Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all 6944 articles
Browse latest View live

SCSM Data warehouse job 'Load.Common' failing

April 12, 2017, 10:14 pm
$
0
0

Hello,

We are running MIM 2016 SP1 (version 4.4.1459)  and have reporting module installed as well. We have also SCSM 2012 SP1 with Data Warehouse to store requests from MIM. All other Data Warehouse jobs are running normally except 'Load.Common' that is failing on every run and with the same errors on same job modules:

 

Here are few examples of the errors from the event viewer:

Has anyone else encountered similar issues and if yes, how did you managed to fix them? I would try to solve this first without contacting MS premier support so any advice would be highly appreciated. Thanks.


Search

Delete Operation and Authorization Workflow

October 11, 2019, 3:33 am
$
0
0

Hi All,

We are currently synchronizing HR data into MIM Portal. Whenever there is a delete, automatically the record is getting removed from MIM portal. But we would like to trigger an authorization workflow which inturn calls powershell script to deactivate the account in target system before delete request is committed in MIM Portal. 

To achieve this use case, we have done the following steps,

Created a Auth Workflow which calls powershell script using MIM WAL

Created Request MPR which uses Synchronization Engine set as requestor and delete operation as action type and checked authorization workflow.

Issue: The policy is getting triggered during the delete operation but it doenst invokes the authorization workflow.

Could you please provide your suggestion to fix this issue.


How to troubleshoot ErrorCode 3000

January 10, 2013, 1:19 am
$
0
0

Hi,

I have deployed FIM-based solution to the testing environment and some users cannot access the portal.

They get "Service not available" and URL http://servername/_layouts/MSILM2/ErrorPage.aspx?ErrorCode=3000.

Everything looks fine on the portal. The user accounts have been imported from AD.

The users that cannot access the portal are on the list of users with all required attributes (display name, account, domain, sid).

Nothing is logged in the event log, nothing in fimDiagnostics.svclog.

DebugView shows also nothing.

Best regards

    Rafal Grzybowski

Service Not Available on Popup

October 11, 2019, 1:38 pm
$
0
0
Users are able to log into the portal and make requests, but when approvers attempt to submit an approval or rejection, the action fails and "Service not available" appears on the popup.

In the error log, it says:

The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly.

The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.

Ensure the portal configuration is present and points to the resource management service.

I can get to the service using http://ServiceFQDN:5725 and I have had no trouble with the sync engine being able to connect to the service. In Microsoft.ResourceManagement.Service.exe.config, I have the following:
<resourceManagementClient resourceManagementServiceBaseAddress="ServiceFQDN" /><resourceManagementService externalHostName="ServiceFQDN" />
... and in web.config:
<resourceManagementClient resourceManagementServiceBaseAddress="http://ServiceFQDN:5725" timeoutInMilliseconds="60000" />
Looking for any guidance or solutions to this issue.

How do we install the "Application Server" role features required by MIM 2016 on Windows 2016 server?

May 31, 2018, 3:42 am
$
0
0

I am trying to get MIM 2016 installed on a Windows Server 2016 Standard host.

I follow the deploy MIM 2016 guide as provided by Microsoft.

In the setup Windows Server section of https://docs.microsoft.com/en-us/microsoft-identity-manager/prepare-server-ws2016

I am asked to add the Application Server role. This is deprecated in Windows Server 2016 although the guide is guiding you on Windows Server 2016!!!

In section 7 it says run these PS commands:

import-module ServerManager
Install-WindowsFeature Web-WebServer, Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Application-Server,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer –includeallsubfeature -restart -source d:\sources\SxS

Seriously WTF Microsoft?

What features are required here.

MIM2016 Exchange Provisioning for Exchange 2016 mailbox

October 13, 2019, 7:30 pm
$
0
0

Hi,

I'm having problem provision Exchange 2016 mailbox from MIM 2016. I configure codeless provisioning by flowing the attribute through the sync rule from MIM, the attribute include:

- msExchHomeServerName

- HomeMDB

-MailNickName

From AD MA, under Configure Extensions > i select Provisioning for Exchange 2010 and enter Exchange 2010 RPS URI. I get error when run export "stopped-extension-dll-no-implementation" and export is not successfully.

