Overview

PowerShell standard or check operations fail with a message similar to:

Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information.        

Affected Software

• MIM Event Broker
• PowerShell

Symptom

Either standard or check PowerShell operations fail with a Mixed Mode exception listed above.

Resolution

The application configuration of the Event Broker service will need to be updated with the following configuration, under the configuration element:

<startup useLegacyV2RuntimeActivationPolicy="true">
  <supportedRuntime version="v4.0" />
</startup>        

This configuration file can be found by default at:

C:\Program Files\UNIFY Solutions\Event Broker\Services\Unify.Service.Event.exe.config        

Description

During MIM Event Broker operation, the run profiles and management agent names presented on the interface are not consistent with those present in MIM. Run profiles may also fail to fire, and seem to be referencing old run profile names. This can occur as a result of a change to the MIM Synchronization Service configuration.

Affected Software

• MIM Event Broker
• Microsoft Identity Manager

Symptom

Run profile and management agent names are not displayed consistently with those that are present in the MIM instance. MIM Event Broker also displays alerts referencing errors that have occurred whilst attempting to execute a specific run profile, where the specified name does not exist. The following error may appear in the logs:

Operation ec28464f-e34b-448f-9d54-d9d577874500 failed in operation list with id 20a2aa29-aa98-4770-9db5-e8e2cd3fcc61 for the following reason.
This is retry number 0: System.Runtime.Remoting.ServerException: Operation for management agent with id 9f6ef9ad-ae71-4d9f-a351-d9e0734c0909 with name Full Import Full Sync failed with result no-start-unknown-profile-name
		

Solution

The behaviour mentioned in the Symptoms can occur when management agents and run profiles are either renamed or removed in MIM.

If management agents and run profiles have been renamed:

• Navigate to the Agents page, and click on the Refresh icon located next to the appropriate FIM agent.

If MAs and run profiles have been readded or removed:

• Edit the configuration for problematic run profile operations so that they reference an existing run profile.

Description

After configuring the MIM Event Broker Changes Activity to run an operation list, and adding it to a relevant MPR, the workflow fails due to a PostProcessingError, with a missing endpoint element listed as the reason.

Affected Software

• MIM Event Broker
• MIM Event Broker Changes Activity
• MIM Service and Portal

Symptom

The following error message is returned by the MIM Event Broker Changes Activity when an attempt is made to run an operation list:

Error connecting to MIM Event Broker, please review the inner exception: Could not find endpoint element with name 'ServerNotifications' and contract 'EventBrokerService.IEventServiceCollector' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this name could be found in the client element.        

Solution

This error usually means there has been an error trying to match the configuration present in the Microsoft.ResourceManagement.Service.exe.config of the MIM Service. Please confirm the steps listed here have been followed correctly, and ensure that the MIM Service is restarted following any changes.

Description

Particular operations begin failing following the deletion of an agent, and the logs suggest that the operation needs to be updated with a new agent.

Affected Software

• MIM Event Broker

Symptom

When an operation list attempts to run, the following error appears in the logs:

Operation ccdb05f0-a7aa-4764-b7ff-0f88d748c293 failed in operation list with id 76809adb-cbef-4bdd-8f06-808e33b2af13 for the following reason. This is retry number 0:
Unify.Product.EventBroker.UnifyConfigurationException: Incorrect or missing agent configuration. Please update the operation with a new agent. ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Product.EventBroker.IdentityBrokerChangesPlugInFactory.CreateComponent(ICheckOperationFactoryInformation factoryInformation)
...Operations dependent on agents may also not display correctly, such as run profile operations:

Resolution

This is caused by deleting an agent that has dependant operations configured to use it. For this reason, deleting agents is generally not recommended.

Each dependant operation must be updated to use a new agent of the appropriate type. Once the new agent is correctly configured, simply go through the configurations of each of the affected operations and select this new agent. If there have been no changes in the target system to any of the unique identifiers stored by MIM Event Broker (run profile identifiers from FIM, for instance), the operation will be able to use the original configuration for the new agent.

Description

When attempting to run the ConfigureEventBrokerChangesActivity.ps1 script when installing the MIM Event Broker Changes Activity, the script fails. The Requests section of the MIM Portal reveals a Denied error has occurred.

Affected Software

• MIM Event Broker
• MIM Event Broker Changes Activity
• MIM Portal

Symptom

When attempting to run the PowerShell script, the following error appears in the script window:

Import-FIMConfig : Failure when making web service call.
SourceObjectID = dc42094d-0f86-4035-8a98-38b3520669c9
Error = Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Policy prohibits the request from co
mpleting. ---> Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Policy prohibits the request from
 completing.
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Create createBody)
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()
   --- End of inner exception stack trace ---
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()
   at Microsoft.ResourceManagement.WebServices.ResourceManager.CreateResource()
   at Microsoft.ResourceManagement.Automation.ImportConfig.Create(String objectType, List`1 changeList)
   at Microsoft.ResourceManagement.Automation.ImportConfig.EndProcessing()
At C:\Program Files\UNIFY Solutions\Event Broker\Portal Workflow\ConfigureEventBrokerChangesActivity.ps1:67 char:27
+ $fimAIC | Import-FIMConfig <<<<
    + CategoryInfo          : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
    + FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig
        

A similar error message appears in the MIM Portal itself under the Requests section.

Resolution

This error is due to the MPR configuration of the Portal preventing the addition of a new Activity Information Configuration. Refer to information on configuring the Activity Information Configuration (AIC) here, or consult your MIM Portal administrator.

