Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 91 | 92 | (Page 93) | 94 | 95 | .... | 204 | newer

    0 0

    New patch for FIM:

    Prerequisites

    To apply this update, you must have Forefront Identity Manager 2010 R2 SP1 (build 4.1.3419.0 or a later build) installed.

    For BHOLD deployments, you must have hotfix rollup package 2934816 (build 4.1.3510.0) installed to apply this update.

    Restart requirement

    You must restart the computer after you apply the Add-ins and Extensions (Fimaddinsextensions_xnn_kb2980295.msp) package. You may also have to restart the server components.

    Replacement information

    This update replaces the following updates: 

    2980295 Hotfix rollup package (build 4.1.3599.0) is available for Forefront Identity Manager 2010 R2 SP1

    2969673 A hotfix rollup (build 4.1.3559.0) is available for Forefront Identity Manager 2010 R2

    2934816 A hotfix rollup package (build 4.1.3510.0) is available for Forefront Identity Manager 2010 R2

    More info / download link:

    A hotfix rollup (build 4.1.3613.0) is available for Forefront Identity Manager 2010 R2 SP1


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.


    0 0

    Hello All,

    The FIM 2010 R2 application is running, but the error logs on server shows sharpoint error.

    The error log is attached. Please reply if someone has faced this . Event id - 2424


    0 0

    Hello,

    I'm attempting to configure an Open LDAP server using the Generic LDAP Connector in FIM.

    However, I receive the following error each time: "<error>Value does not fall within the expected range. </error>."

    I can use LDP.exe to connect and bind to the Open LDAP server without issue--using the credentials and port (636) I want to use for FIM.

    I have installed the certificates for the LDAP server. (In both my personal, and even Trusted Root for the sake of trouble shooting.)

    I've tried setting the binding to SSL, TSL, Basic, or Anonymous...still no luck.

    What format should I be puting the username in?  I've tried both "Administrator"   and  "cn=Administrator,cd=dcname" (the format I would use for ldp.exe.)

    I'm not sure how to proceed.  I can't even tell if it doesn't like the format of the host name, the username, or the Certificate. (Or certification subject.)

    Has anyone succesfully done this before and can provide some guidance?


    0 0

    Hi,

     I'd like to include a message stating what the password requirements should be before a user password is changed, I'm using the code below, everything but the "ResetUserNameTextFormat" works - I'm wondering whether it's down to the length or maybe semi colon?

    <?xml version="1.0" encoding="utf-8"?>
     <root>
       <resheader name="resmimetype">
         <value>text/microsoft-resx</value>
       </resheader>
       <resheader name="version">
         <value>2.0</value>
       </resheader>
       <resheader name="reader">
         <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
      </resheader>
       <resheader name="writer">
         <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
       </resheader>

     <!-- Customizations begin here -->
       <data name="ResetExample1" xml:space="preserve">
         <value>asmith</value>
       </data>
       <data name="ResetExample2" xml:space="preserve">
         <value>jxbond</value>
       </data>
       <data name="ResetUseNewPassword" xml:space="preserve">
         <value>You can now use your new password to log in</value>
       </data>
       <data name="ResetUserNameTextFormat" xml:space="preserve">
         <value>Your password must be at least 7 characters and contain 3 of the following 4 characters: uppercase A to Z, lowercase a to z, digits 0 to 9 and a non-alphabetic character.</value>
       </data>
      </root>


    IT Support/Everything


    0 0

    Hi Everyone,

    I am configuring FIM Reporting in which initially I installed scsm 2012 r2 which was not supported and after the uninstallation I installed scsm 2012 sp1,after the installation of scsm management server 2012 sp1 and dataware house when I am running the "FIMPostInstallScriptsForDataWarehouse" script it says the following error message in the first screen and when I am trying to install the snappins then it says me to delete this existing files in the second screen.

    My question is how and where should go I go and delete that exisiting snappins so that the script can run. please find the below screen shots

    +


    0 0
  • 11/27/14--00:09: FIM 2010 R2 SP1 NLB Issue
  • Hello folks.

