Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

A user-interface could not be located for this agent type.

Hayden Gray 3 months ago in UNIFYBroker/Google Apps updated by Matthew Davis (Technical Product Manager) 3 months ago 3

Hi Team,

We are currently doing environment updates at a site and at the same time updating their UNIFYBroker version from 5.3.1 Revision 4 to the latest version 5.3.4 but are running into issues. The customer also has the Google Apps connectors installed in there environment, but the latest version that I can see available which I have installed is 5.3.2.

The install is successful and the service starts however when validating components in the UNIFYBroker interface I noticed the following errors occurring.

On the Google Agents the following error is produced:

A user-interface could not be located for this agent type. The list of known types are:
Unify.Agent.FTP (FTP Agent)
Unify.Agent.SSH (SSH Agent)
Unify.Agent.SqlServerDatabase (SQL Server Database Agent)
Unify.Agent.OracleDb (Oracle Database Agent)
Unify.Agent.OleDb (Ole Database Agent)
Google (Google Agent)


On the Google Connectors the following error is produced:

A user-interface could not be located for this connector type. The list of known types are:
Unify.IdentityBroker.Connector.Google.Calendar (Google Calendar)
Unify.IdentityBroker.Connector.Google.DomainContact (Google Domain Shared Contact)
Unify.IdentityBroker.Connector.Google.OrgUnit (Google Org Unit)
Unify.IdentityBroker.Connector.Google.Group (Google Group)
Unify.IdentityBroker.Connector.Google.UserSettings (Google User Settings)
Unify.IdentityBroker.Connector.Google.User (Google User)
Unify.Connectors.PowerShell (PowerShell Connector)
Unify.Connectors.Direct (Database Connector)
Unify.Connectors.CSV (CSV Connector)
Unify.Connectors.Placeholder (Placeholder Connector)


I saw a similar issue mentioned on a previous ticket regarding Aurion connectors where an incorrect version was being used and I am figuring something similar could be happening here.

Thank you

Answer
Hayden Gray 3 months ago

Thanks Matt, that helped me find the issue.

Issues was the IIS site was pointing to the standaloneweb directory where it should be pointing to just the web directory. Repointing and doing an IIS reset got it working as expected.

Thank you

0
Answered

Aurion Query Attribute Order

Liam Schulz 4 months ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 4 months ago 1

Hi,

I've had a question from the customer regarding the queries the Aurion connector uses to pull data via the WSDL.

Does it matter if extra attributes that are not included in the schema/mapping are added to the query and does it matter what order the attributes are returned in the query?

Thanks,
Liam

Answer

Hey Liam,

No - extra fields aren't an issue. The Aurion connector uses the configured schema and mappings as the source of truth for which fields to read. So when iterating through the results of the query, each schema mapping row is attempted to be read from the results and set on the entity if it exists. So if the schema mapping doesn't exist on the query it will just skip over it, and extra ones that might be returned from the query will just be ignored if they're not in the schema. 

There's also no order requirement - the query results come back in blobs of XML, and we just iterate over the results retrieving the required elements. So the connector code has no expectation of order. 

0
Under review

Change detection engine import all items for connector Aurion Person failed with reason -25 (see UNIFACE message guide)

Liam Schulz 5 months ago in UNIFYBroker/Aurion updated 5 months ago 2

Hi,

I am trying to add the Employee_Number field from Aurion Person to a connector so that I can do write-back.

However, I am encountering the following error on Import All:

Image 6522

My mapping and schema is as follows:

Image 6523

Image 6524

Do you have more insight on what error -25 is?

Thanks,
Liam

0
Under review

Gateway was unable to be started due to One or more errors occurred.

Liam Schulz 7 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 7 months ago 3

Hi,

We have seen across multiple Broker instances that the following error occurs for LDAP gateways:
"The gateway <gateway name> (guid) was unable to be started due to One or more errors occurred."

Unfortunately there doesn't seem to be much more information that what is provided in the log. Examination of the log file further with CMTrace doesn't reveal anymore information.

In one particular affected customer's case, I checked the Azure Provisioning service to see if there was any significant event that may have caused this, but could not find anything there either.

The workaround is to Recycle the gateway, but this currently relies on manual checking to see if it has occurred or not and this appears to be happening on a frequent basis. We would like to address the root cause issue if possible.

Is there additional logging levels that could be applied to find out what could be causing this?