Description

Some scheduled Operation Lists do not seem to be running, and there is no feedback in the logs pertaining to the cause of the issue.

Affected Software

• MIM Event Broker

Symptom

MIM Event Broker displays the operation list as running, however, the list is not executing contained operations.

Resolution

This behaviour is due to the problematic operation list being contained in an exclusion group and is attempting to run whilst another member is already operating. Ensure that operation list schedules are planned appropriately such that unexpected blocking does not occur. See Schedules for further details.

Description

Successive updates to the MIM Portal results in operation lists configured with the MIM Event Broker Changes Activity to fire on the first update, blocking execution of subsequent calls to MIM Event Broker.

Affected Software

• MIM Portal
• MIM Event Broker

Symptom

After a large number of changes occur in the MIM Portal in succession, the Portal logs show that the workflow has successfully run each time. However, some changes may have been missed as they were processed after the import had completed.

Resolution

In order to ensure an optimal configuration for the Portal Workflow, please follow the recommendations made in the activity's Usage Considerations.

Description

MIM Event Broker service cannot be started, and a System.Exception: Port X is in use message appears in the Windows Event Viewer. With the default configuration, this message will read System.Exception: Port 8080 is in use.

Affected software

• MIM Event Broker

Symptom

• The MIM Event Broker service cannot be started on a machine due to a port exception.

Solution

This issue usually occurs because the web engine is attempting to host MIM Event Broker on a port that is already in use when the service is started.

Possible steps to resolve:

• Verify the web engine is not attempting to use a port that is known to be in use by another application.
• A web browser may still be listening to the MIM Event Broker port even after the service has been stopped, and as such, the web browser instance must be closed to completely clear the port for re-use (not just an FIM Event Broker tab, for instance).
• Restart the DNS service, as this has been known to hold on to ports.
• If that does not resolve the issue, execute the following command netstat -aon | findstr :8080 (replacing 8080 with the appropriate port number)
  • The number on the right is a process id - look at the task manager and try and find this id.
  • If possible, close or restart the process with the id that was found.
• Use the command tasklist to match the id with the process name.

Description

The MIM Event Broker management studio cannot be accessed and is instantly redirected to the default ASP.net error page. Subsequently an exception is displayed in the FIM Event Log Viewer that details that The current identity does not have write access to '%.NET Installation Directory%\Framework/x64|Version|\Temporary ASP.NET Files.

Affected software

• FIM Event Broker

Symptom

The MIM Event Broker management studio cannot be accessed and a warning similar to the following exception can be seen in the Windows Event Viewer:

...
Exception information:
    Exception type: HttpException
    Exception message: The current identity (ExampleDomain\ExampleUser) does not have write access to 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'.
   at System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection compilationSection)
   at System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags, PolicyLevel policyLevel, Exception appDomainCreationException)
...

Solution

This problem may occur when an a particular user does not have the required permissions to write to the Temporary ASP.NET Files directory of the host machine.

For more information on the Temporary ASP.NET Files directory see http://msdn.microsoft.com/en-us/library/ms366723.aspx

To give the particular user the required permissions, open command prompt and redirect to the directory that holds the Temporary ASP.Net Files directory; which should subsequently be by default:

cd C:\Windows\Microsoft.NET\Framework64\v4.0.x\

And execute the following command, making sure to replace |SPECIFIC_USER| with the desired Service Account.

aspnet_regiis -ga "|SPECIFIC_USER|"

Description

MIM Event Broker service will not start and the following exception can be seen in the Windows Event Viewer Unify.Framework.UnifyServerStartException: The request to create a WCF end-point for Event Broker has failed due to lack of permissions to create a WCF end-point with the specified namespace.

Affected Software

• MIM Event Broker

Symptom

The MIM Event Broker service cannot be started and the following details can be seen in the Windows Event Viewer:

Service cannot be started. Unify.Framework.UnifyServerStartException: The request to create a WCF end-point for Event Broker has failed due to lack of permissions to create a WCF end-point with the specified namespace. In order to give permissions for the end-point to be opened, run the Windows Command Prompt as administrator and run the following command:
netsh.exe http add urlacl url=http://+:|PORT|/ user=|USERNAME|
For more information search for information on the inner exception provided to this exception message. ---> Unify.Product.EventBroker.UnifyStartupException: The request to create a WCF end-point for Event Broker has failed due to lack of permissions to create a WCF end-point with the specified namespace. In order to give permissions for the end-point to be opened, run the Windows Command Prompt as administrator and run the following command:
netsh.exe http add urlacl url=http://+:|PORT|/ user=|USERNAME|
For more information search for information on the inner exception provided to this exception message. ---> System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:59990/EventBroker/EventBrokerManagementStudio.svc/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   --- End of inner exception stack trace ---
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.HttpChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Unify.Product.EventBroker.EventBrokerEngine.Start()
   --- End of inner exception stack trace ---
   at Unify.Product.EventBroker.EventBrokerEngine.Start()
   at Unify.Framework.UnifyEngine.Start()        

Solution

This issue occurs because the Service account does not have sufficient permissions to create a WCF end-point on the specified port (by default this is 59990).

To provide the service account with the required permissions enter the following into command-prompt.

netsh.exe http add urlacl url=http://+:DESIRED_PORT/ user=DESIRED_SERVICE_ACCOUNT        

Other solutions include:

1. Changing the service account to an account that has the required permissions - specifically if the original service account should not be able to host services on specific ports.
2. Changing the port to one that the original service account supports - specifically if the service account cannot/should not be changed.