    So I'm installing a highly available FIM lab

    Server 1 - SQL Cluster and FIM SS (serverA.demo.com)

    Server 2 - SQL Cluster (serverB.demo.com)

    Server 3 - FIM Portal and Service (serverC.demo.com) NLB Cluster

    Server 4 - Nothing yet (serverD.demo.com)

    I've set up spn's for fim-sharepoint account (http/serverC, http/serverC.demo.com, http/nlb, http/nlb.demo.com) and fim-service account (fimservice/serverC, fimservice/serverC.demo.com, fimservice/nlb, fimservice/nlb.demo.com).

    When I try to access FIM Portal through NLB name I can get to the portal (so the k ticket gets created) but the portal returns error 3000. Logs say that portal cannot contact Middle Tier. If I open the server using NetBIOS name (https://serverC/identitymanagement) it works. Now the fun part. If I try to open the server using NLB name after that it will work for pages I've already opened in my previous session (using NetBIOS name).

    Does anybody have any ideas?


    The data above this text is pseudorandom, brace yourselves.


    0 0

    Could you please provide comparison/differences between  Sun Access Manager Vs Identity & Access Management (IAM).Like performance, Price, Support, Return of Investments(RoI), training, Pros and cons cost involves migration from Sun to IAM.

    Thanks in Advance.

    Srikanth Gunti



    0 0

    Hi all,

    I've implemented a sync rule for groups according to this article http://technet.microsoft.com/en-us/library/ff686936%28v=ws.10%29.aspx

    The article describes the following:

    "When you import unmanaged group information from AD DS into FIM, you need to initialize the membershipLocked attribute. The best practice recommendation is to set this attribute to false.

    The next attribute that you need to initialize is the membershipAddWorkflow attribute that should be set to Owner Approval."

    I've configured to constant flows for the attributes membershipAddWorkflow=OwnerApproval and membershipLocked=false.

    I now would like to create some dynamic criteria based groups in the FIM portal. Creation and export to AD works fine as long as  I don't reimport them because they are changed due to the inbound sync rule to manually managed groups.

    Standard manually managed groups will still be created in AD directly, not in FIM.

    How can I achive that criteria based groups stay criteria based groups even after an import run from AD.

    A custom expressions like

    IIF(Eq(membershiplocked,Null()),“false“, membershiplocked)

    IIF(Eq(membershipAddWorkflow,Null()),“ownerapproval“, membershipAddWorkflow)

    does not help because membershipLocked and membershipAddWorkflow are of course no AD attributes.

    Thanks for you help

    Best regards

    Chris




    0 0

    I'm trying to achieve the following scenario:

    • rolebased groups start with prefix abc
    • rolebased useraccounts (displayname) start with prefix abc
    • when group defined above is added members, it should only take in the useraccounts with the same prefix

    Is this kind of scenario possible with FIM?


    0 0
  • 11/28/14--02:36: FIM R2 2010
  • Hi Team,

       I am new to Fim..first i have installed all the prerequisites software needed for fim and everthing is working fine..i need the next process to start..i need the steps to configure FIM Sync and same in FIM service  & Portal..kindly suggest to me how to do the sync between ad to fim and fim to ad..kindly do the needful..

       


    0 0
  • 11/30/14--07:56: MIM Phone Gate issue
  • Hello, I'm trying to configure MIM Phone gate password reset (I've done all the steps outlined in Test Lab Guide: SSPR Integration with Windows Azure Multi-Factor Authentication) and I get the following errors:

    Application log:


    Unable to call.

    Unable to call to user. Verify connectivity to Phone Service provider.

