When switching from a PowerShell to C# connector for the same schema, the following error occurred when attempting to refresh the adapter (after Generate Changes):

Request to reflect change entities of the adapter.
Request to reflect change entities of the DotEE Company (1425b9d9-bdd2-4786-81ae-8c09272a0750) adapter errored with message: An error occurred retrieving the distinguished name component for field 'companyCode' of type CN. See inner exception for details.. Duration: 00:00:00.0937585
Error details:
Unify.Framework.UnifyDataException: An error occurred retrieving the distinguished name component for field 'companyCode' of type CN. See inner exception for details. ---> Unify.Framework.Collections.GroupedNameValueCollectionMissingFieldException: The entity does not contain a value for the companyCode field.
   at Unify.Product.IdentityBroker.EntityBase`3.GetValueEntry(TKey key)
   at Unify.Product.IdentityBroker.FieldTemplateDistinguishedNameComponentExecutor`2.Get(TEntity entity)
   --- End of inner exception stack trace ---
   at Unify.Product.IdentityBroker.FieldTemplateDistinguishedNameComponentExecutor`2.Get(TEntity entity)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.IO.DistinguishedName..ctor(IEnumerable`1 components)
   at Unify.Product.IdentityBroker.TemplateDistinguishedNameExecutor`2.DistinguishedName(TEntity entity)
   at Unify.Product.IdentityBroker.Adapter.<>c__DisplayClass120_0.<ConvertPageAndUpdateContainers>b__1(IEntity entity)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.Adapter.ConvertPageAndUpdateContainers(IEntity[] entities, Boolean updateContainers)
   at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner()
   at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
   at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges()
   at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
   at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<RunBase>b__9_0(IOperationalAdapter adapter)

Hi Guys,

Couldn't find an existing ticket or knowledge ticket about this so I though I would start one.

In the past I have design schedules and exclusion groups around the idea that you could not import from an adapter and do an import on the relative connector at the same time as it would cause sluggishness within Broker. Additionally, reading from an adapter while UNIFYBroker is committing changes will also cause some sort of locking (whether it locks up entirely or whether it just take long while doing so).

So I was hoping you could tell me about how UNIFYBroker handles concurrency. More specifically what operations it can do at the same time. Eg:

• Can you import from two connectors at the same time (both if its a one to one adapter relationship or a many to one)?
• Can you import from the an adapter while an import is being run on the respective connector
• Can you do a import all and a delta import at the same time without anything locking up (not that I do this, but it happens from time to time)?

If you can let me know of any operations that couldn't be run at the same time that would be great, as it would be good to define a concrete way to schedule UNIFYBroker operations.

Thanks

After my recent experience with upgrading Identity Broker there are a couple of nice-to-haves in the installer that would make things easier. In both cases either a warning or a log would be helpful. Admittedly, both problems could be solved by stringent documentation however the scattered nature of documentation on sharepoint and having to find one line mentions in a host of project documentation is a challenge for professional services I believe so some checks and balances in the installer itself would alleviate the problem.

1. A notification that there are non-standard assembly redirects in the unify.service.connect.exe.config and which ones are non standard. (The only way to know now is through trial-and-error or rely on documentation.)

2. A notification of all .dlls that are found that are patches from previous installs. (the only way to find now is to uninstall rendering in place upgrade risky or relying on documentation.) This one is relevant to both UNIFYBroker and UNIFYNow.

Hello,

Recently updating UNIFYBroker from 5.0.4 to 5.3.2 and am now receiving this below error in the IdB logs.

