When adding the Identity Broker REST agent to EventBroker, the port has a drop down list, HTTP, HTTPS, Custom. Could that also include Default Identity Broker (59991). Or failing that, in the mouseover message for the custom port field, instead of the message "Specify a custom port to use", could we have "Specify a custom port to use (the defaut for Identity Broker is 59991)

Thanks

A vanilla install of Event Broker 3.2.1 RTM throws an Access Denied exception when attempting to connect to the local SQL Server 2012 (Enterprise x64) FIMSynchronizationService database. This is despite the service account having the correct db_datareader role membership on this database, and a UDL file running under the service account identity successfully connecting to the database.

Log file entry as follows:

20160401,03:05:29,UNIFY FIM Event Broker,Agent Engine,Error,"An error occured when attempting to execute a function against the agent with the id 78271e3f-e5af-4f4e-a4ea-9e076acc3904:

With regards the release notes of FIM Event Broker v3.2.1

Question regarding "Increased timeout of LDAP operations to one hour". I am thinking that there may be scenarios whereby a timeout of 1 hour may not be desirable (e.g. on a sync changes check operation you would most likely WANT this to fail to bring the issue to the attention of the operators). Can you explain the scenario that this was implemented for, and whether it is confined or applied in general? I can see specific examples of where increased timeouts may be required - but I would have thought this would be on an operation-by-operation basis (in which case you could conceivably have 2 agents with different configurable timeouts).

Case in point - at one particular site we are actually REDUCING timeouts for certain operations as this is indicative that there are external problems impacting the solution which need to be addressed. The changes we are looking to make there are to identify long-running operations that are out of the ordinary and disable them until the root cause has been identified and remediated. Allowing something to run for an abnormally long time in actual fact appears to have been a major contributor to a severe FIM solution outage (after damage was caused by mass account disabling as an indirect result).

When Event Broker is installed the service account is not being given rights to the extensibility directory. This means changes made to the configuration through the console are not saved.

The correct permissions are being assigned to Logs and Patches

At the moment you can configure operations to execute, so when one operation completes it executes the next.

Would be handy if you could configure a time delay between these executions - such that after an export run has completed (with unknown processing time) you could tell event broker to wait 2 or 3 minutes before executing a delta import run or such.

The FIM Portal workflow generation script specifies the machine name but in my testing only the localhost identifier was sufficient.

Exception in post-processing request:

Forefront Identity Manager Service is not able to serialize this XOML definition:
'<ns0:SequentialWorkflow x:Name="SequentialWorkflow" ActorId="00000000-0000-0000-0000-000000000000" WorkflowDefinitionId="00000000-0000-0000-0000-000000000000" RequestId="00000000-0000-0000-0000-000000000000" TargetId="00000000-0000-0000-0000-000000000000" xmlns:ns1="clr-namespace:Unify.Product.EventBroker;Assembly=Unify.EventBroker.PortalWorkflow, Version=3.0.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" 
xmlns:ns0="clr-namespace:Microsoft.ResourceManagement.Workflow.Activities;Assembly=Microsoft.ResourceManagement, Version=4.0.3594.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
	<ns1:EventBrokerChangesActivity x:Name="authenticationGateActivity1" EndPointAddress="http://FIMEVENTBROKER:59990/EventBroker/EventBrokerManagementStudio.svc" OperationListName="{x:Null}" EndPointConfigurationName="ServerNotifications" Description="Invokes a specified Event Broker operation list. This activity should only be used to specify either an incoming operation list for the FIM Portal MA, or to point at a baselining operation list." OperationListGuid="aba8517a-92e8-41b6-8e5d-5468e12f8bbf" />
</ns0:SequentialWorkflow>'.

Unable to to install Event Broker Changes Activity due to PermissionDeniedException.

I am logged in as the FIMService account, which is also an administrator of the FIM Portal.

When I run the ConfigureEventBrokerChangesActivity.ps1 script I get the following error:

Import-FIMConfig : Failure when making web service call.
SourceObjectID = dc42094d-0f86-4035-8a98-38b3520669c9
Error = Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Policy prohibits the request from co
mpleting. ---> Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Policy prohibits the request from
 completing.
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Create createBody)
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()
   --- End of inner exception stack trace ---
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()
   at Microsoft.ResourceManagement.WebServices.ResourceManager.CreateResource()
   at Microsoft.ResourceManagement.Automation.ImportConfig.Create(String objectType, List`1 changeList)
   at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
At C:\Program Files\UNIFY Solutions\Event Broker\Portal Workflow\ConfigureEventBrokerChangesActivity.ps1:67 char:27
+ $fimAIC | Import-FIMConfig <<<<
    + CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
    + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

Is there anything that I am missing? My assumption is that the administrator account should have permission to do this. If this is not true, then we should document how to change this permission.

As per EB31:Active Directory Sync Changes, the plugin was designed to include tombstone objects as part of the check. Confirm this functionality is working.

Might pay to double check the code, as I seem to recall setting a property for this, as well as testing it myself.

When running ConfigureEventBrokerChangesActivity.ps1 the green bar across the top of the PowerShell script window says:

Importing change {0}
Importing change 1

One of the largest tasks when managing the operations of Event Broker is operating on its schedule. From week to week, the schedule for a system may change as backup schedules change, clashes are found, or implications for other systems are discovered. In large solutions, it can be a number of months before a suitable schedule is decided on such that all interested parties are not affected adversely, and that all operations are given fair time to complete unhindered.

This process is quite arduous due to v2.2.x's scheduling interface, and the fact that schedules are stored all over the place. To get a full picture of what operations occur during a week, for instance, you need to manually check every operation list, and draft a schedule for yourself. This could be made much more efficient by having a mechanism for displaying a week or a month's schedule.

It would also be useful to have highlighted areas where contention or clashes occur regularly. For instance, if a weekly full sync is constantly clashing with export operations, it would be useful to have at the very least some sort of notification for this sort of behaviour, and perhaps suggestions of suitable times for these to run.

Moreover, it would be useful to highlight when an operation is taking much longer than expected. Event Broker could calculate the average run time for an operation, and feed back when the operation takes far longer than this amount of time.

While this may be "visions of grandeur", having Event Broker make scheduling much "smarter" would be a big step forward in the maturation of the product.