ADFS/WS-Federation implementation

We are trying to implement ADFS/WS-Federation, between two independent domains to provide SSO for two .Net applications running independently. I have following general questions to get an idea:

1. Do we have to create Trust between two AD domains or WS-Federation can be implemented through web services without Trust implementation
2. Do we have to create all the users in both AD domains so users can login different applications running in both sides?
3. Does WS-Federation support both Form authentication and windows authentication?

JIM.H.

Hi All,

I am trying to change the out of the box validation for Employee Type for Users in the portal with Employee, Non-employee and Contractor. The validation xPath that I have used at the resource attribute binding (through Schema Management)

^(Employee|Non\-employee|Unknown)?$

I have also initially tried  ^(Employee|Non-employee|Unknown)?$  which of course doesn't work as I have not used the escape character.

Unfortunately, none of these are working. So wondering if any one has ay other suggestion. I was also thinking about trying the validation at the configuration XML. Wondering what you guys think about it.

I will appreciate any help.

Thanks.

Ray.

I am deploying FIM 2010 R2 SP1 Reporting on a test environment. However, in the post installation phase, the Start-FIMReportingIncrementalSync.ps1 script is failing with the following error (the Start-FIMReportingInitialSync completed successfully though). Any insight on what's causing this and how to resolve it?

Import-FIMConfig : Failure when making web service call.
SourceObjectID = ff1315de-ed7c-4b0f-90b4-036f8f983faa
Error = The web service client has encountered the following class of error: SystemConstraint
Details: Failed Attributes:
Additional Text Details: The Request contains changes that violate system constraints.
Correlation Identifier: 2fcd66be-c0ba-41ff-8019-8210cb1f21b5
Failure Message:
Request Identifier:
At C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell\Start-FIMReportingIncrementalSync.ps
1:46 char:47
+     $undone = $importObject | Import-FIMConfig <<<<  -uri $uri;
    + CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
    + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

Thanks,
John

Using the Windows Azure Synchronization Service Manager, a consultant mistakenly had us delete the Attribute Flows for both contacts and group objects. The consultant is gone, but I need to re-enter those attribute flows in order to enable those object types to sync. Could anyone provide a list of the default attribute flows for these object types? I could probably re-enter the flows manually, but the attribute names in AD don't always match the metaverse attribute names, and I'd like to have a list to go by.

On another, related topic, I tried running the dirsync config tool again, to see if it would replace or rebuild the missing attribute flows, but I'm getting a user name or password error on the last page of the wizard, and I confirmed that both the cloud and on-premises accounts and passwords are accurate. The event log just notes the creation and password change of the MSOL_* account, but no errors. Any idea what's going on there? Re-running the wizard to rebuild the dirsync config would be preferable to re-entering all of those missing attribute flows.

Thanks,

Mike

Using the Windows Azure Synchronization Service Manager, a consultant mistakenly had us delete the Attribute Flows for both contacts and group objects. The consultant is gone, but I need to re-enter those attribute flows in order to enable those object types to sync. Could anyone provide a list of the default attribute flows for these object types? I could probably re-enter the flows manually, but the attribute names in AD don't always match the metaverse attribute names, and I'd like to have a list to go by.

On another, related topic, I tried running the dirsync config tool again, to see if it would replace or rebuild the missing attribute flows, but I'm getting a user name or password error on the last page of the wizard, and I confirmed that both the cloud and on-premises accounts and passwords are accurate. The event log just notes the creation and password change of the MSOL_* account, but no errors. Any idea what's going on there? Re-running the wizard to rebuild the dirsync config would be preferable to re-entering all of those missing attribute flows.

Thanks,

Mike

Hi,

Getting the following event setting up FIM. 

Message: The property 'AddressListMembership' is on a read-only object and can't be modified.

This is syncing contacts into a domain with Exchange 2010 SP1.  The other domain (where the FIM server lives) is running exchange 2013 and not experiencing errors.

I have followed the steps outlined here for rights: http://social.technet.microsoft.com/wiki/contents/articles/4868.permissions-for-galsync-user.aspx#_Toc305417939

I can't find any attribute for AddressListMembership, so I assume this is associated with an Exchange role?  What can I do to give these rights to the FIMGALSync Account?  I want to keep these rights as limited as possible.