I am also having issue updating the IdB maangement agents after the update. FIM is able to successfully retrieve the interfaces but when I click ok on the Connectivity Tab it give me the following error:

FIM also produces the following error in the log:

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: Unify.Product.IdentityBroker.UnifyLDAPException: Could not retrieve a valid last change number.
at Unify.Product.IdentityBroker.RootDSEGenerator.GetLastChangeNumber()
at Unify.Product.IdentityBroker.RootDSEGenerator.AddLastChangeNumber(IDictionary`2 resultAttributes)
at Unify.Product.IdentityBroker.RootDSEGenerator.BuildRootDseEntry(HashSet`1 attributes)
at Unify.Product.IdentityBroker.RootDSERequestHandler.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.RequestHandlerAuditingDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.LDAPConnection.d__35.MoveNext() - Result Code: Other ---> Unify.Product.IdentityBroker.LdapServerException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: Unify.Product.IdentityBroker.UnifyLDAPException: Could not retrieve a valid last change number.
at Unify.Product.IdentityBroker.RootDSEGenerator.GetLastChangeNumber()
at Unify.Product.IdentityBroker.RootDSEGenerator.AddLastChangeNumber(IDictionary`2 resultAttributes)
at Unify.Product.IdentityBroker.RootDSEGenerator.BuildRootDseEntry(HashSet`1 attributes)
at Unify.Product.IdentityBroker.RootDSERequestHandler.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.RequestHandlerAuditingDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.LDAPConnection.d__35.MoveNext() - Result Code: Other
at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.<.ctor>b__3_0()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at Unify.Product.IdentityBroker.LdapConnectionProxy.<>c__DisplayClass3_0.<.ctor>b__2()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at Unify.Product.IdentityBroker.LdapConnectionProxy.get_LdapSchema()
at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.1.3646.0"

Thanks

Hi Guys,

I've noticed with that latest version of UNIFYBroker v5.3 above that the Entity Search is slow for large partitions (both connectors and adapters that are usually around 300k-400k entities and about 20 or so attributes each record).

I am aware that some changes have been made to the entity search in recent versions and have raised tickets before about timeout that occur in some cases. I have noticed this occurring in both IIS and self hosted versions. The workaround for this currently is to increase the timeout value, but even when this is increase for larger connectors you can be waiting for 15~20 minutes or longer for the entity search to load. In previous versions of Broker (5.0) the old entity search would load the entities with 5~10 seconds.

So I'm proposing that the search doesn't necessarily need to be reverted but investigated as to why it take so long and to see if it can be improved. Let me know if you need any information on this, I'm happy to provide any information on environments this is currently affecting.

Thanks

Hi Guys,

Thought I would raise a feature request for this since over my last couple of upgrades of UNIFYBroker I have run into a couple of issues. Now that I have done a few installs I am now aware of a couple of these issues, but for those of us who may not be aware I think it would be a good idea to have a couple of checks in the installer (probably at the beginning like FIM Service installer has) before changes are made to UNIFYBroker.

The checks I wanted to raise are the following:

• Read/Write permissions to specific directories UNIFY Broker uses during the install (I haven't run into an issue with this but may be worth putting in)
• Account performing the install has DBOwner permissions to the UNIFYBroker database (I have been hurt by this issue a couple of times so I know it would be a great check to have)
• Check for correct version of .Net is installed on the machine

Of course all this is dependent on the installer used an how customization it is, but I think they would make a great addition.

Thanks

Hi Guys,

I have just tried to perform an upgrade of Identity Broker to the latest version (5.3.2) from 5.0.4. I have encounter a couple of errors along the way and am now stuck trying to start the UNIFYNow service. Please see my list of steps/errors below.

1. Tried to update the service using the automatic update option.
2. Encountered a database error while installing:

3. The Service installer attempted to rollback the install but failed leaving the original service uninstalled and services directory stripped of exe files (this isn't the first time this has happened to see ticket https://voice.unifysolutions.net/helpdesks/9/tickets/3720-failed-upgrade-from-idb-510-to-unifybroker-531)

At this stage I got some help to resolve this by installing the service again (manually this time) and manually ran the SQL update commands. We then came to the conclusion at this stage the the installer must be using the service all that is running the installer to execute the database commands where in both of these cases the account does not have permissions to do so, only to IDB service account has permissions to do so.