Thanks,
Liam

0
Not a bug

Time Offset Flag not re-evaluated when current time passes source field timestamp

Adrian Corston 7 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 7 months ago 5

My customer is failing UAT of the solution configuration because Time Offset Flags are not automatically updating when the source field timestamp is passed.  There have not been any Clear Entity Changes run in this environment for many months, and entity data fields have been updated recently as part of the customer's UAT testing processes.

Example: entity ID 70cb5e8e-8a8d-48f9-a123-911a836574f4 in partition 838b79fc-a31e-4b70-bcc8-e94550b3ff57 in ACCC TEST.  PostEnd, based on EndUTC, is still "No" but it should be "Yes".

Could you please check entity ID e71b989c-1a01-4542-9334-8e69c12abb6c on that same partition, which is due to see PostEnd change from "No" to "Yes" in around 15 hours from now (8/22/2023 2:00:00 PM UTC).  Please confirm that it is all fine (i.e., a future change exists in the database) and then after the timestamp is passed I'll check and verify if the PostEnd value has updated automatically as it should.

Answer

Changes are registered for the times that the contributing transformations dictate they need to be registered. In this case, there could have been a scenario under which a transformation has determined, based on current (or previous) configuration, that a change should be created for that time because at that time a date time offset flag or similar needed to be recalculated. It may have been from one of the time offset fields that has a value already and is known to recalculate at that time.

The original part of the ticket is as you suspect - where clearing pending changes will remove future dated changes, and they won't be recreated through a generate changes process (which is something we've improved for UNIFYBroker 6.0). 

The feature (Register-Contribution) was added to handle a scenario where a PowerShell transformation is adding/modifying a field, which is used in a transformation that can calculate future-dated changes (such as the Time Offset Flag transformation). With a normal chain of transformations (powershell aside), each adapter tracks the chain of where its source came from. This is done so we can calculate whether or not a change is needed for an entity (for example, if field X from relational connector A is used through a chain of transformations and then to calculate a datetime offset, we need to know on import if field X has a value which would trigger a change in the future, so we can register that change in the database so it recalculates at the right time, rather than too early / late). This calculation process is called Change Detection in the Broker engine.

Traditionally, the PowerShell transformation had no way of letting the Broker engine know how entity fields were being used, so it had no way of being involved in the change detection process. This also means it broke downstream change detection - if a PowerShell transformation is outputting a field value which is then used in a Time Offset Flag transformation, the engine had no way of knowing the source field of that value to notify of future dated changes.

The Register-Contribution call allows you to register this linkage to let the engine know how to handle those scenarios. So as an example, you may have an EndDate schema field coming from the parent or relational connector. You take this EndDate field in, and use a PowerShell transformation to convert it to UTC time, placing it into an EndTimestampUTC field. That EndTimestampUTC field is then used to calculate the PostEnd field through a TimeOffsetFlag. You would use the Register-Contribution call on this field, to essentially tell the adapter that "the PostEnd field passes through this magical script and results in the EndTimestampUTC field, so if there's a change on the PostEnd field it can be used to calculate changes on the EndTimestampUTC field". The adapter can then use that linkage to know that a change on the PostEnd field which sets the date in the future can be used to calculate a change in the future based on the configuration for the TimeOffsetFlag transformation. 

The configuration would look similar to this (screenshot from the linked ticket):

Image 6511

Image 6512

Image 6513

TL;DR: 

The PowerShell transformation does not participate in the change detection process by default. This can be enabled by manually describing the fields which contribute in some way to other fields, either created by the transformation, or pre-existing.

To do this, call the Register-Contribution method in the Schema Script for each instance of one field contributing to another.

# 'fieldA' contributes to the resulting value in 'fieldB'
Register-Contribution("fieldB", "fieldA"); 

Manually registering field contribution isn't required in most cases and for all fields, and can normally be omitted from the schema script. The typical situations where contribution registration would be required involve a PowerShell transformation preceding a Time Offset Flag or Business Day Offset transformations, where the contribution chain of the the involved Timestamp or Date fields is required to correctly schedule future-dated changes.

0
Answered

Support for DateRelational.Compare.String and Relational adapter transform types

Adrian Corston 8 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 8 months ago 1

I have encountered a UNIFYBroker customer who has DateRelational.Compare.String and Relational adapter transform types configured (UNIFYBroker 5.1.0#2).  I have been asked to upgrade them to the latest UNIFYBroker release.  Can you please confirm:

1. Are these transform types still available in the latest UNIFYBroker release?

2. Has their functionality or features changed since the 5.1.0#2 release?

3. If they are available, what are they now called in the UNIFYBroker UI?

Image 6506

Answer

Hi Adrian,

The DateRelational.Compare.String and Relational are old names for the current Join transformation. This transformation was reworked back in UNIFYBroker 4.1, so it's likely this configuration was upgraded from an old 3.x or 4.x config up to 5.1.

