<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft.ResourceManagement" /> <EventID Qualifiers="0">3</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-07-02T07:27:41.000000000Z" /> <EventRecordID>35714</EventRecordID> <Channel>Forefront Identity Manager</Channel> <Computer>FNR11104.fnrlab.lab</Computer> <Security /> </System>
- <EventData><Data>Microsoft.ResourceManagement.Service: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition, Boolean suspendWorkflowStartupAndTimerOperations) at Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManager.StartWorkflowInstance(Guid workflowInstanceIdentifier, KeyValuePair`2[] additionalParameters)</Data> </EventData></Event>

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft.CredentialManagement.ResetPortal" /> <EventID Qualifiers="0">3</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-07-02T07:28:41.000000000Z" /> <EventRecordID>35715</EventRecordID> <Channel>Forefront Identity Manager</Channel> <Computer>FNR11104.fnrlab.lab</Computer> <Security /> </System>
- <EventData><Data>There was a timeout error while resetting the user's password. Details: System.TimeoutException: The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The HTTP request to 'http://fimservice.fnrlab.lab:5725/ResourceManagementService/Alternate' has exceeded the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. ---> System.Net.WebException: The operation has timed out at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace --- at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.ResourceManagement.WebServices.WSTransfer.IResource.Put(Message request) at Microsoft.ResourceManagement.WebServices.ResourceClient.Put(Message request) at Microsoft.ResourceManagement.WebServices.ResourceClient.Put(UniqueIdentifier resourceIdentifier, CultureInfo locale, Put putBody, ClientOptionsHelper clientOptionsHelper) at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate() at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.ResumableUpdate() at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Resume(ContextualSecurityToken securityToken) at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse) Web Portal: FIM Password Reset Portal Session Id: zzhrra55npkv2p3dkjo4o245 IP Address: 10.128.90.79</Data> </EventData></Event>

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft.ResourceManagement" /><EventID Qualifiers="0">3</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2014-07-02T07:28:41.000000000Z" /><EventRecordID>35716</EventRecordID><Channel>Forefront Identity Manager</Channel><Computer>FNR11104.fnrlab.lab</Computer><Security /></System>
- <EventData><Data>Unable to retrieve a workflow instance with the specified identifier 'f27789cf-562f-4a12-968a-5b036fc95bb5'.</Data></EventData></Event>

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft.ResourceManagement" /><EventID Qualifiers="0">3</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2014-07-02T07:28:41.000000000Z" /><EventRecordID>35717</EventRecordID><Channel>Forefront Identity Manager</Channel><Computer>FNR11104.fnrlab.lab</Computer><Security /></System>
- <EventData><Data>Requestor: urn:uuid:b0b36673-d43b-4cfa-a7a2-aff14fd90522 Correlation Identifier: dba0347b-5da8-447a-a338-9b9acf8b3b1a Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> Unable to retrieve a workflow instance with the specified identifier 'f27789cf-562f-4a12-968a-5b036fc95bb5'. --- End of inner exception stack trace ---</Data></EventData></Event>

Hi everybody 

I hope to find someone can help on the below scenario :

actually I'm new on FIM and I'm Planning to install it and Configure it to be used with our Oracle HR System so what I need to know is the Limitation and Supported Scenario to be used with Oracle system for example is FIM system Support the integration with Oracle ? and if so what are the Limitation? what kind of information I have to know it from Oracle side before Start?.

Thanks,

Ahmed Ali

All,

I am facing an issue and spent time on research and discussions with my colleagues. All feedback is more or less the one I was feared of. So - you are my last hope :)

Current setup:
-    Run profile “DI” on AD-MA contains 60 steps (screenshot attached)
-    Each step is related to a single domain within forest
-   Currently domains are decommissioned step-by-step, as all user are migrated to a single root-domain
-    We are not always informed that a domain was shut-down
==>    RESULT: In case that a domain could not be reached, either caused by a temporary issue or based on being decommissioned run profile is stopped immediately with error “no-start-connection” and all following steps are skipped. Means, in case that in step 2 of the profile domain cannot be reached following 58 domains are not imported.