4. After manual install succeeded I attempted to start the service and it failed.

Please see the below attachments for errors and config.

Thanks

Hi Guys,

We are currently experiencing an issue about every one or two weeks, where all FIM operations that import from IdB just time out. IdB produces a few of errors and there is also one in the event log, please find all the errors below:

IDB Errors:

Handling of LDAP change log request. Handling of LDAP change log request from user idBFull on connection 127.0.0.1:60915 requesting changelog records failed with error "This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)". Duration: 00:14:59.9875915.

An error occurred on client from 127.0.0.1:60915. More details: Internal Server Error #11: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireReaderLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireReaderLock(TimeSpan timeout) at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator() at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<performsearch>d__4.MoveNext() at Unify.Product.IdentityBroker.StoredSearchResults.MoveNext() at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<finalizesearchresults>d__13.MoveNext() at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Product.IdentityBroker.LDAPConnection.<respondtomessageasync>d__33.MoveNext()</respondtomessageasync></finalizesearchresults></performsearch>

Adapter Adapter 274fbf2d-9b71-4466-9c88-7ba6e789e279 page errored on page reflection. Duration: 00:20:16.5869103. Error: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.Adapter.ReflectChanges() at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges() at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter). Error details: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.Adapter.ReflectChanges() at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges() at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter)</runbase></runbase>

Request to reflect change entities of the adapter. Request to reflect change entities of the LDAP Group (274fbf2d-9b71-4466-9c88-7ba6e789e279) adapter errored with message: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4). Duration: 00:20:16.7116713 Error details: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.Adapter.ReflectChanges() at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges() at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter)</runbase>

Event Log Error:

The extensible extension returned an unsupported error. The stack trace is: "Unify.Product.IdentityBroker.LdapOperationException: Operation timed out. at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request) at Unify.Product.IdentityBroker.LdapConnectionProxy.PartitionDeltaRequestPaged(String partitionDN, Int64 lastChangeNumber, Int32 pageSize) at System.Linq.Enumerable.d__14`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.d__14`2.MoveNext() at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items) at Unify.Product.IdentityBroker.ExtensionMethods.d__0`1.MoveNext() at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep) Forefront Identity Manager 4.1.3646.0"

I haven't noticed any one particular operation failure or time that causes this. The resolution is to restart the IdB service, after which deltas work as normal. Details on the services are as follows:

Identity Broker: 5.0.4

FIM: 4.1.3646.0

Let me know if you need any further testing done.Though it may be some time between updates as I cannot recreate the issue.

Thanks

Hi Guys,

I've been on a few calls recently with a client where they are report delta imports not working on their Aurion Personnel management agent in FIM. I have jumped in their environment and had a look and did the following steps to troubleshoot the issue:

IdB and FIM troubleshooting

* Got client to make changes in Aurion

* Ran an Import all on IdB connector to bring in change

* Ran Delta Import on Aurion Personnel MA . MA runs successfully with no error. Also no error present in IdB logs

* Ran a Full Import and change flows in as expected.

* Tried increasing the operation timeout on the MA run profile and still runs as success with no changes.

* Tried manually generating changed entities on the adapter and running a delta import and still no changes.

DB troubleshooting

* Viewed change log table and was able to see changed record for the Adapter in the log

* Viewed the changes table for the Adapter and was not able to see the change.

* Checked entity table for duplicates and no duplicates present for the Adapter.

This issue is only present on this particular MA and as mentioned produces no errors. It almost seems like IdB is do generating changes correct on the Adapter. Please see below the details for the environment and the see the comments for support documents.

UNIFYBroker: 5.3.1

Aurion Connector: 5.3.0

SQL: 2014

Let me know if you need any further information.

Thanks

CASA advised at a recent health check that "... when IDB (v5.3) page is left open for some time, an error page is shown. A refresh returns to normal operation"

I can confirm this intermittent behaviour was common for v4 but it appears to be happening with v5.

Customer to provide further detail on return from leave.