Cheers.

------------------------

Log Name:      Application
Source:        FIMSynchronizationService
Date:          9/05/2013 1:26:05 PM
Event ID:      0
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CORP-FIM01
Description:
The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=User,OU=Contacts,OU=GalSync,DC=domain,DC=com.

Type: System.Management.Automation.RemoteException

Message: The property 'AddressListMembership' is on a read-only object and can't be modified.

Stack Trace:    at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke()
   at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="0">0</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-09T03:26:05.000000000Z" />
    <EventRecordID>1963</EventRecordID>
    <Channel>Application</Channel>
    <Computer>CORP-FIM01</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=user,OU=Contacts,OU=GalSync,DC=domain,DC=com.

Type: System.Management.Automation.RemoteException

Message: The property 'AddressListMembership' is on a read-only object and can't be modified.

Stack Trace:    at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke()
   at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)</Data>
  </EventData>
</Event>

Hi all,

I am trying out running BHOLD scripts, just simple stuff like adding a user to a role.  I am using bscript.dll managed assembly instead of the .asmx web service.  Reason being, the way the applicaiton is structured, I cannot directly reference the web service for some reason and have to work around this by having a separate console application that calls the service (not preferred).

My script string looks like this (I hardcoded the ids for simplicity):

string sc = "<functions><function name='roleadduser' roleid='17' userid='11' /></functions>";

When I try to run it (ScriptProcessor.ExecuteScript(sc)), it fails with the following error (no matter what I do with the string):

FuncName: roleadduser
Function: <function name="roleadduser" roleid="17" userid="11" />
5_Error converting data type nvarchar to int.

BUT (!!!) This exact same call works fine if I use the web service.  Makes me think that something is messed up inside the ScriptProcessor class.

Has anyone encountered this kind of behavior before?

Thank you!
Ilya

Hi,

I'm adding a comments field to the join groups page in FIM, and I managed to get my custom aspx page to display just fine. I downloaded a couple of assemblies from codeplex in order to get access to portal webcalls which I use in my codebehind of the aspx page.

The problem I have now is that when I click on submit, I get an error:

"An error occurred creating the configuration section handler for system.servicemodel/bindings. That assembly does not allow partially trusted callers (web.config line 270)"

I have no idea what this error is all about, and would appreciate any kind of help. AFAIK, the error is originating from the wsHttpContextBinding binding and not from the wsHttpBinding.