When i remove the Provisioning for Exchange 2010 to "No Provisioning". The mailbox created in Exchange but appeared to be "legacy" in Exchange ECP.

Appreciate your advise on how to configure the Exchange provisioning. Is the extension dll required?

MIM 2016 status summary send by notification

October 13, 2019, 7:34 pm
$
0
0

Hi all,

We came across a query from client regarding to have email notification sent from MIM on the summary / status on the job for provisioning, deletion and modification for user account creation/modification.

Is this possible?

Regards,

YT

Object types used in UocFilterBuilder control vs. drop down values in the RCDC form

October 13, 2019, 11:51 pm
$
0
0

Hi,

Does anyone know if there is a way to hide the "All eligible resources" from the drop down menu when using UocFilterBuilder in the RCDC form? When for example using object types of Person and Group in the control, this default choice of "All eligible resources" is also available:



Search

auto enrollment in MIM for password reset ?

September 8, 2019, 4:03 am
$
0
0
Dear any possibility to enroll all the user automatically in MIM for password reset portal like all the mobiles number we have in AD. auto enrollment ?

Rule Extension - How to Know in which MA it is running

October 14, 2019, 1:13 am
$
0
0

Hi,

I have a Rule Extension that needs to be used in 2 different MAs

I need to know in which one it is running in order to load the correct parametrization for that MA on the MapAttributesForImport code

How can I know at runtime in which MA the MapAttributesForImport code is running?

Thanks,

JD

MIM 2016 Password Synchronization Issue

October 14, 2019, 5:56 am
$
0
0

I am migrating to MIM2016 password synchronization from FIM2010.  The environment is very straight forward domain to domain synchronization.  I have the MIM2016 Sync server up and has fully synchronized the two domains in the metaverse where I can query for accounts in both domains.  I have PCNS up and running on all domains and have verbose logging enabled.  I have added the MIM sync server as a target.  I can see the password change events in the log and the successful entry for the password synchronization task being targeted at both systems.  I see on the FIM2010 it gets the event and goes through the sync tasks.  On the MIM2016 syn instance there is absolutely nothing int he logs.  I can see with Wireshark the domain control that is logging the PCNS activity that it is communicating with the MIM2016 system.  How do I even begin to see what the issue is with absolutely nothing in the logs on the MIM2016 sync server?  The Domain Controller with PCNS has logged that it was successfully deliveredthe task to all targets.

Thanks for any help on this.

Philip

MIM 2016 R2 sync-rule-invalid-xml-attribute-flow

October 14, 2019, 3:38 pm
$
0
0

I seem to have triggered this error message in multiple MAs (management agents) "sync-rule-invalid-xml-attribute-flow" for multiple user objects in a small AD test environment. But only one attribute that looks normal in the sync engine is appearing which have never caused problems in this test environment before. 

I also get CS to MV to CS synchronization failed 0x80230554 on the AD MA.

Same for FIMMA. and with 2 other core MAs and then references what looks to be a Sync Rule GUID out on the FIMService. 

I'm at a loss as to how to track this down. Luckily its a test environment, so I can do my worst and hopefully learn or help someone out. Thanks

roles automation with identity maanger

October 15, 2019, 6:03 am
$
0
0

dears,

 appreciated  if someone can advise on the below:

does microsoft identity manager provides in a way or other assigning roles to users in an automated solution?

example: if in my organization i have system engineers and accountants and sales , can i assign role and permissions to theses users based on a automated way  trhough MIM?

best regards

MIM 2016 SP1 installer issue

May 25, 2018, 7:12 am
$
0
0

Hi,

We have recently tried to install MIM service and portal ("Service and Portal.msi" from "SW_DVD5_Identity_Manager-CAL_2016w_SP1_64Bit_English_-2_MLF_X21-21816.ISO" image) and ran into the following problem.


After analyzing the netmon trace we realized that the installer is trying to establish TLS handshake over TLS 1.0, which was disabled on the SQL server. The only way we could finish the installation was after enabling TLS 1.0 on the SQL server. On the other hand Synchronization service MSI installer from the same ISO image is working as expected against SQL server where TLS 1.0 is disabled.

