MIM Event Broker Forum

Welcome to the community forum for MIM Event Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+7
Completed
Bob Bradley 1 year ago • updated by Adam van Vliet (Product Manager) 2 months ago 1

I know this is somewhere on the roadmap, but I thought I'd give you a specific example of how I would like to use this to lookup the Operation List name for a corresponding guid from within a PowerShell script. I know this method exists on the WCF endpoint because it is exposed in the WSDL. However it is not a simple exercise to access this from PowerShell.


For the time being I have a work-around which relies on looking up the Event Broker registry key to determine the extensibility file path, then querying the operations extensibility xml directly. However the limitation here is that this will only work if the script is running locally on the Event Broker service host.

Answer

Now that this has been proven in Identity Broker we'll look at this for MIM Event Broker.

+4
Under review
Bob Bradley 1 year ago • updated by Adam van Vliet (Product Manager) 1 year ago 9

When an OU is configured for an AD agent that is NOT the domain root (e.g. "OU=Employees,DC=mim2016,DC=local") we get the following exception when the generated incoming operation list is activated:


Operation faulted: The server is unwilling to process the request. - Please see the log viewer for more details.

This is because the AD Sync Changes check operation uses the full DN for the "Domain" property instead of the DC part only (i.e. "DC=mim2016,DC=local").


To avoid this error the AD sync changes operation needs to extract the DC DN from the full DN supplied.

+2
Fixed
Shane Day (Chief Technology Officer) 2 years ago • updated by Adam van Vliet (Product Manager) 11 months ago 4
Hi Product Team!
Attempting to delete operations from "/Operation" (Operation Lists Page) is met with a blank screen. The URL redirects to "/Operation/ModifyOperationLists" but the page is blank.
The only way to delete operations via the GUI is to Open the operation from the operations list. Click Actions and Delete from within the Operation. Even attempting to delete the operation this way acts strange.. When attempting to delete from within the operation the "Are you sure" window pops up for a second and automatically submits the deletion without confirmation.
Happy to ellab on this if required.

Item originally from Ryan Crossignham from PRODUCT-389

screen2.png - Latest 21/Sep/15 4:47 PM - Ryan Crossingham
+1
Completed
Bob Bradley 12 months ago • updated by Matthew Davis 1 month ago 4

Presently the TO address supports only a single target email address. However this field is multi-valued in the sendmail API and the logger could easily be extended to support this. There is no tooltip on this field so it was not intuitive that this restriction applied - however attempts using "," and ";" delimiters both failed. Work-arounds include setting up multiple loggers, or using a distribution list. However there are times when this would still be handy - especially when d-lists are not easily modified or the requirement is only temproary.

Answer
Matthew Davis 1 month ago

Added ability to have logs emailed to multiple addresses. Will be included in the next release.

+1
Under review
Bob Bradley 1 year ago • updated 1 year ago 2

With the release of Ryan Newington's latest Lithnet miis-powershell module it occurred to me that it may be possible in some scenarios (e.g. full imports vs. delta imports) to leverage the progress bar idea for the Event Broker console.

+1
Completed
Bob Bradley 1 year ago • updated 4 weeks ago 10

The native AD MA for the FIM Sync service has long had an optional configuration section for preferred DCs, so that administrators can nominate an ordered list of preferred DCs to connect to for imports/exports. When this is used with Event Broker, especially in forests where there are delays in AD replication between DCs, the result can be that Event Broker detects a change before it is replicated to the DC from which FIM is connecting. This generally results in a missed change.


A feature to configure the AD agent exactly in line with that in the corresponding AD MA is suggested here.

0
Answered
Richard Green 7 days ago • updated 7 days ago 2

Hi Gents,

Here's a new one - i'm having issues with the IDB Changes operation between EVB 4.0 and IDB 5.2

I have the default configuration.

