Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Error occurs once per page "Cannot access destination table 'EntityValueOrigin'"

Tom Parker 6 years ago in PowerShell connector updated 6 years ago 5

Once per page on export the following error occurs.There doesn't appear to be any impact from the error as the user is provisioned correctly by powershell and they also appear correctly in UNIFYBroker. They also appear in both the "adds" section of MIM and the "errors" section under "unexpected-error". The following stack trace appears in the Identity Broker logs.

We very recently upgraded from 5.0.3 but we are unsure if that's related.

UNIFYBroker Version: 5.1.0 Revision #2

MIM Version: 4.4.1749.0


System.InvalidOperationException: Cannot access destination table 'EntityValueOrigin'. ---> System.Data.SqlClient.SqlException: Invalid object name 'EntityValueOrigin'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlBulkCopy.RunParser(BulkCopySimpleResultSet bulkCopyHandler)
at System.Data.SqlClient.SqlBulkCopy.CreateAndExecuteInitialQueryAsync(BulkCopySimpleResultSet& result)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
--- End of inner exception stack trace ---
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalAsync(CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServerAsync(Int32 columnCount, CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState)
at Unify.Product.IdentityBroker.EntityValueOriginContext.InsertItems(ISet`1 addedItems, EntityValueOriginDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.OriginInformationProcessor.RunBase()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal

Answer
Curtis Lusmore 6 years ago

Please run the Database upgrade script, located in the Database sub-directory of the Identity Broker installation directory.

0
Answered

Powershell Connector continuing to run script after MIM says run is complete

Tom Parker 6 years ago in PowerShell connector updated by Bob Bradley 6 years ago 4

It looks like a Powershell MA's script is continuing to run well after the MA in MIM says the run has been completed. Is this a known thing which happens or is intended or is it a bug?

UNIFY Broker Version: v5.1.0 Revision #2
MIM Version 4.4.17849.0

AddUser powershell code: D:\ADProvisioning.Powershell\UserAdd.ps1

Note: The code was previously "& D:\ADProvisioning.Powershell\UserAdd.ps1" but I changed it because I didn't understand the intent of running it as a separate process and to simplify the problem solving process. The issue still occurred when


Before running the export:

Image 5002

No log in file explorer yet for the AD Provisioning Export.

After running the export

All the errors are ma-extension-error, which may be genuine as the script I'm writing is still being worked on.

Image 5006

Here's the number of users steadily increasing

Image 5007

Here's the export log continuing to be updated after the run has been finished.


Image 5005


I can make the script I'm running available on request.

Answer
Curtis Lusmore 6 years ago

The issue turned out to be that the MIM Agent is timing out. Please see https://voice.unifysolutions.net/knowledge-bases/7/articles/3364-unifybrokermicrosoft-identity-manager-configuration for details on configuring the timeout. Please note in particular that bulk exports use only a single request per page (the Page Size setting), so you will need to either decrease the page size, increase the timeout, or improve the performance of the PowerShell script.

0
Answered

Generate a String Multi Value attribute from a String single value attribute

Anthony Soquin 6 years ago updated by Bob Bradley 6 years ago 4

Hi,

Version IDB 5.0.3

Can the "Merge Collections Transformation" be used to generate a multivalue string adapter element from a single value connector attribute, and if not, how can this be achieved?

Thanks.
Regards,

Answer
Adam van Vliet 6 years ago

It doesn't appear to (from the code) - it generates an adapter field from the first selected field (which would be a single valued field). It should be pretty easy to confirm, e.g. CSV connector.

Alternatively either upgrade to v5.1+ (https://voice.unifysolutions.net/knowledge-bases/7/articles/3058-unifybroker-release-notes) and to use the PowerShell transformation. Or write an import flow rule in the identity management platform of choice.

If you believe this is a scenario that would be of benefit to have included in the product, please raise a feature request. It would be helpful to also know the use case that you're trying to solve.

Thanks.

0
Answered

LDAP bulk update request postponed

Eddie Kirkman 6 years ago updated 6 years ago 4

In a customer DEV environment I am exporting some users from MIM and get an 

ma-extension-error

0x80230703

unexpected-error reported for all of them by MIM

The eventvwr error is

The management agent controller encountered an unexpected error.
 
