Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 4767 articles
Browse latest View live

FIM Portal Install Succeeds, but no Portal is installed.

July 10, 2014, 11:02 am
$
0
0

Hello,

I'm installing FIM for the first time and am having a weird issue installing the FIM Portal.  I have a separate exchange server, separate SQL server, a server running the FIM Sync service, and am installing the portal, pw registration portal, and reset portals on another server.  I have installed Sharepoint Foundation and have a working team site (port 80) and I have removed the Default Web Site that was previously sharing that port.  After successfully completing the FIM Sync Service install, I run the FIM Service and Portal installation as a domain administrator.  Everything seems to install and I get confirmation at the end that the installation was a success.  However, when I go to http://fim1 (the address of the local host) I still just see the default Sharepoint Team Site and not anything related to FIM the portal itself does not seem to install.  The FIM Service installs and in services.msc I see that it is running.  I do not see any FIM related applications in the start menu.  After unsuccessfully trying to install this a few weeks back I remember having a FIM administration site that popped up.  We have since started from the ground up and I can not get this portion to install despite the installer telling that it was successful.  I was having this exact same issue in a subsequent installation prior to re-imaging the FIM servers and attempting it again.  Unfortunately, I'm having the same result.  Any feedback on this would be greatly valued!  

Thanks,

Mike

Search

FIM RCDC drop down and function evaluator vs functions within sync rules

July 10, 2014, 11:23 am
$
0
0

Hi,

 I have several hundred buildings in my organisation and I would like to to give users the ability to select their building name from a custom RCDC - straight forward enough, however I'd also like the following to be automatically selected within FIM:

Address, City, Post Code, Country

I believe this can be done in 2 ways:

An outbound sync rule using a function (.e.g IF(Eq(Address),"Beverly Hills"),"90210",""))

A function evaluator using a similar expression.

Whilst I'm comfortable with sync rules I don't know much about function evaluators in workflows and would like some advice on the best approach to take and how to go about it?

In addition, given there'll be a lot of sites, is there a way to input the RCDC drop down list of sites from a CSV or XML file, rather than having to manually edit the FIM pages and functions?

Thanks

IT Support/Everything

bhold core setup confirmation

July 10, 2014, 11:52 am
$
0
0
I installed bhold core (the first step) in a separate server. Installation completed but when I open the core portal form the local machine, it is just showing a blank screen. I dont see anything. I could see the iis was set and database was created too. There are no error in the logs too. I believe it is something to do with iis app pool. I followed all the steps in the documentation. Everything went correct expect the core portal settings part. Any idea what could have gone wrong

\FIM 2010 virtual labs are not available

July 10, 2014, 7:48 pm
$
0
0

Hi All,

FIM 2010 virtual labs are not available
Any idea why the FIM 2010  virtual labs (Tech net) are not available ?

Regards,
Anirban Singha

Unable to even install BHOLD Core

July 10, 2014, 8:15 pm
$
0
0

Hi,

I have heard BHOLD horror stories.

I have talked to customers that tried and totally gave up on BHOLD.

In my work circles, no one has actually seen a functioning BHOLD deployment. 

So I decided to try BHOLD myself - and, behold,  the default installation even fails.

Here is my setup.

  • 1 x domain controller (DC01 Windows 2012)
  • 1 x FIM 2010 R2 SP1 & SQL 2008 R2 server (FIM01)

BHOLDApplicationGroup created as a Global security Group.

B1user (BHOLD service account) created as a domain user.

B1User is member of:

  • Domain\BHOLDApplicationGroup
  • Domain\Domain Admins
  • Domain\IIS_IUSRS
  • FIM01\Administrators
  • FIM01\IIS_IUSRS

B1User is SYSADMIN on the SQL server.

B1User has 'Log on as a service' on the FIM01 server.

But the BHOLD Core 5.0.1992.0 release fails to install with the following error:

"BHOLD Suite Core error 1923. Service B1Service could not be installed. Verify that you have sufficient privileges to install system services"

Could someone please shed some light on how to simply install BHOLD...?