I added the downloaded assemblies (Microsoft.ResourceManagement.Client and Microsoft.ResourceManagement.ObjectModel) to the <SafeControl> list and I have setup all the endpoints etc correctly as far as I can tell. The web.config file in full is shown below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><configuration><configSections><sectionGroup name="SharePoint"><section name="SafeControls" type="Microsoft.SharePoint.ApplicationRuntime.SafeControlsConfigurationHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><section name="RuntimeFilter" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartLimits" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartCache" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartWorkItem" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="WebPartControls" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="SafeMode" type="Microsoft.SharePoint.ApplicationRuntime.SafeModeConfigurationHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><section name="MergedActions" type="System.Configuration.SingleTagSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /><section name="PeoplePickerWildcards" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /></sectionGroup><sectionGroup name="System.Workflow.ComponentModel.WorkflowCompiler" type="System.Workflow.ComponentModel.Compiler.WorkflowCompilerConfigurationSectionGroup, System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"><section name="authorizedTypes" type="System.Workflow.ComponentModel.Compiler.AuthorizedTypesSectionHandler, System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></sectionGroup><section name="resourceManagementClient" type="Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClientSection, Microsoft.ResourceManagement, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"><section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /><section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /><section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /></sectionGroup></sectionGroup></sectionGroup></configSections><SharePoint><SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false"><PageParserPaths></PageParserPaths></SafeMode><WebPartLimits MaxZoneParts="50" PropertySize="1048576" /><WebPartCache Storage="CacheObject" /><WebPartControls DatasheetControlGuid="65BCBEE4-7728-41a0-97BE-14E1CAE36AAE" /><SafeControls><SafeControl Assembly="System.Web, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.HtmlControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="SqlDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="AccessDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="XmlDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" Namespace="System.Web.UI.WebControls" TypeName="ObjectDataSource" Safe="False" AllowRemoteDesigner="False" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebPartPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.ApplicationPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.SoapServer" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Meetings" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebPartPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.ApplicationPages" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.SoapServer" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Meetings" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.SharePoint.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Search.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" />
<!-- New Assemblies to be trusted --><SafeControl Src="~/bin" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.ResourceManagement.Client" Namespace="Microsoft.ResourceManagement.Client" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.ResourceManagement.ObjectModel" Namespace="Microsoft.ResourceManagement.ObjectModel" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><!-- End new assemblies sections -->
<SafeControl Assembly="Microsoft.SharePoint.Search, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Search.Internal.WebControls" TypeName="*" Safe="True" AllowRemoteDesigner="True" /><SafeControl Src="~/_controltemplates/*" IncludeSubFolders="True" Safe="True" AllowRemoteDesigner="True" /><SafeControl Assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="Microsoft.IdentityManagement.WebUI.Controls" TypeName="*" Safe="True" /><SafeControl Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Web.UI" TypeName="*" Safe="True" /></SafeControls><PeoplePickerWildcards><clear /><add key="AspNetSqlMembershipProvider" value="%" /></PeoplePickerWildcards></SharePoint><system.web><securityPolicy><trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_mediumtrust.config" /><trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\config\wss_minimaltrust.config" /></securityPolicy><httpHandlers><remove verb="GET,HEAD,POST" path="*" /><add verb="GET,HEAD,POST" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add verb="OPTIONS,PROPFIND,PUT,LOCK,UNLOCK,MOVE,COPY,GETLIB,PROPPATCH,MKCOL,DELETE,(GETSOURCE),(HEADSOURCE),(POSTSOURCE)" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></httpHandlers><customErrors mode="On" /><httpRuntime maxRequestLength="51200" /><authentication mode="Windows" /><identity impersonate="true" /><authorization><allow users="*" /></authorization><httpModules><clear /><add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add name="SPRequest" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="OutputCache" type="System.Web.Caching.OutputCacheModule" /><add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" /><add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" /><add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" /><add name="RoleManager" type="System.Web.Security.RoleManagerModule" /><!-- <add name="Session" type="System.Web.SessionState.SessionStateModule"/> --><add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></httpModules><globalization fileEncoding="utf-8" /><compilation batch="false" debug="false"><assemblies><add assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add assembly="Microsoft.ResourceManagement, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></assemblies><expressionBuilders><remove expressionPrefix="Resources" /><add expressionPrefix="Resources" type="Microsoft.SharePoint.SPResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add expressionPrefix="SPHtmlEncodedResources" type="Microsoft.SharePoint.SPHtmlEncodedResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add expressionPrefix="SPSimpleFormattingEncodedResources" type="Microsoft.SharePoint.SPSimpleFormattingEncodedResourceExpressionBuilder, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></expressionBuilders></compilation><pages enableSessionState="false" enableViewState="true" enableViewStateMac="true" validateRequest="false" pageParserFilterType="Microsoft.SharePoint.ApplicationRuntime.SPPageParserFilter, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" asyncTimeout="7"><namespaces><remove namespace="System.Web.UI.WebControls.WebParts" /></namespaces><tagMapping><add tagType="System.Web.UI.WebControls.SqlDataSource, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" mappedTagType="Microsoft.SharePoint.WebControls.SPSqlDataSource, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></tagMapping><controls><add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add tagPrefix="IdentityManagement" namespace="Microsoft.IdentityManagement.WebUI.Controls" assembly="Microsoft.IdentityManagement.WebUI.Controls, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><add tagPrefix="IdentityManagement" namespace="Microsoft.IdentityManagement.WebUI.Controls" assembly="Microsoft.IdentityManagement.WFExtensionInterfaces, Version=4.1.3451.