Description

Attempting to run an AD Changes or AD Sync Changes Operation fails. Examining the logs shows that this was due to a COMException.

Affected Software

• FIM Event Broker

Symptom

A COMException such as the following appears in the Event Broker logs:

System.Runtime.InteropServices.COMException(0x8007200A): The specified directory service attribute or value does not exist.

Resolution

This error can be caused due to a number of reasons:

• The target AD instance does not exist or cannot be found
• The account being used does not have adequate permissions to access the target AD instance

It is recommended that you use an application such as ADSI Edit or LDP.exe from the same machine as the Event Broker instance to ensure that aliases are properly resolving, the LDAP filter is correct, and the account in question has correct permissions.

Description

Attempting to run an Active Directory operation fails. Examining the logs shows DirectoryServicesCOMException.

Affected Software

• FIM Event Broker

Symptom

A DirectoryServicesCOMException such as the following appears in the Event Broker logs:

System.DirectoryServices.DirectoryServicesCOMException (0x800700EA): More data is available.
at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
at System.DirectoryServices.SearchResultCollection.get_InnerList()
at System.DirectoryServices.SearchResultCollection.get_Count()
at Unify.Product.EventBroker.ADSyncChangesPlugIn.GetChanges(DirectorySearcher searcher)
at Unify.Product.EventBroker.ADChangesPlugInBase.Check()
at Unify.Product.EventBroker.OperationListExecutorBase.RunCheck(ICheckOperationFactoryInformation checkOperation)

Resolution

Locate the *.exe.config in the Event Broker services directory, for an x64 installation this will be (by default):

C:\Program Files\UNIFY Solutions\Event Broker\Services\Unify.Service.Event.exe.config

and for an x86 installation this will be (by default):

C:\Program Files\UNIFY Solutions\Event Broker\Services\Unify.Service.Event32.exe.config

Add the following to the *.exe.config of the Event Broker services directory, inside the <configuration> element:

<configSections>
    <section name="system.directoryservices" type="System.DirectoryServices.SearchWaitHandler, System.DirectoryServices, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </configSections>
  <system.directoryservices>
    <DirectorySearcher waitForPagedSearchData="true" />
  </system.directoryservices>

Description

The Active Directory operations do not retrieve changes from the target instances correctly.

Affected Software

• FIM Event Broker
• Active Directory
• Active Directory Domain Services
• ADAM and ADLDS

Symptom

Following changes to the Active Directory instance or target organizational unit, the operation fails to detect a change.

Resolution

There are a number of reasons that Active Directory operations may not detect changes correctly:

• The specified account does not have complete permissions to retrieve changes, and the Active Directory query returns no objects rather than an error message in some cases. Refer to Active Directory Changes and Active Directory Sync Changes for information on specific account requirements for each operation.
• The target organizational unit or LDAP filter is incorrect, or does not contain the expected change. Ensure that the operation is configured correctly. Note that the AD Sync Changes operation cannot target a specific organizational unit.
• Changes have not yet been replicated across domain controllers.

Refer to an Active Directory expert or the Microsoft documentation for more information on specific configurations and instances.

Using

• UNIFY FIM Event Broker v3.2.1 RTM x64

The following was written to the Event Broker logs last night:

System.DirectoryServices.Protocols:
System.ArgumentException: The async result is invalid.
   at System.DirectoryServices.Protocols.LdapPartialResultsProcessor.GetPartialResults(LdapPartialAsyncResult asyncResult)
   at Unify.Product.EventBroker.OpenLDAPListenPlugIn.ResultsCallback(IAsyncResult result)

The error was thrown by the AD listener for the AU.QBE.PRI forest in Production.

Related JIRA issue here.