    Workflow: 9c3aca59-a85c-437f-bb67-9ce5a70521d7

    Request ID: a9fc08c9-0fdc-47e4-bdbc-218d66127dd7

    FIM log:

    1:

    Microsoft.IdentityManagement.PhoneServiceProviderManager: System.TypeLoadException: An error occurred while loading the custom Phone provider DLL.  Please review the inner exception details. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeInitializationException: The type initializer for 'Microsoft.IdentityManagement.AzureMfaServiceProvider.Logger' threw an exception. ---> System.UnauthorizedAccessException: Access to the path 'C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\AzureMfaProvider.log' is denied.

       at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

       at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

       at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)

       at System.IO.FileStream..ctor(String path, FileMode mode)

       at Microsoft.IdentityManagement.AzureMfaServiceProvider.Logger..cctor()

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.AzureMfaServiceProvider.Logger.Log(String message, Object[] args)

       at Microsoft.IdentityManagement.AzureMfaServiceProvider.Utils.GetValueFromXml(XmlDocument doc, String attributeName)

       at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider..ctor()

       --- End of inner exception stack trace ---

       at System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

       at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

       at Microsoft.IdentityManagement.PhoneServiceProvider.PhoneServiceProviderManager.InitializePhoneServiceProvider()

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.PhoneServiceProvider.PhoneServiceProviderManager.InitializePhoneServiceProvider()

       at Microsoft.IdentityManagement.PhoneServiceProvider.PhoneServiceProviderManager.get_ExternalPhoneServiceProviderExists()

       at Microsoft.ResourceManagement.Workflow.Hosting.PhoneNotificationServiceImpl.InitiateCall(String phoneNumber, Guid requestId, Dictionary`2 deliveryAttributes)

       at Microsoft.ResourceManagement.Workflow.Activities.PhoneAuthenticationGate.InitiateCall()


    2:

    Microsoft.ResourceManagement.ResourceManagementException: ValidationError:UnableToInitiateCall

       at Microsoft.ResourceManagement.Workflow.Activities.PhoneAuthenticationGate.get_AuthenticationChallenge()

       at Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity.Execute(ActivityExecutionContext executionContext)

       at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)

       at System.Workflow.ComponentModel.CompositeActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)

       at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)

       at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)

       at System.Workflow.Runtime.Scheduler.Run()


    3:

    Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.BaseException: ValidationError:UnableToInitiateCall ---> System.ServiceModel.FaultException: ValidationError:UnableToInitiateCall

       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)

       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)

       at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next()

       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)

       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)

       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)

       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)

       at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)

       at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)

       at System.Web.UI.TemplateControl.OnError(EventArgs e)

       at System.Web.UI.Page.HandleError(Exception e)

       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

       at System.Web.UI.Page.ProcessRequest()

       at System.Web.UI.Page.ProcessRequest(HttpContext context)

       at ASP.default_aspx.ProcessRequest(HttpContext context)

       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


    4:

    The error page was displayed to the user.

    Details:

    Title: Error

    Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)

    Source:

    Attributes:

    Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.BaseException: ValidationError:UnableToInitiateCall ---> System.ServiceModel.FaultException: ValidationError:UnableToInitiateCall

       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)

       at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)

       at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)

       --- End of inner exception stack trace ---

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)

       at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next()

       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)

       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)

       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)

       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    CorrelationId:

    RequestId:

    ErrorCode: 0

    CaughtTime: 11/30/2014 07:46:47

    Web Portal: FIM Password Reset Portal

    Session Id: f3iuhlffibps0o55fjb1mu55

    IP Address: 10.0.0.2

    I can ping pfd.phonefactor.net. I entered my phone as the guide told me to ( +7 bla-bla-bla).


    The data above this text is pseudorandom, brace yourselves.




    0 0
  • 11/30/14--19:03: New attribute not visible
  • I added a new attribute to FIM, bound it to the User resource, did a schema update on the FIM MA but the new resource is not visible to the admin user if I try to use it in an inbound attribute flow. What am I missing. Do I need to add this new attribute to an existing MPR and if so, which one?

    Thanks JD


    0 0

    Hi,

    Busy following the "TLG MIM CM with Modern App.docx" from Connect.Microsoft.com to deploy MIM CM.