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></controls></pages><siteMap defaultProvider="SPSiteMapProvider" enabled="true"><providers><add name="SPNavigationProvider" type="Microsoft.SharePoint.Navigation.SPNavigationProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPSiteMapProvider" type="Microsoft.SharePoint.Navigation.SPSiteMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPContentMapProvider" type="Microsoft.SharePoint.Navigation.SPContentMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="SPXmlContentMapProvider" siteMapFile="_app_bin/layouts.sitemap" type="Microsoft.SharePoint.Navigation.SPXmlContentMapProvider, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="ILM2MapProvider" siteMapFile="~//_layouts//MSILM2//Microsoft.IdentityManagement.sitemap" description="Provider for navigation on Forefront Identity Manager" type="System.Web.XmlSiteMapProvider" /></providers></siteMap><trust level="WSS_Minimal" originUrl="" /><webParts><transformers><add name="TransformableFilterValuesToFilterValuesTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToFilterValuesTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="TransformableFilterValuesToParametersTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToParametersTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /><add name="TransformableFilterValuesToFieldTransformer" type="Microsoft.SharePoint.WebPartPages.TransformableFilterValuesToFieldTransformer, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /></transformers></webParts><machineKey validationKey="CADE491C28E1AC53F7C65CB5ADB0D6AE154150C086DB0B4B" decryptionKey="70A5439B602A16FCDB4940996C96246537665ACE38F9686E" validation="SHA1" /></system.web><runtime><assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.OleDb" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.SoapPT" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.Sts" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Dsp.XmlUrl" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.intl" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Library" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.SharePoint.Security" publicKeyToken="71e9bce111e9429c" culture="neutral" /><bindingRedirect oldVersion="11.0.0.0" newVersion="12.0.0.0" /></dependentAssembly><probing privatePath="bin;_app_bin" /><dependentAssembly><assemblyIdentity name="Microsoft.Identitymanagement.Activities" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.IdentityManagement.WFExtensionInterfaces" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly><dependentAssembly><assemblyIdentity name="Microsoft.ResourceManagement" publicKeyToken="31bf3856ad364e35" culture="neutral" /><bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.3451.0" /></dependentAssembly></assemblyBinding></runtime><location path="_layouts/images"><system.web><authorization><allow users="*" /></authorization></system.web></location><location path="_layouts/mobile/mbllogin.aspx"><system.web><authorization><allow users="*" /></authorization></system.web></location><System.Workflow.ComponentModel.WorkflowCompiler><authorizedTypes><authorizedType Assembly="System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.*" TypeName="*" Authorized="True" /><authorizedType Assembly="System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.*" TypeName="*" Authorized="True" /><authorizedType Assembly="System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Workflow.Runtime" TypeName="CorrelationToken" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Guid" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="DateTime" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Boolean" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Double" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="String" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections" TypeName="Hashtable" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections" TypeName="ArrayList" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Diagnostics" TypeName="DebuggableAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Runtime.CompilerServices" TypeName="CompilationRelaxationsAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Runtime.CompilerServices" TypeName="RuntimeCompatibilityAttribute" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="Int32" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System" TypeName="TimeSpan" Authorized="True" /><authorizedType Assembly="mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.Collections.ObjectModel" TypeName="Collection`1" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowActivationProperties" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowTaskProperties" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.Workflow" TypeName="SPWorkflowHistoryEventType" Authorized="True" /><authorizedType Assembly="Microsoft.SharePoint.WorkflowActions, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WorkflowActions" TypeName="*" Authorized="True" /></authorizedTypes></System.Workflow.ComponentModel.WorkflowCompiler><resourceManagementClient resourceManagementServiceBaseAddress="http://FIM:5725" timeoutInMilliseconds="60000" /><system.webServer><httpProtocol><customHeaders><add name="X-UA-Compatible" value="IE=EmulateIE7" /><add name="X-FRAME-Options" value="SameOrigin" /></customHeaders></httpProtocol><validation validateIntegratedModeConfiguration="false" /><modules><add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></modules><handlers><remove name="WebServiceHandlerFactory-Integrated" /><add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /><add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /></handlers></system.webServer><!-- Add bindings and endpoints --><system.serviceModel><diagnostics><messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" /></diagnostics><bindings><wsHttpBinding><binding name="MetadataExchangeHttpBinding_IMetadataExchange" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="965536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="None"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /></security></binding></wsHttpBinding><wsHttpContextBinding><binding name="ServiceMultipleTokenBinding_Resource" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_ResourceFactory" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_Enumeration" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="165536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_Alternate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding><binding name="ServiceMultipleTokenBinding_SecurityTokenService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" contextProtectionLevel="Sign"><readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Message"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" /></security></binding></wsHttpContextBinding></bindings><client><endpoint address="http://fim:5725/ResourceManagementService/Resource" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Resource" contract="Resource" name="ServiceMultipleTokenBinding_Resource"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/ResourceFactory" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_ResourceFactory" contract="ResourceFactory" name="ServiceMultipleTokenBinding_ResourceFactory"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/Enumeration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Enumeration" contract="Enumerate" name="ServiceMultipleTokenBinding_Enumeration"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/Alternate" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_Alternate" contract="Alternate" name="ServiceMultipleTokenBinding_Alternate"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5725/ResourceManagementService/MEX" binding="wsHttpBinding" bindingConfiguration="MetadataExchangeHttpBinding_IMetadataExchange" contract="IMEX" name="MetadataExchangeHttpBinding_IMetadataExchange"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint><endpoint address="http://fim:5726/ResourceManagementService/SecurityTokenService/Registration" binding="wsHttpContextBinding" bindingConfiguration="ServiceMultipleTokenBinding_SecurityTokenService" contract="ISecurityTokenService" name="ServiceMultipleTokenBinding_SecurityTokenService"><identity><userPrincipalName value="kmittal\fimadmin" /></identity></endpoint></client></system.serviceModel></configuration>