Using

Operation 1d3f5988-7166-4e06-9596-ee0c58dc2823 failed in operation list with id 4e8908b6-3e19-494a-a50e-55ac8680124a <span class="code-keyword">for</span> the following reason. This is retry number 0: <span class="code-object">System</span>.DirectoryServices.DirectoryServicesCOMException (0x800700EA): More data is available.
   at <span class="code-object">System</span>.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
   at <span class="code-object">System</span>.DirectoryServices.SearchResultCollection.get_InnerList()
   at <span class="code-object">System</span>.DirectoryServices.SearchResultCollection.get_Count()
   at Unify.Product.EventBroker.ADSyncChangesPlugIn.GetChanges(DirectorySearcher searcher)
   at Unify.Product.EventBroker.ADChangesPlugInBase.Check()
   at Unify.Product.EventBroker.OperationListExecutorBase.RunCheck(ICheckOperationFactoryInformation checkOperation)

Using

• Event Broker v3.2.1 Revision #3

The following was written this morning to the PROD EvB logs:

Operation 40266ccd-1acf-4960-b463-f466bb664eed failed in operation list with id 31bb88cc-a29d-40e7-8911-af6870f8b173 for the following reason. This is retry number 0: Unify.Framework.UnifyEngineException: Error in stored values engine attempting to write to storage, see the inner exception. ---> System.InvalidOperationException: Collection was modified; enumeration operation may not execute.
   at System.Collections.Generic.Dictionary`2.Enumerator.MoveNext()
   at WriteArrayOfKeyValueOfGroupedNameValueCollectionKeyanyType70DdoCVIToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , CollectionDataContract )
   at System.Runtime.Serialization.CollectionDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
   at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeAndVerifyType(DataContract dataContract, XmlWriterDelegator xmlWriter, Object obj, Boolean verifyKnownType, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
   at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeWithXsiType(XmlWriterDelegator xmlWriter, Object obj, RuntimeTypeHandle objectTypeHandle, Type objectType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
   at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerialize(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
   at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerializeReference(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
   at WriteStoredValueCollectionToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , ClassDataContract )
   at System.Runtime.Serialization.ClassDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
   at System.Runtime.Serialization.DataContractSerializer.InternalWriteObjectContent(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.DataContractSerializer.InternalWriteObject(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.WriteObjectHandleExceptions(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.WriteObject(XmlDictionaryWriter writer, Object graph)
   at System.Runtime.Serialization.XmlObjectSerializer.WriteObject(Stream stream, Object graph)
   at Unify.Framework.StoredValues.IsolatedStoredValuesEngineBase.<>c__DisplayClass14_0.<SaveStoredValuesCollection>b__0()
   at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)
   at Unify.Framework.StoredValues.IsolatedStoredValuesEngineBase.SaveStoredValuesCollection(IStoredValueCollection storedValueCollection)
   --- End of inner exception stack trace ---
   at Unify.Framework.StoredValues.IsolatedStoredValuesEngineBase.SaveStoredValuesCollection(IStoredValueCollection storedValueCollection)
   at Unify.Product.EventBroker.ADSyncChangesPlugIn.GetChanges(DirectorySearcher searcher)
   at Unify.Product.EventBroker.ADChangesPlugInBase.Check()
   at Unify.Product.EventBroker.OperationListExecutorBase.RunCheck(ICheckOperationFactoryInformation checkOperation)

See related issue QBE-67 - possibly related to similar problem also occurring with Identity Broker where loss of data is an issue. In this case the obvious impact is re-reading the same changes multiple times - however there may be other more significant outcomes.

This question pertains to: https://unifysolutions.jira.com/wiki/display/EB32/Clear+Run+History

The HTML files created provide a list of the Run Profiles that have been executed for a specific period of time. The HTML file also contains what appears to be a hypertext link at the end of each row.

These hypertext links don't do anything - all the rows tell us is whether a Run Profile's status was a success, warning or failure - but it does not drill down into any of the details of the status.

Wouldn't it be more useful if the hypertext link revealed more information pertaining to the status of the specific Run Profile? This would be very useful for historical purposes and troubleshooting.

Otherwise, it's kind of a useless HTML file?

Is there a way to include more detail in the HTML file?

Thanks

We're setting up scheduled SSIS or PowerShell tasks, but need to ensure that they are executed sequentially. Are PowerShell operations executed synchronously?

It would be nice to have the Last run statistics on the Operation list have the last Operation Begin / End. Currently you can only see when the check was last run not the actual Operation.

The Identity Broker Adapter check operation in EB 3.2 requires that you enter the Adapter ID, I would have thought EB could query IDB and display a list of Adapter names rather than having to find and enter the Adapter ID manually.