    I have extended the schema as stipulated (& restarted DC), but when I try to run the Certificate Config Wizard on the MIM CM server, the following error appears:

    Any ideas?

    Thank you


    0 0
  • 12/01/14--02:18: Exception in creating sets
  • We are creating 2 sets namely test1 & test 2. 

    • Set 1 creates successfully. (It has a criteria : EmployeeEndDate prior to Today)
    • Set 2 throws exception (Refer to the exception)

    Additionally we have modified the following MPRs for administrators:

    MPRS:

    Administration: Administrators control set resources

    Administration: Administrators control configuration related resources

     

    Modified Values

    Requestors --> Administrators (Set)

    Target Resources--> Resource Attributes--> All Attributes


    0 0

    Hi All,

    I have a manually managed distribution group. I want its members to be autoamtically populated as members of a defined set dynamically. Can anyone help me in the same?


    Dolly


    0 0

    Hi,

    Is it possible to write (preferably Powershell) a script that can unlock a FIM user. What I am after is:

     - User X is locked out of the FIM portal due to say 9 incorrect logon attempts.
     - Script "unlock user testuser.lockedout" is ran and user testuser.lockedout is then unlocked by the account triggering the workflow. 

     I haven't seen any examples of this done before and would love to hear some opinions of whether it's possible/ideas of getting it going.

    Thanks in advance


    0 0

    Hello,

    I was using FIM Web Service Configuration tool to connect to SAP Web Service to get the data into FIM. It was working perfectly. Recently they introduced SSO between FIM Machine and SAP.

    After the SPNEgo-Kerberos changes made for SSO, I cannot connect or discover the endpoints of the SAP web service from the FIM Web service Configuration tool.

    If I launch the web service url in IE, it asked additional prompt other than regular SAP basic authentication prompt. but I have disabled it by changing the internet options in tools. Now in IE I can view the web services without any issues.

    From Web Service Configuration Tool I am still getting unauthorized error. Do I need to do any settings specific to avoid issues with Keberos.

    Please help me.


    0 0

    Hi All<o:p></o:p>

    I am having issues in Syncing Group membership from AD to FIM and FIM to AD.<o:p></o:p>

    1)Manually added users in AD are flowing till FIM CS in "Members" attributes but not flowing to "Manually Managed Membership"(Member in CS, ExplicitMember attribute in FIM) attribute in FIM.I can see all the members added in AD as "New Value" in FIM CS.FIM CS has member attribute as "Add" and shows "Export in Progress" but never gets exported.<o:p></o:p>

    2) Same is with AD; Users Added in FIM flows till Metaverse in “PendingAddMember” attribute but won’t flow to AD <o:p></o:p>

    Attribute flow is fine.Issue with few groups.<o:p></o:p>

    Can someone help me a way out to figure out the issue?<o:p></o:p>



    0 0

    Hi All,
    Is there any option to put AND condition in fuctions provided in FIM Portal.

    I have following requirment

    IIF(status = active AND approval=yes), useraccountcontrol=512 else useraccountcontrol=514)

    Please suggest.

    Thanks,

    Mann


    0 0

    I'm trying to update a couple of attributes in a SQL table I use.
    Importing data from a simple HR table works fine (emplid, firstname, lastname, address) using a declarative import sync rule. After running the FIM MA the records show up in FIM portal. I then update the address which I can see being updated in the MV.

    Now I want to flow that updated address back into the SQL table. I have setup an outbound sync rule to update the SQL table using 2 attributes, emplid and address. Emplid is also used in the relationship criteria and is set as initial flow only). However when I run the FIM and SQL MA's, the outbound sync rule shows "not applied" for the attributes. It shows the old address in "initial value" but final value is empty.

    If I remove the declarative rule and create a classic attribute flow by just exporting the "address" attribute it works.


    FYI other outbound sync rules work (e.g. to AD).

older | 1 | .... | 91 | 92 | (Page 93) | 94 | 95 | .... | 204 | newer