Question: I spend some time on checking for a solution on that, not yet successfully. Does anyone of you have an idea how to solve it? My idea, and I assume this is somehow possible, is to define error handling in FIM that enforces him to proceed with next step within run profile instead of skipping all following steps.

Worst case work-around would be to defined a DI-run profile with a single step for each single domain – means 60 DI-run profiles :(

NOTE: As the schedule for the migration is not yet finally agreed I would assume a time frame in years - so it is not a short term issue.

Expecting worst case reply but not yet given up,

Daniel

Screenshot:

Is there a documented process I can refer to for adding recaptcha to the FIM password reset landing page? I have not been able to find anything on the subject.

Would modifying the app to include recaptcha have any repercussions with warranty or support?

Are there any alternative solutions to protect this page from bots?

Thank you

Hi all,

Does anyone have a link to instructions for configuring FIM GALsync to use SSL rather than just sign and encrypt LDAP traffic please?

just ticking the box doesn't work, so I'm assuming certificates need to be installed at both ends, not sure what certificates (internal vs public CA), or where to install them (just at the OS level?)

Thanks

Charlie

Hi,

I have a scenario in which I have to create a workflow to change a reference value attribute - "Manager" for multiple users in one go. Is it possible to achieve this with workflow. If yes, then how?

Regards,
Manuj Khurana

Hi,

I suspect the answer to this is no, but is it possible to view user's SSPR answers? Is it possible for an admin to change a user's SSPR answers?

Thanks

Hello,

FIM has been deployed in an environment where it doesn't have permissions over all AD OUs. Some users have been moved out of an OU which FIM has control of and then moved back into the OU which has FIM ownership. FIM has been configured to not delete any users from AD, but just to disconnect users.

I have an issue where some users have sync issues as they have duplicate accounts where they've been moved in and out of FIM OUs.

What's the best way to deal with this scenario and how can I achieve it?

Thanks

I am basically new to FIM. My apologies if I am asking a stupid question. We need to create a custom Identity Picker control(Multi Value selection) with  a 10 fixed values displayed in the control so we created a custom identity control and associated with the custom resource. We are not able to understand how to add the values to the custom resource in order to display them  in the picker control. Is populating the objects done only through Metaverse or is there any other way to display those 10 values in the picker control?

Hi All,

The Forefront Identity Manager 2010 R2 SP1 supports Windows 2012 as per - http://technet.microsoft.com/en-us/jj863246(v=ws.10)

Is Windows 2012 R2 supported as well please?

Regards,

Ajay Suri

Hi,

Has anyone modified the FIM Portal to include other objects, for example: we would like to be able to create/edit/delete 'Positions' or 'Roles' in the FIM Portal.

Once a new 'Position' is created, then when you create or edit a User in the Portal, we would like the 'Position' attribute be a drop down box, with the ability to pick an existing 'Position'.

Is this possible?

Is this a lot of work?

Are there any samples online for something like this?

Thanks,

SK

Would anyone know if Utils.FindMVEntries returns only object of the same type as object the search is running in the context of - or does it search all of MV and return all matching objects?

The use case is a search for each user which would need to lookup the ID of a group from MV - a different object type in the MV.

Many thanks,

Petar

Hi,

I am trying to synchronise selected users from Active directory to FIM 2010 r2 Portal  .

I have multiple OU's in AD and each OU having multiple users . I want to restrict certain users from OU to be synchronised to the FIM 2010 r2 Portal. Any ways to achieve this ?

Regards

Anil Kumar

Hi,

can we store answers in turkish language in FIM 2010 R2 Database,if my database have default collation?

Regards

Anil Kumar

Experts,

Can I change from Database view to Database table in SQL Server MA?

Currently I am connecting to DB view All_users. I am thinking of table instead of view.
Can I just drop the view and create table with same name hoping nothing will happen to management agent.

Please suggest.

Thanks,
Mann

While running the FIM quickstart tool I get an error while trying to verify the container.
Any Ideas what is causing this?

