Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Pre-Installation checks for UNIFYBroker Installer
Hi Guys,
Thought I would raise a feature request for this since over my last couple of upgrades of UNIFYBroker I have run into a couple of issues. Now that I have done a few installs I am now aware of a couple of these issues, but for those of us who may not be aware I think it would be a good idea to have a couple of checks in the installer (probably at the beginning like FIM Service installer has) before changes are made to UNIFYBroker.
The checks I wanted to raise are the following:
- Read/Write permissions to specific directories UNIFY Broker uses during the install (I haven't run into an issue with this but may be worth putting in)
- Account performing the install has DBOwner permissions to the UNIFYBroker database (I have been hurt by this issue a couple of times so I know it would be a great check to have)
- Check for correct version of .Net is installed on the machine
Of course all this is dependent on the installer used an how customization it is, but I think they would make a great addition.
Thanks
Entity Search hangs with "Processing..." for Aderant Expert connector and adapter
UNIFYBroker Entity Search hangs for the Aderant Expert connector and adapter, but works just fine for all other connectors and adapters. MIM is able to read data from the Aderant Expert adapter via the LDAP gateway very quickly.
The Aderant Expert connector and adapter each have 170 attributes and around 16K records. For comparison, the Chris21 adapter has 155 attributes and around 11K records and displays just fine.
The problem occurs with both the built-in web server and IIS. While the browser is "Processing..." none of the SQL server, UNIFYBroker service or IIS are showing any significant load or unusual memory consumption. The browser is IE11.0.145, which is the only one available.
UNIFYBroker v5.3.2 Revision #0
Aderant Expert Connector 5.3.1.1
Chris21 Connector 5.3.0.0
Hey Adrian,
Thanks for this. As discussed, this is due to a high number of attributes on the page which is tripping the maxQueryStringLength setting in the web.config file while attempting to retrieve the values for these attributes.
Updating the setting to a higher value and restarting the service resolves this issue.
Log Search not returning results
Hi Gents,
This is another issue possibly related to https://voice.unifysolutions.net/communities/6/topics/3846-connector-entity-search-screen-issue
A support client has raised an incident around log search in UnifyBroker.
In short, it's not working. Putting in a search query, and hitting the search button, nothing happens.
Browser used is IE11. Environment is locked down so no other browser is available.
Installed version of UNIFYBroker is 5.3.1.1.
Closing due to no response. Feel free to re-open the ticket if the issue persists.
Case sensitive search issue in connector entity search
HI Gents,
This is possibly related to https://voice.unifysolutions.net/communities/6/topics/3846-connector-entity-search-screen-issue.
One of our support clients has raised an incident around some IDB behaviors. In this case they are seeing a change in entity search behaviour after a recent upgrade.
Previously search was case insensitive, however now it is not. "For example if we search terry nothing will result if the user is in the system as Terry."
Browser used is IE11. Environment is locked down so no other browser is available.
Installed version of UNIFYBroker is 5.3.1.1
Closing as no further details were provided and hasn't been reported as an issue by anyone else. Feel free to re-open if it continues to persist as a problem flagged by the customer.
Error received while starting service after upgrade to v5.3.2
Hi Guys,
I have just tried to perform an upgrade of Identity Broker to the latest version (5.3.2) from 5.0.4. I have encounter a couple of errors along the way and am now stuck trying to start the UNIFYNow service. Please see my list of steps/errors below.
1. Tried to update the service using the automatic update option.
2. Encountered a database error while installing:
3. The Service installer attempted to rollback the install but failed leaving the original service uninstalled and services directory stripped of exe files (this isn't the first time this has happened to see ticket https://voice.unifysolutions.net/helpdesks/9/tickets/3720-failed-upgrade-from-idb-510-to-unifybroker-531)
At this stage I got some help to resolve this by installing the service again (manually this time) and manually ran the SQL update commands. We then came to the conclusion at this stage the the installer must be using the service all that is running the installer to execute the database commands where in both of these cases the account does not have permissions to do so, only to IDB service account has permissions to do so.
4. After manual install succeeded I attempted to start the service and it failed.
Please see the below attachments for errors and config.
Thanks
These binding are already included for newer versions, and the correct versions of these resources are embedded in Broker. Going to chalk this one up to a environmental issue regarding .NET and its resource loading.
FIM Delta Import Operations Timing Out on IDB
Hi Guys,
We are currently experiencing an issue about every one or two weeks, where all FIM operations that import from IdB just time out. IdB produces a few of errors and there is also one in the event log, please find all the errors below:
IDB Errors:
Handling of LDAP change log request.
Handling of LDAP change log request from user idBFull on connection 127.0.0.1:60915 requesting changelog records failed with error "This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)". Duration: 00:14:59.9875915.