Thanks,

SK




BHOLD produces lots of Eventlog Entries

July 11, 2014, 2:22 am
$
0
0

Hi I tried the latest BHOLD (5.0.2521.0) bits that come with FIM 4.1.3510
As soon as I install BHOLD Core the application log gets filled with theses two entries every 5 seconds
Can anyone of you tell me the root cause of this?

Thanks, Henry

Event Source: B1Service
EventID     : 7
Event Type  : Information
Event Text  :
Error when executing 'EXEC ProcessQueueCommand30UserBiased' \n\n Reason System.Data.OleDb.OleDbException: Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 0, current count = 1.
   at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)
   at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()
   at BHOLD.B1ServiceLibrary.Queue.ConnectorQueueDal.RetrieveQueueEntries(Int32 applicationId) in d:\Builds\53\4\Sources\imp\src\Access Management\Core\B1ServiceBC\Queue\ConnectorQueueDal.cs:line 122'


Error when executing 'EXEC ProcessQueueCommand30RoleBiased' \n\n Reason System.Data.OleDb.OleDbException: Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 0, current count = 1.
   at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)
   at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()
   at BHOLD.B1ServiceLibrary.Queue.ConnectorQueueDal.RetrieveQueueEntries(Int32 applicationId) in d:\Builds\53\4\Sources\imp\src\Access Management\Core\B1ServiceBC\Queue\ConnectorQueueDal.cs:line 122'

What is necessary for FIM to connect to an AD in another forest?

July 11, 2014, 4:21 am
$
0
0

Hello

I have FIM 2010 R2 installed on fim1.fim1.local working happily provisioning users into fim1.local domain.

Now due to merger we have a second forest    additional.local  

What is necessary for the existing FIM install to manage users on the additional.local forest as I cannot connect without error?

I can access the additional.local DC from the FIM Server and read the directory. Port 389 is open. I have a domain account on additional.local.

When I try to make an AD MA. I get the error message:

"Failed to search on DN cn=Aggregate,cn=Schema,cn=Configuration,dc=additional,dc=local"

and error code is 0x34.

I tried these values:

Forest:   addDC.additional.local

User Name: Administrator

Password: ***

Domain: additional

Where am I going wrong?

FIM MA Attribute Flow Documenter - download link broken

July 11, 2014, 12:12 pm
$
0
0

http://social.technet.microsoft.com/Forums/en-US/ebe5bac8-e8b3-4501-afda-df46439fffd9/fim-ma-attribute-flow-documenter?forum=ilm2

The download link on the url above is no longer working, any way we can still get access to this powershell script? Thanks

Search

FIM Service Disappears and Kerberos question

July 11, 2014, 2:17 pm
$
0
0

Hello All,

First a little bit about the FIM topology and SPNs I've set up and then on to the problem(s) I'm having.  

FIM1 - Sharepoint, Fim Service and Portal, Password Reset/Password Registration Portals

FIM2 - Synchronization Service

SQL1 - Contains FimService and Synch Service database

ExchangeServer - Hosting the exchange stuff.  

SPNS have been configured for:

http/fim1 domain\sharepointservice and the FQDN

FimService/fim1 domain\FimService and the FQDN

http/passwordreset.domain.org and passwordregistration.domain.org domain\FIM1$ 

the MSSQLsvc already has an SPN configured for SQL1

Problem 1:

I get everything installed and can access http:\\fim1\identitymanagement (FIM Portal) for a little while.  After a period of time the page becomes unresponsive and I get an error message that the web page cannot be found.  I check the FIM Service in services.msc and the FimService is no longer there.  I uninstalled the FimService and reinstalled it and again and everything was functioning normally.  The page again becomes unresponsive and I check the services.msc and this time I see the FimService is running and set to automatic.  I decide to bounce the service anyway to see if this will resolve the issue and it disappears before my very eyes.  Last I checked David Copperfield isn't standing behind me with a top hat and wand...  so what gives?

Problem 2:

I'm having a hard time finding consistent information on Kerberos Authentication set up for the password registration and reset portal app pool being installed on the same server as the FIM Service.  Based on what I read in the "Before you Begin guide"...