VERBOSE: Verifying the forest and account
VERBOSE: Verifying the container
invoke-quickstart : Unknown error (0x80005000)
At line:1 char:1
+ invoke-quickstart -verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-QuickStart], ActiveDirectoryOperationException
    + FullyQualifiedErrorId : System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException,Microsoft.Ide
   ntityManagement.QuickStart.InvokeQuickStart

Hi experts,

I have an SQL MA to export data from FIM to a an SQL table, in that table i have 2 dates format fields "whencreated" and "whenupdated".
I created a custum rule extension to manage this 2 fields because i want to put the date and time when the run  profile is processing the data.
my code is:

--------------------------------------------------------------------

-------------------------------------------------------------------------

concerning the "whencreated" there is no problem, but the issue is the "whenupdated", i want the field be updated only when onother field is updated, how to manage that ?

Hi Everyone,

I am having the error bellow while trying to provision users from FIM Portal to Active Directory :

Error Type:

------------------------------------------------------------------------------------------------------------------

sync-rule-flow-provisioning-failed : Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: 0x80230405

------------------------------------------------------------------------------------------------------------------

System Event viewer :
------------------------------------------------------------------------------------------------------------------

The server encountered an unexpected error while performing an operation for a rules extension.
 
 "BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\sproc.cpp(1685): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\mvsqlsingle.cpp(1144): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\mvsqlsingle.cpp(1427): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\mvobj.cpp(2824): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\mvobj.cpp(3072): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sqlstore\csobj.cpp(2150): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sync\synccore.cpp(614): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\sync\syncrulesimp.cpp(337): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\server\rules\scriptmanagerimpl.cpp(6065): 0x80230405 (The operation failed because the object cannot be found)
BAIL: MMS(3964): d:\bt\16961\private\source\miis\scrhost\scripthost\provisionerservices.cpp(525): 0x80230405 (The operation failed because the object cannot be found)

From script host:
Microsoft.MetadirectoryServices.Impl.InternalError: 0x80230405Forefront Identity Manager 4.1.3496.0"

------------------------------------------------------------------------------------------------------------------

I will be grateful if you could help!

Thanks in advance.

Louban

Hello,

I'm trying to use Soren Granfeldt's PowerShell MA to pull some information from a legacy SQL Server (too old to use SQL Server MA) as part of a system migration. On the whole, it's working very well, but I've tried to add a new attribute to it and am running into some problems.

The attribute is a multivalued string (actually an integer in the source db, but converting to a string since the MA requires that), and is the first multivalued attribute I've tried to use with this MA. When I run an import, the MA runs for the expected length of time but returns no objects.

If I run the script in a PowerShell console, it does appear to spit the correct data out to the pipeline.

If I set the script to return fixed test values for the multivalued attribute, it appears to work. This leads me to suspect that I'm somehow not correctly forming the object to put into the attribute (I'm trying to use an array of strings).

Relevant code:

Schema:

$obj = New-Object -Type PSCustomObject
@(
#There are other attributes in here but they work fine.
    @{ Name='Group'; Type='String[]'; Value=('Value1','Value2') }
) | foreach { `
 $obj | Add-Member -Type NoteProperty -Name "$($_.Name)|$($_.Type)" -Value $_.Value
}
$obj

Import script:

# For each object

    $Groups = @()
    $GroupsConnection = New-Object System.Data.SqlClient.SqlConnection
    $GroupsConnection.ConnectionString = "Server = $DBHost; Database = $DBName; Integrated Security = True; User ID=$Username; Password=$Password"
    $GroupsConnection.Open()
    $GroupsCmd = $GroupsConnection.CreateCommand()
    $GroupsCmd.CommandText = "SELECT * FROM groups WHERE loginname='$AccountName'"
    $GroupsReader = $GroupsCmd.ExecuteReader()
    while ($GroupsReader.read()) {
      $Groups += $GroupsReader.GetValue(1).ToString()
    }
    $GroupsConnection.Close()
    $obj = @{
    # Other attributes in here, too
      'Group' = $Groups
    }
    $obj

Can anybody see anything obviously wrong with this, or does anybody have an example of a working script?

Many thanks in advance,
Sean.

Dear All,

I've a FIM CM installation and plan to enroll virtual smart cards on surface 2 pro (Windows 8.1) with IE 11.

If I try to execute a request the following erroe occures:

"Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your administrator."

The FIM CM site is in the list of trusted sites the Active-X setting is made.

The FIM x64 client is installed as well.

Does anybody have any idea?

Thank you,

Akos