Initially i was getting the following error:

Operation Check for changes in the External AD Events Adapter with id 331db65e-4d4d-48a0-b09f-a7247c7d3f15 failed in the operation list MIM - External AD Events MA - Incoming with id ddde4bd5-4173-419b-9388-92df3f10d705 for the following reason. This is retry number 0: System.InvalidOperationException: Could not find endpoint element with name 'IdentityBroker' and contract 'IChangesAvailableCollector' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this name could be found in the client element.
 at System.ServiceModel.Description.ConfigLoader.LoadChannelBehaviors(ServiceEndpoint serviceEndpoint, String configurationName)
 at System.ServiceModel.ChannelFactory.ApplyConfiguration(String configurationName, Configuration configuration)
 at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address)
 at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress)
 at Unify.Product.EventBroker.IdentityBroker50ChangesCommunicator.ChangesAvailable(Guid adapterId)
 at Unify.Product.EventBroker.IdentityBroker50ChangesPlugIn.Check()
 at Unify.EventBroker.PlugIn.Audit.CheckOperationAuditingDecorator.Check()
 at Unify.Product.EventBroker.OperationListExecutorBase.RunCheck(ICheckOperationFactoryInformation checkOperation)

So I added the following endpoint config in the service.event.exe.config:

<endpoint binding="basicHttpBinding" contract="IChangesAvailableCollector" bindingconfiguration="StreamingFileTransferServicesBinding" name="IdentityBroker"></endpoint>


Now, i'm getting the following:

Operation Check for changes in the External AD Events Adapter with id 331db65e-4d4d-48a0-b09f-a7247c7d3f15 failed in the operation list MIM - External AD Events MA - Incoming with id ddde4bd5-4173-419b-9388-92df3f10d705 for the following reason. This is retry number 0: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Not something i've seen before...


Answer

I thought this had come up before (there's a matching ticket in VSO), but can't find it in UserEcho...

Please change the endpoint element to this:

<endpoint binding="basicHttpBinding" contract="IChangesAvailableCollector" bindingconfiguration="IdentityBroker4Binding" name="IdentityBroker" />

It'll be in the next release, not sure how it was missed. Thanks.

0
Fixed
Richard Green 1 week ago • updated by Curtis Lusmore 1 week ago 5

Hi Guys,

I'm currently having an issue communicating with the IDB API from Event Broker. Not sure if this is IDB or EVB.

I'm getting the following error trying to run an API operation:

Operation Full Import - DAMS Contact Connector with id a1508248-0161-46a0-a703-a1cad6cfc8ed failed in the operation list IDB - DAMS Contact - Full Import with id bae408b8-0b38-495f-a92a-4b1a8319f15b for the following reason. This is retry number 0: Unify.Product.EventBroker.RestAPIAgentUnexpectedStatusException: Response code NotFound doesn't match expected response code NoContent.
 at Unify.Product.EventBroker.RestAPIPlugIn.Execute()
 at Unify.EventBroker.PlugIn.Audit.OperationAuditingDecorator.Execute()
 at Unify.Product.EventBroker.OperationListExecutorBase.RunNextOperations(IEnumerator`1 operationEnumerator)

I have the following agent configured (Have tried IDB Port with no change):


And the following API config in IDB:


IDB v5.2.0 R2

EVB v4.0.0 R1

IDB and EVB are on the same box, and i can hit the swagger page for the rest API.

Nothing applicable in the IDB logs or Event Logs (even enabled diagnostic logging in IDB)

Answer
Curtis Lusmore 1 week ago

Hi Richard,

Please try placing the following patch DLL into the Event Broker Services directory and re-attempting the operation.

Unify.EventBroker.PlugIn.RestAPI.dll

Please note that this ONLY affects Identity Broker v5.2+. Please don't use this patch against an Identity Broker v5.1 instance.

0
Won't fix
Richard Green 2 weeks ago • updated by Adam van Vliet (Product Manager) 7 days ago 7

Hi Gents,

I'm having an issue with event broker at the moment:



Stack trace from Event Log:

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 14/07/2017 10:36:36 AM 
Event time (UTC): 14/07/2017 12:36:36 AM 
Event ID: a852df8e00cb40e4a34b31600dea2fca 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 0 
 
Application information: 
    Application domain: b7cf9837-1-131444661896298544 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\Program Files\UNIFY Solutions\Event Broker\Web\ 
    Machine name: REDACTED
 
Process information: 
    Process ID: 5640 
    Process name: Unify.Service.Event.exe 
    Account name: REDACTED
 