Thanks in advance

Hi,

I am configuring a demo using FIM 2010 R2 SP1 (sync, service and portal) running on Server 2012 and SQL 2012.

Additionally I need to integrate the BHOLD SP1 suite into the solution.

As SP2 for Sharepoint Foundation 2010 is not released yet I need to use Sharepoint Foundation 2013 on Server 2012.

There is enough information online available to set up FIM with SP2013 (big thanks to all writers out there!).

BUT: will BHOLD SP1 run against/integrate with Sharepoint Foundation 2013? I cannot find any hints towards support for this scenario.

NOTE: as this is a demo I do not require 'official support' but just an indication if it will work. I am on a tight schedule otherwise I would just try that alley myself and see where it leads.

Kind regards,

Danny Alvares Senior Technology Consultant

Hi,

While trying to deploy hotfix rollup 4.1.3451.0 (for Synchronization Service only) and hitting an error for not being able to connect to SQL (permissions) I initiate arollback. Once this is done the FIM Synchronization Service stops eventually and the FIM GUI cannot be opened anymore by someone with FIMSyncAdmin group permissions.

The 5 FIM management groups are domain based (not local); the person trying to start the FIM GUI is member of domain-based SyncAdmins etc.

The Windows Eventlog show numerous instances of DistrubtedCOMevent ID 10016, which led me to investigate the DCOM permissions.

On most DCOM objects for FIM in Component Services management console the 5 FIM management groups have beenremoved and (re)added by the hotfix installer, but what is added areSID's that do not resolve to the proper FIM domain group. These 5 domain groups for FIM do not use the convential out-of-the-box group names; the customer has a naming convention which I must obey.

I adjusted all DCOM permissions for FIM objects (by comparing them with a healthy server) and was able to start the FIM Synchronization Service and gain access to the GUI.

• Source: DistributedCOM
  Event ID: 10016
   
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} and APPID {835BEE60-8731-4159-8BFF-941301D76D05} to the user DOMAIN\FIMSVC SID (S-1-5-21-1454471165-343818398-682003330-1554363) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Note: user 'DOMAIN\FIMSVC' is fictitious, I removed the original values. ClassID and AppID {835BEE60-8731-4159-8BFF-941301D76D05} is the Synchronization Service.