  1. Repeat the above step for each of the FIM Password portals, using setspn.exe –S HTTP/<ssprPortalHostHeaderName> <domain>\<ssprPortalMachineAccount$>, where<ssprPortalHostHeaderName> is the binding information for the FIM Password portal Host Name that was entered during setup. This is the name that will be used by clients to contact the portals.

I set up my aforementioned SPNs accordingly. It asks me if I'm installing the registration portals on a different server from the FIM service and if so, check the boxes, and specify the FIMPassword account.  I don't check these boxes and move forward with the install.  I get to the registration and reset portal installation section and it asks me for an account name. Am I supposed to be using FIM1$ computer account as I specified in the SPN?  If so, what is the password I am supposed to provide? Should all Kernel Mode settings remain enabled after this?  Also, on previous installs, if I set up NetworkService as the app pool identity I've noticed that it at least lets me access the portals, however I get a generic message that the user account password can not be reset.  

Can anyone tell me if I'm supposed to be using the machine account password for the SSPR and SSRP app pool account during set up?  

Sorry for the long winded question, but I've been failing at installing/configuring FIM for the better part of a month and just can not get this thing to cooperate.  

Many thanks for any help you can provide.

Mike


How do I flow the following to be used in a Set? resource type: User attribute: memberof

July 13, 2014, 10:03 am
$
0
0

How do I flow the following to be used in a Set?  resource type: User     attribute: memberof

I am trying to create a Set based on group membership to be used to criteria base other groups.

Enable FIM AD Account

July 13, 2014, 11:42 pm
$
0
0

Hi Guys,

Trying to enable AD account that already exists in FIM & AD if employeeType attribute changes ?? Couldn't get any success when trying to flow the useraccountcontrol value thru custom attribute but it revert backup when AD-MA runs. Any clue would be helpful..

Thx
JC

Attribute missing (Attributes and management agents)

July 14, 2014, 5:20 am
$
0
0

I'm new to FIM, and even as I've read and searched the web - I can't quite figure this one out (don't have a proper training environment yet so I can test this).

I've got a case where one of the Management Agents is missing data for a employee. It's missing the employee's Role. (Like "Head of dept"). Looking at the metaverse object properties for the given management agent - role is not a part of the attributes listed. However, for another management agent, role is defined in the attribute list. Is the trick to add the attribute to the list of attributes for the MA missing it - or is it something else I need to consider as well?

Upgrade FIM 2010 RTM to FIM 2010 R2 SP1

July 14, 2014, 7:08 am
$
0
0

Hello Experts,

I have environment with FIM 2010 RTM high availability {2 FIM Services, 2 FIM portal, 2 SQL}. current infrastructure is windows 2008 R2 SP1 and SQL 2008 R2. Now i want to upgrade FIM to FIM 2010 R2 SP1 on current Infrastructure, is it support? How to upgrade FIM Service to FIM 2010 R2 SP1? is FIM 2010 R2 SP1 support exchange 2003?


MultiLanguage .resource file is not working in FIM 2010 R2 SSPR

July 14, 2014, 7:45 am
$
0
0

Hi,

I have one more problem regarding Multilanguage resources file, my Customized English Language working fine but when I convert English language resource file content into the Spanish language resource file content and set browser setting in Spain[es-ES] with priority high,it is not taking any changes in SSPR Registration page.more information in attached resourcs file blow snapshot.First page of SSPR Registration Page with English Language:
this content is not converted in Spanish language for Spanish it is taking default content of page.

First Page of SSPR Registration Page with Spanish Language:

Regards

Anil Kumar



Is FIM the right Product?

July 14, 2014, 7:46 pm
$
0
0

We have recently merged with another company and need to be able to have user and exchange information shared across the two forests. At the moment there is 2 way trust or federation is not an option. FIM appears to be a product that would allow us to sync users between the two environments and also sync the GAL?

Am I on the right path? Can anyone point me towards some success stories?