 "BAIL: MMS(9724): extensionmanager.cpp(620): 0x80230703 (unable to get error text)
BAIL: MMS(9724): extensionmanager.cpp(2648): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(2150): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(521): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(9848): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(8569): 0x80230703 (unable to get error text)
Forefront Identity Manager 4.3.2124.0"

and IdB shows this in the log


05/Nov/2018 16:35:00
  • Information
LDAP EngineA client has connected to the LDAP endpoint from address: 127.0.0.1:59560.
05/Nov/2018 16:35:00
  • Information
LDAP engineHandling of LDAP bind request.
Handling of LDAP bind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.0937243.
05/Nov/2018 16:35:02
  • Information
LDAP engineHandling of LDAP Bulk Start request.
Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:59560 completed successfully. Duration 00:00:00.0010018.
05/Nov/2018 16:35:03
  • Information
LDAP engineHandling of LDAP Bulk Update request.
Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:59560 was postponed as it was not the next expected bulk request. This request will be handled as part of a future request. Duration 00:00:00.5950385.
05/Nov/2018 16:36:22
  • Information
LDAP engineHandling of LDAP unbind request.
Handling of LDAP unbind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. Duration: 00:00:00.


None of these error messages really tell me what is going on.  Any idea what the "postponed as it was not the next expected bulk request." thing is all about?

Answer
Adam van Vliet 6 years ago

As you use the UniqueIdentifier field in the DN template, which is a required field on the connector, that field needs to be included in the export (which I can see in the trace was not included).

0
Answered

HPE CM Associations Connector

I think I need to use this connector - I have to create reference relationships between location objects.

I create a new connector and select this type. The schema provided is exactly the same as for the Locations connector - surely this is wrong? I went with the default schema and ran an Import All - and I just got the list of Locations. So firstly - there may be something wrong with this connector as it doesn't do anything differently to the Locations connector.

I have looked at the KB pages about this connector but they are very high level and don't tell me how to set them up.

Do we have a working config I can look at? Specifically I need to:

- set up the parent-child relationship between Organizations

- add people to organizations

- set person Supervisor

Answer

Release is up now in the usual place. Version v5.3.1

0
Answered

Export error Status: 400 Bad Request

Eddie Kirkman 6 years ago updated by Adam van Vliet 6 years ago 3

I am seeing a small number (16) repeating errors in one of my MAs - with exports failing for some users with this error.

System.Exception: Status: 400 Bad Request
   at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.SendCommand(String urlPath, Method method, Object data)
   at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.Add(AgentEntity entity)
   at Unify.IdentityBroker.xxxx.Connector.Connector.AddEntity(IConnectorEntity entity, ISaveEntityResults`2 results, DefaultCommunicator communicator)

Three of them are for a known data error (malformed email addresses) but I cannot find anything to tell me more about why the others are failing.

I see the same error in Eventviewer for each failed user.  In IdB I see this in the log - it reports 16 entities saved then reports that 0 were successful.  Any help in interpreting this log or the issue would be appreciated

17/Oct/2018 16:41:33
  • Information
AdapterAdapter request to add entities for adapter space.
Adapter request to add entities [Count:16] for adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f).
17/Oct/2018 16:41:33
  • Information
ConnectorRequest to add entity to connector.
Request to add entities [Count:16] to connector xxxx Connector.
17/Oct/2018 16:41:34
  • Information
ConnectorAdd entities to connector completed.
Add entities [Count:16] to connector xxxx Connector reported 16 entities saved. Duration: 00:00:01.1431907
17/Oct/2018 16:41:34
  • Information
AdapterAdapter added entities to adapter space.
Adapter added [Count:16] entities (0 successful) to adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f). Duration: 00:00:01.1693154
17/Oct/2018 16:41:34
  • Information
LDAP engineHandling of LDAP Bulk Update request.
Handling of LDAP Bulk Update request received from user xxxx on connection 127.0.0.1:56662 completed successfully without results available for logging. Duration 00:00:02.3027112.


Answer
Adam van Vliet 6 years ago

A while ago, the error reporting interface in the connectors was improved such that the status of individual entities can be reported back to the identity management platform.