The product still respects the old transformation names, although may not 

Between 5.1 and 5.3 there's been no changes to the way that entity windows and selections function. 

There was no changes to the join transformation functionality itself, however there was minor changes made to the overall transformation process in terms of how changes are aggregated and reported (as support for postgresql was added). I don't expect this would impact functionality as we've not had other customers report issues between the versions.

If you are migrating the configuration rather than re-creating, you may find the UI continues to report the transformations using the old name (as you see in the screenshot above). Otherwise a new transformation can be created using the Join transform.

Let me know if you've got any more questions or have issues with the upgrade.

0
Answered

Aurion security user writeback fails for user ID field values with common prefix

Adrian Corston 8 months ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 5 months ago 3

At my customer site their Aurion instance is configured with security user "UserID" field values which are populated from the user's AD sAMAccountName (username) field.  Their usernames have values like "jsmi" (for John Smith) and "jsmi1" (for Jane Smith).

When writing data back for a user like "jsmi" the following error is logged by UNIFYBroker and the update isn't actioned in Aurion:

20230725,04:16:00,UNIFYBroker,EntitySaver,Error,The entity jsmi (3a657f98-06df-47e0-b0d8-bfd0c19b250b) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: Cannot identify an unique Aurion User from User Match Value,Normal

It appears the issue here is that the Aurion API is unable to identify a single unique security user to update, when there is another user whose UserID starts with the same value (i.e., jsmi1).

Is there some other way to configure UNIFYBroker so that it can successfully update my customer's Aurion security user data?

Answer

I've now confirmed that the behaviour I reported above isn't actually happening - I misinterpreted what I was seeing.  The true root cause of the error is a link mapping passing a changed UserID value to the Aurion connector, which meant that it was passing a UserMatch value that didn't exist to the API.

0
Answered

UNIFYConnect writing back Aurion data to fields that it's not configured to export to

Adrian Corston 8 months ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 8 months ago 1

Recently my customer refreshed their TEST HR SOT (Aurion) from PROD.  I ran an import to pick up the updated data, but didn't notice that it failed (due to a duplicate value for a key field in the refreshed data).  Then I cleared locker data and reloaded it.

Then I ran a baseline sync to write back two fields to the HR SOT.  It appears that at this time data on all fields (and not just the write-back fields) of entities in the HR SOT was reverted to pre-refresh values.

Is it likely that when I ran the baseline sync UNIFYBroker/Plus applied the mappings from the outbound link on top of the pre-existing out-of-date connector data, and then overwrote all that old field data back to Aurion, even for fields that are not configured to be written back?

Answer

Hi Adrian,

The Aurion API only supports updating specific fields on the API, separate to the queries being read. Currently, the UNIFY Aurion connector maps all suitable* connector entity fields back to the API call.

* A suitable connector entity field is one where the field schema name matches the name provided by the default schema provider, in line with the appropriate connector documentation (such as Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions )

If the appropriate schema field can't be found, then the value isn't set on the outgoing API call. According to the Aurion API documentation, this field would be ignored.

In this case, the baseline sync would have triggered the export operation on the connector for entities, which would have taken the reverse-transformed adapter entity (pre-refresh, as the import failed) and exported any fields that the connector was able to map - which is likely why those values got reverted.

I suspect that if you were to have different connector schema field names for any fields you're not wanting to have exported, and make use of the Query Mappings connector configuration, then only the expected fields would be updated.

We do have an item on the backlog to re-work the Aurion connector, having the connector schema be driven by the query with explicit configuration back to the API operations (rather than the inverse, as it stands currently). 

We do also have an item to improve the Baseline Sync to avoid exporting entities when changes haven't been made, but we're working through the implications of that on true-up support (and potentially wouldn't have helped in this scenario if the values you were wanting to export were different already). 