Thanks

Jeff


Search

FIM Portal Basic User, cant see anything but name in fim portal

July 14, 2014, 11:03 pm
$
0
0

Running FIM 2010 R2 4.1.3508.0

Sharepoint 2013 foundation

a month ago when a non administrative user logged into the FIM portal they could see the basic a normal non-admin user could see.  

now when a user logs into the FIM Portal, it loads up the FIM portal page with the forefront identity managemt logo in top right and left corner, there name is displayed and the search bar on the right hand side is showing. everything else a non administrative user is suppose to see doesnt show up. all we get is a blank screen.

the users have there accountName, objectSID, and domain. if i put a non administrative user into the 'administrator' Set, they get to see the portal, but they get and see everything a administrator has. if i remove them from that set, they see nothing but the logo and there name. i have checked the appropriate MPR and made sure they are not disabled.

within the administrator page, i have checked the home page, navigation bar and they all look correct with the right 'BasicUI' in the right sections.

i have been working on this for days and i am unsure where to look next.

has anyone seen this before or know how to fix this issue?

thank you

James

 

FIM in a foreign language

July 15, 2014, 2:53 am
$
0
0

Hi. I'm very new to FIM and I am a bit confused about the language packs. 
Can someone explain what the difference is between the following options:
1. Installing the FIM client in a foreign langauge (e.g Italian).
2. Installing the FIM client in the base language (English) and then adding the Italian language pack.
In other words, why does Microsoft bother providing both options? What is the difference?

Is it necessary to install FIM language packs for FIM Client Add ins ?

July 15, 2014, 3:13 am
$
0
0

Hi All ,

Is it necessary to install FIM language packs for FIM Client Add ins, if I want it to use in different languages for different countries.

And also , I would like to know the order in which the Client Add In and language packs should be installed , like what should be installed first ?

Regards,

Anil Kumar 

Granfeldt's PSMA - Error on export (ma-extension-error, 0x80230703)

July 15, 2014, 5:56 am
$
0
0

I'm running in to a error using Granfeldt's PSMA. I'm trying to export objects to Exchange, everything goes just fine, the new mailboxes are indeed provisioned, but PSMA hits error everytime I run the export;

Error: ma-extension-error, Connected data source error: unexpected-error, Connected data source error code: 0x80230703.

I enabled PSMA's logging feature and it shows that my export.ps1 script indeed starts (It logs it's stuff to other file where I can see that everything goes just like planed) and after that it throws "System.NullReferenceException: Object reference not set to an instance of an object."

In the event viewer I see another error after the export:

"Microsoft.MetadirectoryServices.EntryExportExeception: Object reference not set to an instance of an object. at Granfeldt.PowerShell.ManagementAgent.Microsoft.MetadirectoryServices.IMAExtensible2CallExport.PutExportEntrie(IList`1 csentries) Forefront Identity Manager 4.1.3508.0"

I'm a bit confused because my export script works just fine.. is there something I should look after my Sync Rule from the portal or something else? Error messages don't help much... Thanks in advance!

Granfeldt PSMA Home Dir example

July 15, 2014, 8:09 am
$
0
0

I'm attempting to use the example home dir PSMA script from the recent FIM user group video. I've modified the PS scripts to create an appropriate remote share and have created the MA referencing the files. I am unsure what attributes require values passed to them via a sync rule and how to get values such as the objectguid which is referenced in the example script.

	@{ Name="Anchor-id";   			Type="Binary"; Value=1 }
	@{ Name="objectClass"; 			Type="String"; Value="person" }
	@{ Name="objectguidstring";		Type="String"; Value="" }
	@{ Name="objectsidstring";		Type="String"; Value="" }
	@{ Name="samaccountname"; 		Type="String"; Value="" }
	@{ Name="distinguishedname";   	Type="String"; Value="" }
	@{ Name="homedrive";          	Type="String"; Value="" }
	@{ Name="homedirectory"; 		Type="String"; Value="" }
@{ Name="employeeType";         Type="String"; Value="" }
    	@{ Name="sn";                   Type="String"; Value="" }

Above is the schema script. Do I need to pass values from the SR to id, objectguidstring, objectsidstring, distinguishedname and if so how do I get calculate these values?

Any help or pointing to documentation would be much appreciated.


Viewing all 4767 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>