Presence of invalid FIM Agent causes errors creating Operation Lists

Bob Bradley 13 years ago updated by anonymous 9 years ago 8

While unsuccessful in creating the FIM Agent, I was however able to create Operations and Operation Lists ... albeit incomplete. This was only possible after deleting the ill-configured FIM Agent, as while this was in existence, the following error details were generated:

System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Access denied (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: Access denied ----> System.Management.ManagementException: Access denied at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Unify.Product.EventBroker.FIMAgent.GetManagementAgents() — End of inner ExceptionDetail stack trace — at Unify.Product.EventBroker.FIMAgent.UnauthorizedAccessExceptionHandler(ManagementException managementException)
at Unify.Product.EventBroker.FIMAgent.ExceptionHandlerT(T exception, IEnumerable`1 exceptionHandlers)
at Unify.Product.EventBroker.FIMAgent.GetManagementAgents()
at Unify.Product.EventBroker.FIMAgent.UpdateManagementAgents()
at Unify.Product.EventBroker.AgentRequestResponseEngine.FIMAgentGetManagementAgentsRequestAction(IAgent agent, XElement details, Guid agentId)
at Unify.Pro...).

It is obvious from the stack that the FIM Agent is intended to support retrieval of management agent details, so the question remains what of the FIM MA itself? I am suspecting this is an oversight to some extent ... but I hope it isn't, as it's part of the core FIM configuration itself (a special MA case), with its own run profiles like any other MA, and is the reason for the need for the new FIM Portal Integration plug-in developed by Matt.


I've recorded my (solo) LiveMeeting experience with the install, but am not in a position to upload this anywhere yet, and am not sure it has any value at this point beyond what is visible in this and the previous EB-231 post. However I will upload this to my sky-drive on request ... it does show you how someone might go about installing the product based mainly on intuition, and come undone before very long. I did some pretty silly things (you might think), but I imagine I won't be the first to browse to http://localhost:8080/ without reading that I needed to manually start the service . Sure you spelled this out, but the installer should really be able to start the service automatically I would have thought, and little seemingly trivial things like this will probably save a stack of unnecessary support calls. I even took 3 attempts (in my tiredness) to get the !@~&##*@ URL correct, so a link to this on the last page of the installer wizard would have saved this too.

Hi Bob,

As I said on the other item, yes, there does appear to be some confusion. Based on advice from Matt I believed the FIM MA to be readily accessible like any other MA through the Sync Service, so if this is not the case we'll need to sit down immediately and discuss what changes need to be made.

Regarding your latest comment, some very excellent points. It would make sense that we attempt to start the service after the installer has finished, as the only thing that should really stop it is if the default web port (8080) is in use. I anticipated that people would (rightfully) have trouble finding Management Studio, so we actually added a shortcut link to it inside the Event Broker directory... but it's supposed to be in the Start Menu too, so I'll make sure that happens today and see if putting it in the installer is an option too.

Assigning this back to me so I can action those changes you raised - please see EB-231 for discussion of this FIM MA misunderstanding.

Needs to be much better.

Conferred with Patrick on the above comment - will ensure that this goes to a more informative error page

No page should ever to go an error page because it's the equivalent of hitting a wall and being unable to progress any further.

You need to redirect the user to where they were sent from and populate TempData with an appropriate message that tells them how to fix the issue.

Attached screenshot

Issues connecting to the FIM instance are now better handled. Please confirm after v3.0.0.1 is available