Kind regards,

Danny Alvares Senior Technology Consultant

While installing FIM Synchronization Service I got the below error,

Error 25009. The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified Database.OLEDB Provider Information:

Description='ログインできませんでした。このログインは信頼されていないドメインからのログインなので、Windows認証では使用できません。'

Failure Code = 0x80004005

Minor Number = 18452<hr=0x80230406>

Hello

I created new user in FIMPortal, when i'm trying export user to Active Directory (FIM Service Managemenet Agent - Profile "EXPORT"), I'm getting below error:

failed-modification-via-web-servicesDetail:

Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other 
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.GetDomainConfigurationIdentifiersFromDomain(String domainName)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.AddDomainConfigurationFromDomain(CreateRequestParameter domainNameParameter, RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
   --- End of inner exception stack trace ---</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource><AdditionalTextDetails>Request could not be dispatched.</AdditionalTextDetails></DispatchRequestAdministratorDetails><CorrelationId>7e5764e5-06e6-4dde-8a05-ea483ad7e627</CorrelationId></DispatchRequestFailures>

Hello,

I have created a SQL MA, AD MA and the FIM MA.
I am now managing users within the AD MA; provisioned from data within the SQL MA.
I have configured the data source of the SQL MA to have rows with object type 'group'.

I have been following the instructions in Microsoft Forefront Identity Manager 2010 R2 Handbook, TechNet 'How do I' articles and general Googling. However I seem to be stumbling when configuring FIM for managing AD Security groups.

I have create some sync rules within FIM Portal and I'm getting errors regarding mandatory fields. I suspect this is because I have not yet configured the FIM Service MA. I have been trying to configure FIM MA and the attribute flows for Group objects but the 'type' attribute is missing... I am away from my environment at the moment but I suspect other attributes are missing too. I do see an attribute 'ObjectType' but I suspect that is not the one I'm after...

I am at this step in the TechNet 'How do I' article: TechNet - How Do I Synchronize Groups from Active Directory Domain Services to FIM - Configuring the Fabrikam FIMMA - Attribute Flow

Tips, ideas, pointers or answers welcome! :)

Thanks
mtwelve

I need to be able to add the ability to view your own record, and only your record, to my AD LDS instance.  I know I can add everyone to the Readers (CN=Readers,CN=Roles) group but that will give all accounts read access to all attributes for all users.  What I want is a way to give a user read access to their entry in AD LDS only and no access to the other entries in the directory.  Is this possible and, if so, how would I go about setting this up?

Thank you in advance.

Jesse Santana - Assistant Director CSU Long Beach – Network Services 1250 Bellflower Blvd. Long Beach, CA 90840

I am attempting to import users from my AD Management Agent into the FIM Metaverse. Some of the users have an employeeType attribute that contains data with parentheses therein. For example: Counsel (Self-Employed)

I am getting an error when I run the 'Export' run profile; failed-creation-via-web-services. Details of the error message are shown below.

Fault Reason: The request message contains errors that prevent processing the request.\r\n\r\nFault Details: <RepresentationFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="<AttributeRepresentationFailure><AttributeType>EmployeeType</AttributeType><AttributeValue>Counsel">http://www.w3.org/2001/XMLSchema"><AttributeRepresentationFailure><AttributeType>EmployeeType</AttributeType><AttributeValue>Counsel (Self-Employed)</AttributeValue><FailureMessage>Exception: ValueViolatesRegularExpression Target(s): Rundio, Louis
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.InvalidRepresentationException: ValueViolatesRegularExpression
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateObjectAttributes[T](RequestType request, Guid objectIdentifier, String objectTypeName, IEnumerable`1 parameters, OperationType operationType)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ValidateInputRequestCreate(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</FailureMessage><AttributeFailureCode>ValueViolatesRegularExpression</AttributeFailureCode><AdditionalTextDetails>The specified attribute value does not satisfy the regular expression.</AdditionalTextDetails></AttributeRepresentationFailure><CorrelationId>d22ff147-b62d-431e-b421-37afc73daf73</CorrelationId></RepresentationFailures>

What must I do to successfully import these users whose employeeType attribute contains parentheses?

I am trying to setup an outbound synchronization of my user accounts in FIM to an AD LDS instance. I have setup the AD LDS outbound management agent and a corresponding sync rule. I have setup a management policy, workflow, set (of users) and linked them all together. I have set the existence tests to check if attribute values exist or not. I have also removed the existence tests. Either way makes no difference.

However, when I run the FIM MA with a Full Import, Full Sync, Export, Delta Import, Delta Sync and then a Full Import, Full Sync for the AD LDS Outbound MA nothing happens.

