Description

MIM Event Broker installation or upgrade is interrupted with the following message:

Service 'UNIFY MIM Event Broker' (Unify.Service.Event) could not be installed. Verify that you have sufficient privileges to install system services.

Affected software

• MIM Event Broker

Symptom

The MIM Event Broker installation or upgrade is interrupted and the following message is shown:

Solution

There are a number of possibly causes for the issue described in the Symptoms section:

Insufficient privileges

The installer is designed to elevate and request for permission where needed. Should this not occur, follow the instructions on Unattended Installation, using the /a administrative install switch.

Log on as service

The chosen account must have the Log on as service permission granted.

A restrictive Local Security Policy

Open up the Local Security Policy, and navigate to the Software Restriction Policies section. Ensure that there are no policies that would restrict the installation or upgrade of MIM Event Broker.

User Account Control (UAC) blocking the install

In the same way that the installer is designed to elevate and request for permissions, the installer should also create a UAC prompt when needed. Please see the following http://technet.microsoft.com/en-us/library/cc709691.aspx. Either follow the instructions on policy settings to determine if system settings are restricting the installation, or simply disable UAC for the duration of the installation.

A system intrusion prevention or antivirus software is blocking the upgrade

Some software designed to protect the system can incorrectly block software from performing upgrades and overriding files. Should there be one installed on the system, consider disabling it for the duration of the installation.

Uninstall MIM Event Broker and perform a fresh install

Should the above steps fail, a fresh installation can be performed, as per Fresh Installation During an Upgrade.

Description

A number of issues may be encountered when attempting to access or write to the main Identity Broker logs.

Affected Software

• FIM Event Broker

Symptom

A variety of error messages can be produced when FIM Event Broker is unable to successfully access its logging directory. The following error messages may appear on pages and in the Windows Event log:

System.NullReferenceException: Object reference not set to an instance of an object.
at ASP._Page_Views_Error_Index_cshtml.Execute() in c:\Program Files\UNIFY Solutions\Event Broker\Web\Views\Error\Index.cshtml:line 10
at System.Web.WebPages.WebPageBase.ExecutePageHierarchy()
at System.Web.Mvc.WebViewPage.ExecutePageHierarchy()
at System.Web.WebPages.StartPage.ExecutePageHierarchy()
at System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage)
at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.<>c_DisplayClass1c.<InvokeActionResultWithFilters>b_19()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

Resolution

These error messages may appear differently, but they can be attributed to similar causes. If any issues either reading or writing to the main FIM Event Broker log occurs, please consider the following:

• Ensure that the main Logs directory exists in the FIM Event Broker Services directory
• If using IIS, ensure that any application pool accounts have sufficient access to the contents of the directory

Description

The MIM Event Broker user interface fails to load in Internet Explorer with a content from the website listed below is being blocked error.

Affected software

• MIM Event Broker

Symptom

The MIM Event Broker user interface fails to load in Internet Explorer with the following error:

Solution

This issue is caused by the strict rules enforced by Internet Explorer Enhanced Security Configuration incorrectly blocking some JavaScript functionality. This can be resolved by adding about:blank to the list of trusted sites, as per Prerequisites.

Description

The Identity Broker Agent connection test, and/or attempts to use the agent via the Identity Broker Changes operation, fail due to a "The requested name is valid, but no data of the requested type was found" message.

Affected Software

• FIM Event Broker.
• Identity Broker

Symptom

Following configuration of a new Identity Broker Agent agent, or use of the Identity Broker Changes operation, the following error appears:

The test of IdB Agent (580d394e-98fe-4657-ba2f-eb4cd41bd348) failed with message:
System.Net.Sockets.SocketException (0x80004005): The requested name is valid, but no data of the requested type was found
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Unify.Product.EventBroker.IdentityBrokerAgent.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)

Solution

This error means that the specified endpoint address in the agent does not exist, or the Identity Broker service is unavailable. Verify the Identity Broker service is running and contactable, and ensure the Identity Broker Agent is correctly configured.

Description

After having installed the FIM Event Broker portal workflow and configured the workflow a PostProcessingError is encountered in the request that executed the workflow, similar to:

Forefront Identity Manager Service is not able to serialize this XOML definition '<ns0:SequentialWorkflow name="SequentialWorkflow" ... />'

Affected Software

• Microsoft Forefront Identity Manager

Cause

The assembly version referenced by the FIM Event Broker Portal Workflow is not recognized by the FIM Portal instance. This results in an XOML definition which is considered incorrect by the FIM Service.

Resolution

The fix involves telling the FIM Portal to accept the versions provided by the FIM Event Broker Portal Activity. This is achieved through the use of Binding Redirection.

