I have noticed following exception on incoming and outgoing tasks of admintribunal.internal ADMA management agent. EvB is able to trigger run profiles however following exception may cause operations to be interrupted. Log file attached with the ticket.

{{
20150712,00:00:36,FIM Event Broker,Operation List Executor,Information,Operation list FIM Agent admintribunal.internal ADMA Outgoing finished,Normal
20150712,00:00:38,FIM Event Broker,OpenLDAPTriggerPlugIn.ResultsCallback,Error,"System.DirectoryServices.Protocols:
System.DirectoryServices.Protocols.DirectoryOperationException: The server cannot handle directory requests.
at System.DirectoryServices.Protocols.LdapPartialResultsProcessor.GetPartialResults(LdapPartialAsyncResult asyncResult)
at Unify.Product.EventBroker.OpenLDAPListenPlugIn.ResultsCallback(IAsyncResult result)",Normal
20150712,00:00:38,FIM Event Broker,OpenLDAPTriggerPlugIn.ResultsCallback,Error,"System.DirectoryServices.Protocols:
System.DirectoryServices.Protocols.DirectoryOperationException: The server cannot handle directory requests.
at System.DirectoryServices.Protocols.LdapPartialResultsProcessor.GetPartialResults(LdapPartialAsyncResult asyncResult)}}

Clicking on the http://localhost:8080/About link shows nothing next to the "About:" label. Expect it is supposed to say something about the version being 3.1.*

James Booth just raised this with me over a Lync IM chat, and I have confirmed it with CSODBB as well. Figure it should be brought to your attention this way.

Attaching a screenshot shortly

If an invalid Identity Broker endpoint is entered into an Identity Broker agent, the following error is thrown when the connection is tested:

The test of Agent Test 3 IdB (580d394e-98fe-4657-ba2f-eb4cd41bd348) failed with message:
System.Net.Sockets.SocketException (0x80004005): The requested name is valid, but no data of the requested type was found
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at System.Net.Sockets.TcpClient.Connect(String hostname, Int32 port)
at Unify.Product.EventBroker.IdentityBrokerAgent.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)

The error message could be made clearer so as to hint that it is likely the endpoint address which is wrong or uncontactable.

We are currently experiencing some severe memory issues in the Test 1 environment in IE 8. It seems to be exhibited by the Operations screen. I had 3 operations enabled amongst around 30 disabled operation lists. Internet Explorer is sitting at 1.7GB and climbing. The Event Broker service, however, is at normal memory usage (see screenshots).

I have had this screen open in Chrome overnight in the past with a number of operation lists and do not recall seeing this behaviour, although this would be something to investigate also.

In a FIM 2010 sync configuration we now have contacts, users and groups under management, with multiple AD MAs. One configuration option I am considering is consolidating all AD run profiles in a single EvB operation, considering a change to one object type will necessitate a delta import for each of the 3 AD MAs we have in place (same domain - different purposes).

The LDAP query I am trying is the following:

(|(&(objectClass=group)(groupType=-2147483644))(&(|(objectClass=user)(objectClass=contact))(objectCategory=person)))

i.e. give me changes in any security group, contact or user.

The initial query understandably took some time to execute (since I have 59664 objects matching this query) but seemed to work OK. Can I expect that this query will be effective when subsequently run every 10-15 seconds, or is there another approach that's preferable?

The reason I ask is that a user account deletion occurred which didn't trigger an import, so I decided to reconfigure this and give it a more specific query (has anyone else had trouble with deletes not being detected?).

No investigation required here - just a short response on/direction to best practice advice really. I am going to revisit CSODBB-172 today as well ... still to settle on the optimal EvB configuration here, so I will be trying a few different ideas but am keen to understand the constraints I am working with.

A particular set of group configurations can prevent the user from the use of core system functionality.

If a field is populated with data for which the length surpasses the maximum content string length quota - and it is not caught by the controller before being sent to the service - an exception will be thrown {and will not be gracefully caught by EventBroker.