Exception information: 
    Exception type: TypeInitializationException 
    Exception message: The type initializer for 'Unify.EventBroker.Web.EventServiceClientInstance' threw an exception.
   at Unify.EventBroker.Web.MvcApplication..ctor() in C:\agent\_work\23\s\Source\Unify.EventBroker.Web\Global.asax.cs:line 33
   at ASP.global_asax..ctor()
Could not load file or assembly 'Unify.Framework.Collections, Version=5.2.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4' or one of its dependencies. The system cannot find the file specified.
   at Unify.Framework.TimingGenerator..ctor()
   at Unify.Framework.Logging.LoggingEngineClient..ctor(ILoggingEngineCollector collector) in C:\agent\_work\1\s\Source\Logging\Unify.Framework.Logging.Engine.Shared\LoggingEngineClient.cs:line 25
   at Unify.EventBroker.Web.EventServiceClientInstance.CreateComponent(EndpointAddress serviceEndpointAddress) in C:\agent\_work\23\s\Source\Unify.EventBroker.Web\Extensions\EventServiceClientInstance.cs:line 53
   at Unify.EventBroker.Web.EventServiceClientInstance..cctor() in C:\agent\_work\23\s\Source\Unify.EventBroker.Web\Extensions\EventServiceClientInstance.cs:line 32
 
 
Request information: 
    Request URL: http://localhost:8081/ 
    Request path: / 
    User host address: 127.0.0.1 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: REDACTED
 
Thread information: 
    Thread ID: 236 
    Thread account name: REDACTED
    Is impersonating: False 
    Stack trace:    at Unify.EventBroker.Web.MvcApplication..ctor() in C:\agent\_work\23\s\Source\Unify.EventBroker.Web\Global.asax.cs:line 33
   at ASP.global_asax..ctor()
 
 
Custom event details:

Not sure what's going on here. This worked previously as i was able to apply the license, however this is the first i have used it since.

I've restarted the browser, service and server with no change.

Service account is a local admin, so there should not be any permissions issues.

Running the latest version (4.0) 

Running on windows server 2016.

I note also that Unify.Framework.Collections.dll is present in the web\bin dir, and it is version 5.2.1.0 (different from the 5.2.0.0 in the error message, although i expect that's just the display...)


Cheers

Richard

Answer
Curtis Lusmore 7 days ago

It is the recommended approach and the embedded web server has been deprecated (as per http://voice.unifysolutions.net/topics/2721-configuring-mim-event-broker-for-use-with-embedded-web-server/).

We're hoping IIS fixes the issue because it means that there's no further work to be done. If, however, the issue remains, we'll have to do some analysis. This issue has come up before, but was either fixed by IIS, or just stops without explanation.

0
Answered
Matthew Woolnough 4 weeks ago • updated by Adam van Vliet (Product Manager) 4 weeks ago 3

The EvB IIS security page contains the following example:

<? xml version="1.0" encoding="utf-8" ?>
<ConnectEngine>
    <roleAuthorizations>
        <roleAuthorization role="Unify.Event.Service.Read">
            <anonymous action="Allow" />
        </roleAuthorization>
        <roleAuthorization role="Unify.Event.User">
            <group action="Allow" groupName="Users"/>
        <roleAuthorization>
        <roleAuthorization role="Unify.Event.Administrator">
            <user action="Allow" userName="ExampleAdministrator_01" />
        </roleAuthorization>
        <roleAuthorization role="Unify.Event.Agents.Write">
            <user action="Deny" userName="UserWithDeniedAccess_03" />
        </roleAuthorization>
    </roleAuthorizations>
</ConnectEngine>

However, the Unify.Product.EventBroker.EventBrokerPlugInKey.extensibility.config.xml file contains:

<?xml version="1.0" encoding="utf-8" ?> <EventEngine changeId="{025F5A02-200E-4BA3-B74F-72623FAD3731}" />


Has the XML structure changed in 4.0?


Answer

In the web.config, update owin:AutomaticAppStartup = true and AuthorizeSetting = OpenId

Then add the following:

  • ida:ClientId = your client id
  • ida:AADInstance = the id for you instance of AAD
  • ida:TenantId = the id for your tenant
  • ida:PostLogoutRedirectUri = the redirect on sign-out url
As Matthew mentioned, the page will be updated to reflect this.