An error occurred on client from 127.0.0.1:60915. More details:
Internal Server Error #11: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireReaderLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireReaderLock(TimeSpan timeout)
at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<performsearch>d__4.MoveNext()
at Unify.Product.IdentityBroker.StoredSearchResults.MoveNext()
at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<finalizesearchresults>d__13.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.LDAPConnection.<respondtomessageasync>d__33.MoveNext()</respondtomessageasync></finalizesearchresults></performsearch>
Adapter
Adapter 274fbf2d-9b71-4466-9c88-7ba6e789e279 page errored on page reflection. Duration: 00:20:16.5869103. Error: System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter).
Error details:
System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter)</runbase></runbase>
Request to reflect change entities of the adapter.
Request to reflect change entities of the LDAP Group (274fbf2d-9b71-4466-9c88-7ba6e789e279) adapter errored with message: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4). Duration: 00:20:16.7116713
Error details:
System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__10_0(IOperationalAdapter adapter)</runbase>
Event Log Error:
The extensible extension returned an unsupported error. The stack trace is: "Unify.Product.IdentityBroker.LdapOperationException: Operation timed out. at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request) at Unify.Product.IdentityBroker.LdapConnectionProxy.PartitionDeltaRequestPaged(String partitionDN, Int64 lastChangeNumber, Int32 pageSize) at System.Linq.Enumerable.d__14`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.d__14`2.MoveNext() at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items) at Unify.Product.IdentityBroker.ExtensionMethods.d__0`1.MoveNext() at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep) Forefront Identity Manager 4.1.3646.0"
I haven't noticed any one particular operation failure or time that causes this. The resolution is to restart the IdB service, after which deltas work as normal. Details on the services are as follows:
Identity Broker: 5.0.4
FIM: 4.1.3646.0
Let me know if you need any further testing done.Though it may be some time between updates as I cannot recreate the issue.
Thanks
Unexpected-error when exporting data from MIM to UnifyBroker
Hi,
From UNIFYBroker 5.3.1 RC2, Active Directory accounts are created via the powershell connector.
MIM (4.4.1749) is exporting data to UnifyBroker. The user is created in AD with the correct AccountName.
There is no error in UnifyBroker Logs, but for each batch of users (5 at the moment), MIM is showing the error message: unexpected-error with the DN of the first user. After the creation of the user, the user doesn't appear in the Connector space. FI & FS are required to get them back and link the user in MIM.
Do you have any idea to remove this error in MIM for all executed batch? It seems to be a communication issue from UNIFYBroke to MIM.
Thanks.
Regards
Adapter not calculating changes
Hi Guys,
I've been on a few calls recently with a client where they are report delta imports not working on their Aurion Personnel management agent in FIM. I have jumped in their environment and had a look and did the following steps to troubleshoot the issue:
IdB and FIM troubleshooting
* Got client to make changes in Aurion
* Ran an Import all on IdB connector to bring in change
* Ran Delta Import on Aurion Personnel MA . MA runs successfully with no error. Also no error present in IdB logs
* Ran a Full Import and change flows in as expected.
* Tried increasing the operation timeout on the MA run profile and still runs as success with no changes.
* Tried manually generating changed entities on the adapter and running a delta import and still no changes.
DB troubleshooting
* Viewed change log table and was able to see changed record for the Adapter in the log
* Viewed the changes table for the Adapter and was not able to see the change.
* Checked entity table for duplicates and no duplicates present for the Adapter.
This issue is only present on this particular MA and as mentioned produces no errors. It almost seems like IdB is do generating changes correct on the Adapter. Please see below the details for the environment and the see the comments for support documents.
UNIFYBroker: 5.3.1
Aurion Connector: 5.3.0
SQL: 2014
Let me know if you need any further information.
Thanks
Web console error after idle time
CASA advised at a recent health check that "... when IDB (v5.3) page is left open for some time, an error page is shown. A refresh returns to normal operation"
I can confirm this intermittent behaviour was common for v4 but it appears to be happening with v5.
Customer to provide further detail on return from leave.
Two adapters with the same object class in UNIFYBroker 5
I am migrating an Identity Broker 4 customer to UNIFYBroker 5, and they have two MIM-consumed adapters using the same object class "person". UNIFYBroker 5 won't let me configure two adapters with the same object class, even is single schema mode is disabled.
Is this something that could be changed, to allow me to use the same object class on two adapters? The object classes are hard-coded in the customer's MIM rules extensions, so it is preferable to keep them unchanged the way they were in Identity Broker 4.
Hi Adrian,
This is not possible. The LDAP specification requires all object types be uniquely named. The rules extension will need to be changed.
Customer support service by UserEcho