This can have serious ramifications - first consider the following example:

• A group is created with a name or description that breaches the above Maximum content string length quota
• It is not caught by the Controller, and a potentially dangerous set of user input is sent to the service.
• The service considers this input as valid - and registers it against the configuration engine.
• However, the Maximum content string length quota will now throw an exception whenever the dangerous input is displayed on screen.
• Using the example of a dangerously configured group, this includes:
  • The groups index page
  • The group edit / update page
  • The operation list home page
    And any other page that needs to retrieve the configuration of a dangerously configured group.
    Consider extrapolating this problem to any potentially unprotected fields.

The icon for the UNIFY Event Broker Management Studio.url file appears correctly in the shortcut in the Start Menu, but not in the Event Broker directory itself.

I have an instance of ADAM running on the legacy ILM server which is required to be retained in the new FIM configuration where FIM Sync is a remote Win2008 server. FIM Sync can perform read/write actions to this instance of ADAM, and I can perform LDAP binds using LDP.EXE in the context of a specified service account TESTINTERNAL\miisadamsvc.
However when I create an EvB agent for this ADAM service the following error is always shown in the EvB logs:

The test of Agent Legacy ADAM (73063509-8fdd-436c-8855-d0525dbb2ff1) failed with message:
System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at Unify.Product.EventBroker.OpenLDAPAgent.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)

Parameters set are as follows:
Name: Legacy ADAM
Server: act01ilm01.testinternal.govt/DC=deh,DC=gov,DC=au (I have tried just with the server but that fails, and the working codeless framework requires this full instance path so I figure this should too)
Authentication: Negotiate (I have tried Basic and all other options)
Username: TESTINTERNAL\miisadamsvc

Remote LDP binding with the same user from the EvB server as above works fine:

0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
	{NtAuthIdentity: User='miisadamsvc'; Pwd=<unavailable>; domain = 'testinternal'}
Authenticated as: 'TESTINTERNAL\miisadamsvc'.
-----------

I installed Event broker (UNIFY FIM Event Broker v3.1.0 RTM x64.msi) version v3.1.0 on Server 2012 (AD) with FIM 2010 R2 version 4.1.3.419.0, I used stranded installation guide from Jira as follows:
1. For the service account the FIM Event Broker service will operate, the service account must have the following:
(Account used is called “svc_fim_tst_Ebroker”)
2. • Open the command prompt with administrative privileges and run the command:
 “netsh.exe http add urlacl url=http://+:59990/ user=VUW\ svc_fim_tst_Ebroker
3.Ensure the service account has Membership in the FIMSyncAdmins group;
4.Run the UNIFY FIM Event Broker setup program (UNIFY Event Broker for FIM v3.1.0 RTM.msi);
5.Set the Service start Automatically and Start the service.
6.(http://localhost:8081/)

Clicking on the default link returns
•Make sure the web address http://localhost:8080 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.

Is there something I have missed ? followed the same process in server 2008 and worked last time I configured it.

In order to accommodate the tendency for clients to want to specify which disk log files are written to, it is desirable that the location of log files is made configurable. Presently it appears only the logDaysToKeep property can be set, and I have this at the default 5 value in a shared lab environment. Log files are presently being written to c:\Program Files\UNIFY Solutions\Event Broker\Services\Logs, and so as a mitigation strategy to avoid excessive disk usage I have set this up as a compressed folder.

The Event Broker 3.0 service/scheduler has been in place and running for 3 days now (in what amounts to a shared development environment between DEEWR developers and us the FIM implementors). In that short time we now have 15 Mb across 3 log files, todays presently showing 13,371 log file entries. By the time we stabilize at 5 days of logs, we will have between 25 and 30 Mb of logs in 5 files ... unless we want to increase the number of days ... and it's not beyond the realms of possibility that this could be upwards of 90 days.

All other solution log file locations are configurable, and this should be no different.

No real urgency - just a consideration for the next release, where I imagine the full gammit of logging options available to Identity Broker (including Windows Event logs) are probably going to be considered anyway.

P.S. No work should be billable to the client in this case - the issue is raised by myself and has not been brought to the attention of the client (but will no doubt come up when we do our first deployment).