IdB check operation issue

Right-o.

Schedule import of data from IdB into MIM with a check operation before an MIM Operation.

EvB should see that there are changes pending and start an import.

EvB does not start MA import run profile. EvB should start MA import run profile.

On all IDB Checks as far as I am aware.

N/A

I don't believe it has ever worked in prod. 

I believe it did work in other environments. I have asked for a change to be made in Aurion in order to check, but this might take days.

N/A.  The issue is between IdB and EvB.

I have not seen any errors. I have turned on Diagnostic debugging, left it run for an hour or so and provided the logs along with the configuration to the product team for review.

Hi Matt,

I've just had a quick look through your config and logs. Based on both the operation configuration and the logs you provided, it says that the Identity Broker listen operation for Aurion Employees adapter is disabled.

The operation ID is 1d8ef480-216b-4bcd-85c2-396a4e535e4e

Can you please double check which operation you're referring to, and confirm whether it is enabled? If it is, try to capture some logs when changes are available in the adapter.

Any update Matthew Woolnough?

I've tried enabling & disabling. At that point in time, it was disabled.

How can I tell if changes are available?  Is that a non zero value in "Pending Changes" in the Adapter?

Pending changes are no longer what is checked, they represent the entities that are yet to be process during change detection/reflection. The change log and an internal flag are what is checked by MIM Event Broker. To maintain backwards compatibility across all Identity Broker versions, the service contract wasn't updated - a limitation of which is that the operation is destructive and further checks will result in a false being returned for whether there are changes available.

So how can I check the change log and the internal flag? How do I tell if EvB should be detecting a change?

When there has been a change since the last true result, evident in the change processing logs.

Sorry, I don't understand. What am I looking for in the logs? 

E.g.

20170808,01:24:12,UNIFY Identity Broker,Adapter,Information,"Request to reflect change entities of the adapter.
Request to reflect change entities of the Something (2551d598-b7b3-4f63-9d9b-bbcd1f76bd63) adapter completed with 0 adds, 11 updates and 0 deletes across 1 pages. Duration: 00:00:00.5505563",Normal

Setup

1. Installed Event Broker Service
2. Installed Event Broker Web
3. Disabled inbuilt web server
4. Configured IIS for EvB
5. Changed binding to IPv6 localhost [::0]

Migration

1. Copy Following files to new server:

• C:\Program Files\UNIFY Solutions\Event Broker\Services\Unify.Service.Event.exe.config 
• Event Broker Extension Files.

2. Start Service

3. Update MIM Agent to use correct DB Server

4. Update AD Agent to use production DCs & prod service account.

5. Edit each Operation to ensure the Check Operation & the Import/Export is on the correct MA.

Not sure why this last step is necessary, but after the migration, the Operations had incorrect MAs. 

ie. MIM Agent Aurion Schedules MA Incoming  was checking Aurion Employees MA instead of Schedules. This occurred in both test and prod.

This means your MIM configuration wasn't migrated properly - i.e. the guid's do not match between environments. MIM Event Broker attempts to find the closest match of MA and run profile names (using a variation of the Damerau-Levenshtein distance algorithm).

Everything in MIM is working fine, so not sure that it's fair to say that it wasn't migrated properly. 

Line 3298: Request to reflect change entities of the Aurion Employees (a1a52f76-06ae-43ea-9583-1937a3e899b0) adapter completed with 0 adds, 0 updates and 0 deletes across 0 pages. Duration: 00:00:00.0156196",Verbose

Then when I manually run an import, an object update is detected.

Line 3213:  Handling of LDAP search request from user mim on connection 127.0.0.1:50171 targeting UID=3824,OU=AurionEmployees,DC=IdentityBroker with a scope of BaseObject completed successfully. Results: 1. Duration: 00:00:00.0937461.",Normal

IdB Logs.txt

What is the question?

The run import operation didn't run, even though there was an update pending.

Were there any other reflected objects since the last EB IdB check was run? If there weren't any updates as far as Identity Broker was concerned, then there wouldn't be anything for EB to pick up.

Also, what was the change that EB picked up? Is it a change that you made to the ohject? What is the sequence of events that you performed?

I did nothing for a few days, then manually ran an Delta Import and Delta Sync on the Aurion Employees MA.  A single update was detected. 

The previous time it had run an import was 6:30 in the morning. Not sure if this was manually run, or Event Broker ran it. 

My expectation was that Event Broker would have detected the pending change & ran an import, but it looks in the logs in the following line as though it didn't detect it. 

Line 3298: Request to reflect change entities of the Aurion Employees (a1a52f76-06ae-43ea-9583-1937a3e899b0) adapter completed with 0 adds, 0 updates and 0 deletes across 0 pages. Duration: 00:00:00.0156196",Verbose

I pointed out that log so that you could test the object update and MIM Event Broker detection in isolation. It shows that a change was calculated in Identity Broker, it's not the call that is logged when MIM Event Broker detects a change.

Found the following in the logs. The suspicion is that the operation tried to run, but was blocked. Have implemented retries with 1min delay & 5 retries across all MAs.

20171027,01:10:57,UNIFY MIM Event Broker,Operations,Error,"Operation Run Profile Operation - Run Profile: DIDS with id a828dd71-7b33-4926-be7c-13676c899057 failed in the operation list MIM Agent Aurion Employees MA Incoming with id 1d8ef480-216b-4bcd-85c2-396a4e535e4e for the following reason. This is retry number 0: System.Runtime.Remoting.ServerException: Operation for management agent with id 40329f6e-19a2-4d34-a4b9-7606d28d8488 with name DIDS failed with result call-failure:0x8023063D
   at Unify.Product.EventBroker.MIMAgent.ExecuteRunProfile(Guid agentId, Guid managementAgentDetailsKey, Guid runProfileDetailsKey)
   at Unify.EventBroker.Agents.Audit.MIMAgentAuditingDecorator.ExecuteRunProfile(Guid agentId, Guid managementAgentKey, Guid runProfileKey)
   at Unify.Product.EventBroker.RunProfilePlugIn.Execute()
   at Unify.EventBroker.PlugIn.Audit.OperationAuditingDecorator.Execute()
   at Unify.Product.EventBroker.OperationListExecutorBase.RunNextOperations(IEnumerator`1 operationEnumerator)",Normal