First locate the Microsoft.ResourceManagement.Service.exe.config file located in the FIM Service directory, which in a default implementation will be located at: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config

Next add the following the following XML block under the configuration element:

<runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="FunctionLibrary" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.2273.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.IdentityManagement.Activities" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.2273.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.ResourceManagement.Automation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.2273.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.ResourceManagement" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.2273.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.IdentityManagement.WFExtensionInterfaces" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="4.0.0.0-4.65535.65535.65535" newVersion="4.1.2273.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>

In the example configuration the newVersion is 4.1.2273.0. This needs to be updated to match the current version of the FIM implementation.

Description

FIM Event Broker fails with a System.Management.ManagementException: Access denied error.

Affected software

• FIM Event Broker

Symptom

FIM Event Broker FIM agent operations fail with an access denied exception.

Solution

This issue is caused by incorrectly configured WMI security settings for the service account. Ensure that WMI Prerequisites have been met.

Description

An exception is thrown when running the ConfigureEventBrokerChangesActivity.ps1 PowerShell script under PowerShell ISE.

Affected Software

• FIM Event Broker Portal Workflow

Symptom

Attempting to run the ConfigureEventBrokerChangesActivity.ps1 PowerShell script under PowerShell ISE causes the following exception to be raised:

Exception calling "ReadKey" with "1" argument(s): "The method or operation is not implemented."
At C:\Program Files\UNIFY Solutions\Event Broker\Portal Workflow\ConfigureEventBrokerChangesActivity.ps1:68 char:1
+ $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : NotImplementedException

Resolution

The ConfigureEventBrokerChangesActivity.ps1 PowerShell script is not intended to be run under PowerShell ISE. It is possible to execute it under PowerShell ISE anyway by removing or commenting out lines 37 and 68, which contain:

$host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

Description

The Database Execute Query Operation, in combination with the Oracle Database Agent, fails to execute a stored procedure.

Affected Software

• FIM Event Broker
• Oracle database

Symptom

When executing a stored procedure using the Database Execute Query Operation against the Oracle Database Agent, the following error (or similar) appears:

Operation c8dc0587-f197-4cb9-b15d-243629bad723 failed in operation list with id c1c7e163-d3a0-49ad-997f-ee818cf8d8d0 for the following reason. This is retry number 0: Oracle.DataAccess.Client.OracleException ORA-00900: invalid SQL statement at Oracle.DataAccess.Client.OracleException.HandleErrorHelper(Int32 errCode, OracleConnection conn, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object src, String procedure, Boolean bCheck, Int32 isRecoverable)
at Oracle.DataAccess.Client.OracleException.HandleError(Int32 errCode, OracleConnection conn, String procedure, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object src, Boolean bCheck)
at Oracle.DataAccess.Client.OracleCommand.ExecuteNonQuery()
at Unify.Framework.Data.AdoNetDataControl.ExecuteNonQuery(String commandText, IEnumerable`1 parameters, CommandType commandType)
at Unify.Product.EventBroker.OperationListExecutorBase.RunNextOperations(IEnumerator`1 operationEnumerator)
        

Solution

This error means that either the service account for the Oracle Database Agent does not have correct permission, or that the format of the operation statement is not correct.

The correct format is similar to the following:

BEGIN
    SCHEMA_NAME.STORED_PROCEDURE_NAME();
END

To grant the stored procedure to the service account:

grant EXECUTE on "SCHEMA_NAME"."STORED_PROCEDURE_NAME" to "EBUSER";

Description

FIM Event Broker configuration is lost following a restart of the service.

Affected software

• FIM Event Broker

Symptom

Previous configuration is not maintained following a restart of the service.

Solution

The occurs due to the permissions on the directory containing the FIM Event Broker configuration.

Possible steps to resolve:

• Verify that the account configured to run the FIM Event Broker service has been given update access to the Extensibility directory, as per Prerequisites. This directory is located under the installation directory of FIM Event Broker.

Description

Following a Windows account rename, FIM Event Broker operations dependent on SQL Server Windows authentication fail with a message similar to the following:

Agent test is failing with the message: "Cannot open database "FIMSyncronizationService" requested by login. The login failed.

Affected software

• FIM Event Broker.

Symptom

Following a Windows account rename, all SQL Server operations dependent on the account could potentially fail with a "login failed" message.

Solution

SQL Server logins can become out of sync with the Windows account name following a rename. The login must be updated to match the Windows account name. To update the details, see http://msdn.microsoft.com/en-us/library/aa337562.aspx (for Microsoft SQL Server Management Studio), or http://msdn.microsoft.com/en-us/library/ms189828.aspx (for Transact-SQL).