Can someone please provide me with a set of detailed instructions on how to make this work? Or, a definitive souce of known good documentation that defines this task.

Thanks in advance.

H. Miller

Hi All,

Last year we had deployed FIM 2010 in our client environment. 2 months back, we have migrated the FIM solution to FIM 2010 R2.
Last week we faced an issue in FIM Portal. End user requests for different accesses and permissions on resources from the FIM portal. The requests goes to the user's manager/ resource owner for apporval. Some of the managers/approvers were unable to approve the pending requests in their bin. As per my observation, the issue is explained below in detail:

• Whenever the user (approver) tries to approve the requests from FIM portal (fromMy Pending Requests tab), he is getting the "Request Failed" popup. the requests is not getting approved and remains in the approvers bin inPending state.
• There are no failure requests entries generated in the FIM admin portal (when looking intoSearch requests tab) and the requests remains in Authorizing state which seems like there is a pending approval to complete the request. Because of this, I (as theFIMADMIN) at server end was unable to identify that the requests are not getting approved.
• The requests are stucked. All the workflows in the stucked requests are left inRunning state.
• As a process, If the approvers do not approves the request in 5 days, the request gets expired on the 6th day. I have observed that the stuck requests initaited in last week are not gettingexpired and remains in Authorizing state.
• In the event viewer logs on the FIM Portal machine, we have seen the below error each time the approvers were trying to approve requests and get the"Request Failed" error pop-up.

Request Identifier: 2247a182-3fd1-44f6-a7db-aa6e1130dbb8
Workflow Instance Identifier: fe68df8a-59be-4615-a339-680cf38f0458
Workflow Definition Identifier: 303cac16-d927-41f6-abce-21ccbd883ea2
Workflow Exception: System.IndexOutOfRangeException: Index was outside the bounds of the array. at System.Workflow.ComponentModel.Serialization.ActivitySurrogate.ActivitySerializedRef.System.Runtime.Serialization.IDeserializationCallback.OnDeserialization(Object sender) at System.Runtime.Serialization.DeserializationEventHandler.Invoke(Object sender) at System.Runtime.Serialization.ObjectManager.RaiseDeserializationEvent() at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage) at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream) at System.Workflow.ComponentModel.Activity.Load(Stream stream, Activity outerActivity, IFormatter formatter) at System.Workflow.Runtime.Hosting.WorkflowPersistenceService.RestoreFromDefaultSerializedForm(Byte[] activityBytes, Activity outerActivity) at System.Workflow.Runtime.Hosting.SqlWorkflowPersistenceService.LoadWorkflowInstanceState(Guid id) at Microsoft.ResourceManagement.Workflow.Hosting.ResourceManagementSqlWorkflowPersistenceService.LoadWorkflowInstanceState(Guid Id)

Can anybody help me in identyfying the issue for this? I am looking for the answers to the below queries:

1. Has anybody seen this issue before or have any idea about why the requests are not getting approved?
2. How we can troubleshoot this issue and identify the exact reason for which the requests/workflows got stucked ?

Thanks in Advance.

Thanks,

Sanjog

José Anderson Santiago Microsoft Community Contributor - MCP - MCDST - MCSA - MCTS - MCITP - MCT / Se a resposta foi útil classifique.

I have configured FIM 2010 R2 with two MAs (FIM and AD).  FIM MA has attribute flows using the MA, AD MA has attribute flows via the Synchronization Rules.

I have created Synch rules for both AD users import and AD users export.  The attributes are more or less the same.

Under the metaverse designer, I have configured equal precedence for attributes.

The initial load was fine, FIM was populated with my AD users.  Changes in AD are replicated to FIM.  However, when I make changes in FIM, the changes are rolled back or overwritten by the metaverse at the next sync.  Basically, I only ever get queued exports to FIM and never any to AD.

I've probably overlooked something very simple but cannot put my finger on it.  Any suggestions welcome.

There do not appear to be any relevant errors in either the FIM or application event logs.

We have win2003DCs  and win2008 DCs .

We plan to update all existing PCNS agents which are installled to all win2003,win2008DC.

Is there any good way to update PCNS agent without any end user negative impact ?