0
Declined

PowerShell sync task can't connect to AD

Adrian Corston 10 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 10 months ago 5

Sometimes I see errors in my customer's production environment when the birthright group provisioning PowerShell task is unable to connect to AD.  This is happening immediately after a successful connection to AD has provisioned the user account.  There are two types of errors that are returned, as below:

UnifyLog20230517.csv:1629:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1916629",Normal
UnifyLog20230518.csv:57203:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2855075",Normal
UnifyLog20230521.csv:219718:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:01:00.0326068",Normal
UnifyLog20230521.csv:219982:20230521,15:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:220247:20230521,15:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:234120:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0287518",Normal
UnifyLog20230521.csv:234384:20230521,16:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:234683:20230521,16:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:248409:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0017363",Normal
UnifyLog20230521.csv:248672:20230521,17:41:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:248971:20230521,17:43:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:262577:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0161713",Normal
UnifyLog20230521.csv:262840:20230521,18:40:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:263093:20230521,18:42:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:276860:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0138167",Normal
UnifyLog20230521.csv:277241:20230521,19:40:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:277494:20230521,19:42:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:291308:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170553",Normal
UnifyLog20230521.csv:291572:20230521,20:41:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:291845:20230521,20:43:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:305473:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0058264",Normal
UnifyLog20230521.csv:305736:20230521,21:40:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:305989:20230521,21:42:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:319874:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170181",Normal
UnifyLog20230521.csv:320142:20230521,22:41:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:320398:20230521,22:43:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:331465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.1680608",Normal
UnifyLog20230521.csv:331472:20230521,23:30:44,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230521.csv:331477:20230521,23:30:47,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230523.csv:10338:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.0310308",Normal
UnifyLog20230523.csv:32001:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2325114",Normal
UnifyLog20230523.csv:32955:Add entities [Count:8] to connector AD User reported 8 entities saved, 0 failed. Duration: 00:00:02.0700229",Normal
UnifyLog20230523.csv:34211:Add entities [Count:4] to connector AD User reported 4 entities saved, 0 failed. Duration: 00:00:01.0275391",Normal
UnifyLog20230526.csv:12458:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1577689",Normal
UnifyLog20230531.csv:11081:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1605492",Normal
UnifyLog20230531.csv:11851:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1728933",Normal
UnifyLog20230602.csv:2129:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1171594",Normal
UnifyLog20230602.csv:2138:20230602,01:09:42,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=dtai2,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230604.csv:21979:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.5039543",Normal
UnifyLog20230605.csv:7281:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1775722",Normal
UnifyLog20230605.csv:24280:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.4059702",Normal
UnifyLog20230606.csv:18238:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2258243",Normal
UnifyLog20230606.csv:20135:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2077376",Normal
UnifyLog20230606.csv:20865:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2686140",Normal
UnifyLog20230609.csv:11402:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1731736",Normal
UnifyLog20230611.csv:21783:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2460368",Normal
UnifyLog20230611.csv:21786:20230611,15:38:16,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=spoyn,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230612.csv:24388:Add entities [Count:7] to connector AD User reported 7 entities saved, 0 failed. Duration: 00:00:01.7047121",Normal
UnifyLog20230612.csv:24410:20230612,15:40:07,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aeasl,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230612.csv:24465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:00.1749234",Normal
UnifyLog20230613.csv:11991:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2090408",Normal
UnifyLog20230613.csv:25059:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2958574",Normal
UnifyLog20230614.csv:17864:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1804325",Normal
UnifyLog20230614.csv:29130:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2327871",Normal

The birthright group provisioning is a critical event-driven call and it must succeed.  Can you please investigate why it failed like this and see if there's some way to improve it's reliability?

0
Duplicate

Aurion connector exports fail when import runs concurrently due to logoff

Adrian Corston 10 months ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 10 months ago 1

When an Aurion connector import operation runs while a connector export is already running the export fails with its session logged off:

14:30:00 baseline sync kicks off export:

Synchronization job started syncing 7977 changes on the 'Managed User > Aurion Security User' link from the locker to adapter. Job ID: 9f521182-e52e-4082-8685-899600d4456f",Normal

14:33:37 evidence of exports occurring:

Add entities [Count:3] to connector Aurion Security User reported 3 entities saved, 3 failed. Duration: 00:00:01.0862857",Normal

14:51:15 scheduled import operation runs:

20230531,14:51:15,UNIFYBroker,Change detection engine,Information,"Change detection engine import all items started.

Change detection engine import all items for connector Aurion Security User started.",Normal

14:52:54 hundreds of failed updates reported due to logoff (shared session with import?):

20230531,14:52:54,UNIFYBroker,Connector,Information,"Update entities to connector completed.

Update entities 6375 to connector Aurion Security User reported 6375 entities saved, 225 failed. Duration: 00:19:11.1067288",Normal

20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity bcoff (2a12bf64-7aec-4101-a696-fa84054b0a0d) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal

20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity kbair (603121f8-2724-4d34-a177-630bb718656b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal

Either import and export operations should be able to run concurrently without interfering with each other, or otherwise the system should not permit them to run concurrently.