Service. I can delete the attributes for both AccountName and ObjectSID without issues.

When attempting to remove the Domain attribute for a user I get the following in the event logs:

Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.

I assume that something internal to the FIM Service is trying to do some magic with validating the domain name and the domain configuration. I did found a post saying, “Yeah, you have to populate Domain”:

http://social.technet.microsoft.com/Forums/en-US/f207caa9-3a6f-4f2d-8461-a83777280803/fim-service-ma-export-failedmodificationviawebservices-error?forum=ilm2

My question is why is Domain required for a user? It is obviously needed for users that have AD accounts an must authenticate with the Portal, but in the case where a user does not have an account (and therefore does not have a domain), it feels odd to store the incorrect data for the user. It also looks weird when you bring up list of users in the portal and see domain values for users that do not have accounts. In this particular case, the client has many domains and does have the Domain and AccountName attributes displayed on the user search results page.

FIM Powershell Quest

0
0

I want to get all users in FIM with home addresses longer than 30 characters. Does anoyone know a good way to that without first getting all user?

I'm using the Quest Powershell module for FIM and I tried to do it like this but it seems like you cannot use greater than in the filter.

Get-FIMResource

-Filter"/Person[HomePostalAddress-gt'30']"-ComputerName$FIMServer


Generate CSExport to csv file

0
0

hello, 

i'am using a script that permits me to parse a  CSExport Generated XML File Into A Scoped CSV. 

I want only to get the users wich are connected to my connector space. 

when i use $csObject.connector -eq "1", in the result csv file i have some users which are not connected and are not in the Metaverse ? 

is there another attribut that permit me to export only connected users ? 

Thanks 


SSPR Server in DMZ need to be domain joined?

0
0

Hi

I realize the SSPR web portal does not require SharePoint and only need IIS. Our security team does not want any self registration pages to be hosted on a domain joined server. We do have a reverse proxy server before the users can get to the registration pages. Q - Is it a possible scenario to have SSPR server in DMZ that is not joined to any domain? 

FIM 2012 R2 SP1 (On Premise) - The Forefront Identity Manager Synchronization service stops every hour

0
0

I have a new installation of FIM 2012 R2 SP1 "on premise".  

I can do import, synchronizations, etc...  but at every hour sharp (12:00, 1:00, 2:00, ...) the Forefront Identity Manager Synchronization windows service stops (disabled).  I have to enable it manually and re-start it every time...

Any things I should check...? Is it caused by a SharePoint Timer Job...? 

The SharePoint logs or Event Viewer don't show anything particular...

Thanks,

J-F


Jean-François Guertin Entreprise Solution Architect Collaborum Services Conseils Inc | 1-581-997-4911 | jfguertin@collaborum.com Certifications Visual Studio Team Foundation Server 2010 Microsoft Office SharePoint Server 2007 - 2010 Windows SharePoint Services 3.0


Trouble with notifications - failed schema validation

0
0

I am trying to send an Email notification from a workflow and am getting the following error:

System.Web.Services: System.Web.Services.Protocols.SoapException: The request failed schema validation: The element 'Message' in namespace 'http://schemas.microsoft.com/exchange/services/2006/types' has invalid child element 'Header' in namespace 'http://schemas.xmlsoap.org/soap/envelope/'. List of possible elements expected: 'Sensitivity, Body, Attachments, DateTimeReceived, Size, Categories, Importance, InReplyTo, IsSubmitted, IsDraft, IsFromMe, IsResend, IsUnmodified, InternetMessageHeaders, DateTimeSent, DateTimeCreated, ResponseObjects, ReminderDueBy, ReminderIsSet, ReminderMinutesBeforeStart, DisplayCc, DisplayTo, HasAttachments, ExtendedProperty, Culture, Sender, ToRecipients, CcRecipients, BccRecipients, IsReadReceiptRequested, IsDeliveryReceiptRequested, ConversationIndex, ConversationTopic, From, InternetMessageId, IsRead, IsResponseRequested, References, ReplyTo' in namespace 'http://schemas.microsoft.com/exchange/services/2006/types'.

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

   at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.CreateItem(CreateItemType CreateItem1)

   at Microsoft.ResourceManagement.Mail.ExchangeProxy.ExecuteCreateItem(CreateItemType request)

   at Microsoft.ResourceManagement.Mail.ExchangeServer.SendNotification(NotificationMessage message)

   at Microsoft.ResourceManagement.Mail.NotificationMessage.Send(Int32 timeoutInMilliseconds)

   at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.SendMailMessage(MessageContent messageContent, Int32 timeoutInMilliseconds)

   at Microsoft.ResourceManagement.Workflow.Hosting.SendMailWorkItemProcessor.ProcessWorkItem(WorkItem workItem

It appears that the Exchange web service doesn't like the schema FIM is presenting. Anyone seen this? Is there a trace setting that will dump out the call to the Exchange server?

I have tested that I can hithttps://fqdn_server/ews/exchange.asmxfrom the FIM Service account and the certificate is correct.



Custom attribute not getting hidden

0
0

Hi,

I've created two new custom attributes (one type string and the other a type boolean) and binded them to the Person object. I also modified the Create User and Edit User RCDC to include those attributes in the view.

The attributes show up just fine for the administrator which is expected when creating or editing a user object, however when I login as a normal user, I can still see those attributes despite the normal user not having Read permissions through any MPR on the attributes. The read permissions are controlled on an attribute level and I have double checked these attributes are not added to that list. 

Is there some way to check if these attributes show up in any MPRs? My only guess here is that some MPR is granting read permission to these attributes but I don't want to go through all the MPRs to find out which one that might be.

Thanks 

How to create an Extensible Conectivity 2.0 MA that call a web service in FIM 2010 R2?

0
0

I created my web service to create, update and delete users from one of our systems.

Now I am to create MA to use my web service and export users into that system, there is no need to import!

I tried to use web service configuration tool but had lots of errors and could not find an example of configuring run profiles.

Now I am trying to write Extensible Conectivity 2.0 Management Agent. I need help as there is no examples available for how to call/use web service in MA.

Thanks

FIM Galsync Selective Output

0
0
I have 4 Forests doing FIM GALSYNC with each other successfully - AMERICAS, EUROPE, AFRICA, APAC. But I don't want FIM to provision APAC contacts to EUROPE the same way it is doing for AMERICAS & AFRICA. When the APAC contacts are synched in EUROPE MA the targetAddress attribute value of the contacts should be SMTP:%mailNickName@myexch2010.apac.org but for all other forests APAC can provision the contacts with the targetAddress value in the formatSMTP:%mailNickName@myexchdomain.com. Let me know how this is possible.

Jimmy George

How to handle a timedout BDC connection

0
0

I have a BDC connection to a SQL database, however this database may timeout from time to time or be offline... right now if the database is down the fields that depend on it on the user profile come out empty, i would like to have the old values if there is no connection. How can I achieve this? I am desperate

My sharepoint user profile has fields from AD and a BDC connection... how can I handle a missing connection?

Viewing all 4767 articles
Browse latest View live




Latest Images