Is the product team aware of this issue? Are there any plans to "upgrade"Service and Portal.msi to support TLS 1.1/1.2?

Thanks,

Jaksa

Support for Windows Server 2019

October 1, 2019, 1:26 pm
$
0
0

The supported platforms info for MIM 2016 SP1 indicate that Windows Server 2016 is supported but there is no mention of support for Windows Server 2019.  Has anyone tried MIM on Win Serv 2019 or know if Microsoft has announced support?

Tnx

Search

Hotmail to Outlook live migration question about MX record

December 7, 2011, 7:04 pm
$
0
0

Hi,

One of the steps mentioned during the migration from hotmail to outlook live is this:

Edit the MX record for the domain

  1. Sign in to the domain management tool at the DNS hosting service for your domain.
  2. Remove the Hotmail MX record.
  3. Add an MX Record for <token>.mail.Outlook.com and set it to the highest priority.
    Note   If you have a third-party MX record, in the Service Management Portal Migration page, click Refresh. Once the removal of the Hotmail MX record is detected, click Skip MX Check.

What must the <token> be in the <token>.mail.Outlook.com namespace?

thanks,

Sk

SSPR with email address

October 16, 2019, 2:46 am
$
0
0

dears,

I configured MIM 2016 and enabled sspr using the pin mode.

it is working successfully.

can someone help and advise how it is done using email as alterantive option to the pin.

i found a lot of blogs explaining how to configure sspr using PIN.

your help is appreciated

regards,

MIM Management Agents (Connectors)

October 16, 2019, 6:38 am
$
0
0

Hi,

I have a MIM 2016 deployment which is managing accounts in both Active Directory and Azure Active Directory. 

I am testing the Management Agents called Windows Azure Active Directory (Microsoft) and Graph (Microsoft)

I have created an MA to manage AAD accounts in Tenant A by selecting the Windows Azure Active Directory (Microsoft) MA and populated extension attributes called extensioAttribute1, extenstionAttribute2 to extensionAttribute 15 

I have created another MA to manage AAD accounts in Tenant B by selecting the Graph (Microsoft) MA and populated extensionAttributes called onPremisesExtensionAttributes.extensionAttribute1 to onPremisesExtensionAttributes.extensionAttribute15

The question I have is are these technically the same attributes but just named differently by the MA's?


 

ADFS 4.0 make federation Url metadata.xml available for public

October 16, 2019, 8:03 am
$
0
0

Hi All,

Im quite new here and will come straight to the point.

I have setup a ADFS 4.0 server for a client and it works all fine.

Did SSO with Cloud app configuration and used import manual xml federation meta data.

But now i want to make the XML link federation url available for outside. (it does not work) 

I know that ADFS 4.0 does not work with IIS rather it uses internal webservices (correct me if i am wrong).

https://customerl/FederationMetadata/2007-06/FederationMetadata.xml works fine in the internal network. but not for outside.

I already have Nat rules https to the ADFS server. 

Do i need to setup a WAP server for making the .xml federation url available for outside?
Or is the WAP services only for making a Proxy server for the ADFS.

Quit confused now.

Sorry for my Bad English, hope you guys can help me out to the right direction. 

FIMAutomation Export-fimconfig is not recognized as the name of a cmdlet when triggered by a worflow

October 4, 2019, 3:50 am
$
0
0

Hi All,

i'm having a problem with the export-fimconfig cmdlet that comes with FIMAutomation after a recent hotfix of MIM. the script that i use works perfectly before a certain hotfix, but after i installed one of the latest hotfixes it stopped working with the following error:

export-fimconfig issue

here is a code snippet:

set-variable -name URI -value "http://localhost:5725/resourcemanagementservice' " -option constant 

if(@(get-pssnapin | where-object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {add-pssnapin FIMAutomation}

    $TargetEmployee = $fimwf.TargetId.Guid
    $Target = export-fimconfig -uri $URI `
                            –onlyBaseResources `
                            -customconfig "/Person[ObjectID='$TargetEmployee']"

if i run this code snippet from Windows PowerShell ISE as an admin or even the FIM service account it works fine, the issue only happens when the powershell script is triggered by a workflow.

i can provide any information needed to anyone who can help.

Thank you in advance,

Majd

Viewing all 6944 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>