When an export run profile executed for the FIM MA resulted in a "completed-export-errors" return status, the Outgoing Pending Check Operation continued to report on the change pending, resulting in the operation list firing indifinitely. The "success statuses" for the configured FIM Agent correctly includes this status value explicitly, since the failure is for individual export failure(s) and not the batch as a whole.

When an export failure occurs, an indicator is set for the connector space object in the FIMSynchronizationService database, and this should be used as a "circuit breaker" to prevent infinite looping (until the problem is resolved, which may take days/weeks/months ...). However, care must be taken to ensure that once the indicator is cleared, the export is allowed to fire once more ... see https://unifysolutions.jira.com/browse/EB-203 for a detailed explanation of this problem witnessed with EvB 2.0.3 (the fix for which may have inadvertently led to this problem).

While unsuccessful in creating the FIM Agent, I was however able to create Operations and Operation Lists ... albeit incomplete. This was only possible after deleting the ill-configured FIM Agent, as while this was in existence, the following error details were generated:

Error
System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Access denied (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: Access denied ----> System.Management.ManagementException: Access denied at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Unify.Product.EventBroker.FIMAgent.GetManagementAgents() — End of inner ExceptionDetail stack trace — at Unify.Product.EventBroker.FIMAgent.UnauthorizedAccessExceptionHandler(ManagementException managementException)
at Unify.Product.EventBroker.FIMAgent.ExceptionHandlerT(T exception, IEnumerable`1 exceptionHandlers)
at Unify.Product.EventBroker.FIMAgent.GetManagementAgents()
at Unify.Product.EventBroker.FIMAgent.UpdateManagementAgents()
at Unify.Product.EventBroker.AgentRequestResponseEngine.FIMAgentGetManagementAgentsRequestAction(IAgent agent, XElement details, Guid agentId)
at Unify.Pro...).

It is obvious from the stack that the FIM Agent is intended to support retrieval of management agent details, so the question remains what of the FIM MA itself? I am suspecting this is an oversight to some extent ... but I hope it isn't, as it's part of the core FIM configuration itself (a special MA case), with its own run profiles like any other MA, and is the reason for the need for the new FIM Portal Integration plug-in developed by Matt.

Issue hit with Event Broker 3.0.0 RTM. When configuring the FIM Agent in EvB when EvB resides on a FIM synchronisation server and the FIMSynchronizationServer database resides on a separate SQL server, the server name entered in the Database Connection details dialogue must be fully qualified otherwise the error below occurs. Recommend documentation update to include this requirement.

The FIM agent test is failing with the message: "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - The requested name is valid, but no data of the requested type was found.)". Ensure the agent is configured correctly and the target system is running.

I have a script which works correctly when I run it manually. When run through Event Broker I get this:

Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information

I found APRA-82 with the same problem but can't see what the resolution was after reading through all the comments.

The line that is causing the error is the one where I try and run a SQL query:

Invoke-SQLCmd ($sqlquery -f $timestamp,$MAName,$xmlstring) -SuppressProviderContextWarning

On outbound runs that are scheduled for - say every 30 minutes - only execute the export if there is something to export. i.e. if the export is for a CSV file, and there may or may not be data to send. However, we may want to "wake-up" and attempt to generate an export if there is something to send. Priority is medium.

Bob I can confirm that I have seen this bug when specifying a schedule for an outgoing operation list (no such problem observed when no schedule specified to override the default 10 seconds). The problem report #249 is (kind of) related.

In the event that Event Broker cannot contact the ILM service for whatever reason (service is off/unresponsive), masses of DCOM errors are thrown to the System log in the Windows Event Viewer:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

This is likely an artifact of WMI communication failing. If possible, it would be good to remove this issue, and if not, then it should be noted with the documentation. Consequentially, this is worth looking at for v3.0

This question from IBM resource at DET - building the FIM solution. I could not find mention of the FIM portal in the 2.2.3 doco.

What is the change detection plug-in/method used for FIM Portal MA?

Currently we have configured EvB in the following manner for FIM Portal MA.
Outgoing Operation

• Run Profile - Export
• Run Profile - Delta Import and Delta Synchronization (DIDS)

Scenario:
EvB is running. A new user is created in the source system and imported into the Sync Service. The Outgoing operation for FIM MA is fired by Event Broker but when the DIDS is run there are no further changes. What we are expecting is that there will be a pending target system ERE for the user.
In this case flow a value to an attribute in the target system.

So my question is what is the standard configuration or plug-in used for detecting changes in the FIM Portal.

Thanks

I'm experiencing some issues with delta changes with the event broker changes plugin and just want to check whether there is some additional steps or advice that I should follow in regards to configuring it.

The scenario is that I have an approval workflow that will trigger the event broker changes plugin to notify FIM once a change is approved. If I select a single attribute to approve this functions fine, FIM is notified of the delta and the change is imported.

Where I am having an issue is if multiple approvals are pending and I select several of them at once and approve in one action, it seems there is a high probability that only one of the changes will make it into FIM. The delta import appears to fire at the completion of processing the first request and the second one is approved while this delta is running and gets lost and no event is triggered to run a second delta.

I had the FIM Incomming operation configured without a schedule but have now enabled one as a work around for this but I want to check whether there is a likely issue with how I have configured Event broker or if there is a timing issue.

As far as configuration is concerned, the FIM Incoming operation just executes a Delta Import Delta Sync with no check operations. It is set to "Queue Missed". The changes being triggered above are all on the one object (changing multiple attributes of one User, but the approval seems to do them sequentially as each attribute is its own approval request)

Edit: Event Broker and the Changes Plugin are on 3.0.1

edit 2: Please see additional clarrification bellow. I should have said there are two workflows and that accepting one causes the action to trigger, not that the trigger is on an approval workflow.

Customer reported he was unable to run PowerShell scripts from Event Broker. We tried both the PowerShell Script and PowerShell Execute activities and the error was always along the lines of "file not found".

Initially he had the script in the root of drive E:. I had him move it to E:\test but EB still couldn't find it. Then we tried drive C: and this time EB found the script and ran it correctly.

As the customer is using Win 2012 and IIS 8 there is perhaps a compatibility issue?

After installing Event Broker on Production, the FIM agent is failing with the following error message:
The test of Agent FIM (238a0962-e8f2-41c6-acb0-4bcf7fa2ff1f) failed with message:
System.Data.SqlClient.SqlException (0x80131904): Cannot open database "FIMSynchronizationService" requested by the login. The login failed.
Login failed for user 'INTERNAL\FIMAdminUser'.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning()
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, TimeoutTimer timeout)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, TimeoutTimer timeout, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
at Unify.Product.EventBroker.FIMAgent.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)

Have already compared the installation to the Integration env.(which works) and could not find what might be the reason it's not working on Productions.

I would appreciate any advice.

Regards,

Meni Ariely