From the log entries, can I assume you're on v5.1? This particular pattern suggests that each entity failed to save (reported back by the connector) - the problem with the logger in v5.1 was that it used the number of attempted entities as the success count (and didn't even report on the failure count). This is improved in future versions.

Look at the MIM logs to see the error details for each entity.

0
Fixed

HPE Content Manager import all fails with Object reference not set to an instance of an object

Getting the following error when running a full import from HPE Content Manager.

Change detection engine import all items failed.
Change detection engine import all items for connector CM Persons failed with reason Object reference not set to an instance of an object.. Duration: 00:00:04.3124780
Error details:
System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<>c.<RestWorkaround>b__43_0(RestLocationResult result)
at System.Linq.Enumerable.WhereArrayIterator`1.MoveNext()
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.RestWorkaround(IWebServiceCommunicatorInformation information, IEnumerable`1 fields, Boolean includeAccessControls, String searchQuery, Int32 pageSize)
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<InnerGetLocations>d__30.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)

I’ve tried clearing the connector and running the import again, but get the same thing.

Answer

Hi Carol

Here is a patch for you to try. Please install and rerun the failing operation. It should replace the patch Curtis provided last week.

Unify.IdentityBroker.Communicator.HPTrim.We....dll

0
Not a bug

Aurion Security User not set on export

Sean Little 6 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 6 years ago 5

Hi Guys,

We seem to have uncovered a possible bug with the Aurion connector. We have 2 issues with our solution - firstly that the OsUserId on the Aurion Security User is initally populated with an incorrect value (not an IDB issue).

However, when the solution attempts to update this value with the correct value (as set n AD), it does not appear to persist in Aurion.

The export is lined up as an update, and successfully exports from the MA through IDB without error, however the value is not actually set on the Security User object within Aurion.

A subsequent delta import results in an exported-change-not-reimported error on the MA.

The environment is using IDB v5.3.1 and communicating with Aurion v11.4.6

We will also provide the version of the Aurion connector soon

Cheers

Sean/Richard.

Answer
Adam van Vliet 6 years ago

Updated the field name casing for OSUserId to OsUserId.

0
Answered

Method not found when trying to get Schema

Carol Wapshere 6 years ago updated by Curtis Lusmore 6 years ago 14

Trying to request schema for an HPE Content Manager connector and I get the following error:

An error has occurred: Method not found: 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility Unify.Product.IdentityBroker.IMultiKeyedConnectorFactoryInformation.get_SchemaConfigurationUtility()'.

Is this because the connector doesn't support schema retrieval, or have I done something wrong?

The Agent test connection succeeds, and that's as far as I've got.

Answer
Curtis Lusmore 6 years ago

The original issue

An error has  occurred: Method not found: 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility
Unify.Product.IdentityBroker.IMultiKeyedConnectorFactoryInformation.get_SchemaConfigurationUtility()'

is not environmental, will only depend on the version of Broker and all patches installed, and will require a patch to fix. If you didn't experience this issue in lower environments, there must be a difference in what is installed. If schema retrieval works in Dev, make sure that what is installed in Dev is also installed in higher environments. If it doesn't, please try upgrading Dev to confirm that the upgrade will resolve the issue.

Also - would this also mean I'd have to update Aurion and MIM components?

No, upgrading UNIFYBroker from v5.3.1.0 to v5.3.1.1 will not require updating other components.

0
Not a bug

Test Harness "Copy to CSV" creates file with headers but no data

Adrian Corston 6 years ago in CSV connector updated by anonymous 6 years ago 2

When I used "Copy to CSV" from the Test Harness plugin, it creates the CSV file with headers but none of the data from the source connector.

UNIFY Identity Broker

About:UNIFY Identity Broker Management Studio
v5.2.1 Revision #0
© 2004 - 2017 UNIFY Solutions Pty. Ltd.
Answer
Curtis Lusmore 6 years ago

Hi Adrian,

This is working as intended. Please see Connector Test Harness for details on using the connector test harness.

The Copy to CSV operation can be used to add a  CSV connector with an identical schema to an existing connector. Used in conjunction with the  Add operation described below, you can also backup the existing entity context into the newly created CSV connector.