Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Error occurs once per page "Cannot access destination table 'EntityValueOrigin'"
Once per page on export the following error occurs.There doesn't appear to be any impact from the error as the user is provisioned correctly by powershell and they also appear correctly in UNIFYBroker. They also appear in both the "adds" section of MIM and the "errors" section under "unexpected-error". The following stack trace appears in the Identity Broker logs.
We very recently upgraded from 5.0.3 but we are unsure if that's related.
UNIFYBroker Version: 5.1.0 Revision #2
MIM Version: 4.4.1749.0
System.InvalidOperationException: Cannot access destination table 'EntityValueOrigin'. ---> System.Data.SqlClient.SqlException: Invalid object name 'EntityValueOrigin'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlBulkCopy.RunParser(BulkCopySimpleResultSet bulkCopyHandler)
at System.Data.SqlClient.SqlBulkCopy.CreateAndExecuteInitialQueryAsync(BulkCopySimpleResultSet& result)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
--- End of inner exception stack trace ---
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalAsync(CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServerAsync(Int32 columnCount, CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState)
at Unify.Product.IdentityBroker.EntityValueOriginContext.InsertItems(ISet`1 addedItems, EntityValueOriginDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.OriginInformationProcessor.RunBase()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
Please run the Database upgrade script, located in the Database sub-directory of the Identity Broker installation directory.
Powershell Connector continuing to run script after MIM says run is complete
It looks like a Powershell MA's script is continuing to run well after the MA in MIM says the run has been completed. Is this a known thing which happens or is intended or is it a bug?
UNIFY Broker Version: v5.1.0 Revision #2MIM Version 4.4.17849.0
AddUser powershell code: D:\ADProvisioning.Powershell\UserAdd.ps1
Note: The code was previously "& D:\ADProvisioning.Powershell\UserAdd.ps1" but I changed it because I didn't understand the intent of running it as a separate process and to simplify the problem solving process. The issue still occurred when
Before running the export:
No log in file explorer yet for the AD Provisioning Export.
After running the export
All the errors are ma-extension-error, which may be genuine as the script I'm writing is still being worked on.
Here's the number of users steadily increasing
Here's the export log continuing to be updated after the run has been finished.
I can make the script I'm running available on request.
The issue turned out to be that the MIM Agent is timing out. Please see https://voice.unifysolutions.net/knowledge-bases/7/articles/3364-unifybrokermicrosoft-identity-manager-configuration for details on configuring the timeout. Please note in particular that bulk exports use only a single request per page (the Page Size setting), so you will need to either decrease the page size, increase the timeout, or improve the performance of the PowerShell script.
Generate a String Multi Value attribute from a String single value attribute
Hi,
Version IDB 5.0.3
Can the "Merge Collections Transformation" be used to generate a multivalue string adapter element from a single value connector attribute, and if not, how can this be achieved?
Thanks.
Regards,
It doesn't appear to (from the code) - it generates an adapter field from the first selected field (which would be a single valued field). It should be pretty easy to confirm, e.g. CSV connector.
Alternatively either upgrade to v5.1+ (https://voice.unifysolutions.net/knowledge-bases/7/articles/3058-unifybroker-release-notes) and to use the PowerShell transformation. Or write an import flow rule in the identity management platform of choice.
If you believe this is a scenario that would be of benefit to have included in the product, please raise a feature request. It would be helpful to also know the use case that you're trying to solve.
Thanks.
LDAP bulk update request postponed
In a customer DEV environment I am exporting some users from MIM and get an
ma-extension-error
0x80230703
unexpected-error reported for all of them by MIM
The eventvwr error is
The management agent controller encountered an unexpected error.
"BAIL: MMS(9724): extensionmanager.cpp(620): 0x80230703 (unable to get error text)
BAIL: MMS(9724): extensionmanager.cpp(2648): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(2150): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(521): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(9848): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(8569): 0x80230703 (unable to get error text)
Forefront Identity Manager 4.3.2124.0"
and IdB shows this in the log
05/Nov/2018 16:35:00 |
| LDAP Engine | A client has connected to the LDAP endpoint from address: 127.0.0.1:59560. |
05/Nov/2018 16:35:00 |
| LDAP engine | Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.0937243. |
05/Nov/2018 16:35:02 |
| LDAP engine | Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:59560 completed successfully. Duration 00:00:00.0010018. |
05/Nov/2018 16:35:03 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:59560 was postponed as it was not the next expected bulk request. This request will be handled as part of a future request. Duration 00:00:00.5950385. |
05/Nov/2018 16:36:22 |
| LDAP engine | Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. Duration: 00:00:00. |
None of these error messages really tell me what is going on. Any idea what the "postponed as it was not the next expected bulk request." thing is all about?
As you use the UniqueIdentifier
field in the DN template, which is a required field on the connector, that field needs to be included in the export (which I can see in the trace was not included).
HPE CM Associations Connector
I think I need to use this connector - I have to create reference relationships between location objects.
I create a new connector and select this type. The schema provided is exactly the same as for the Locations connector - surely this is wrong? I went with the default schema and ran an Import All - and I just got the list of Locations. So firstly - there may be something wrong with this connector as it doesn't do anything differently to the Locations connector.
I have looked at the KB pages about this connector but they are very high level and don't tell me how to set them up.
Do we have a working config I can look at? Specifically I need to:
- set up the parent-child relationship between Organizations
- add people to organizations
- set person Supervisor
Release is up now in the usual place. Version v5.3.1
Export error Status: 400 Bad Request
I am seeing a small number (16) repeating errors in one of my MAs - with exports failing for some users with this error.
System.Exception: Status: 400 Bad Request
at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.SendCommand(String urlPath, Method method, Object data)
at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.Add(AgentEntity entity)
at Unify.IdentityBroker.xxxx.Connector.Connector.AddEntity(IConnectorEntity entity, ISaveEntityResults`2 results, DefaultCommunicator communicator)
Three of them are for a known data error (malformed email addresses) but I cannot find anything to tell me more about why the others are failing.
I see the same error in Eventviewer for each failed user. In IdB I see this in the log - it reports 16 entities saved then reports that 0 were successful. Any help in interpreting this log or the issue would be appreciated
17/Oct/2018 16:41:33 |
| Adapter | Adapter request to add entities for adapter space. Adapter request to add entities [Count:16] for adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f). |
17/Oct/2018 16:41:33 |
| Connector | Request to add entity to connector. Request to add entities [Count:16] to connector xxxx Connector. |
17/Oct/2018 16:41:34 |
| Connector | Add entities to connector completed. Add entities [Count:16] to connector xxxx Connector reported 16 entities saved. Duration: 00:00:01.1431907 |
17/Oct/2018 16:41:34 |
| Adapter | Adapter added entities to adapter space. Adapter added [Count:16] entities (0 successful) to adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f). Duration: 00:00:01.1693154 |
17/Oct/2018 16:41:34 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user xxxx on connection 127.0.0.1:56662 completed successfully without results available for logging. Duration 00:00:02.3027112. |
A while ago, the error reporting interface in the connectors was improved such that the status of individual entities can be reported back to the identity management platform.
From the log entries, can I assume you're on v5.1? This particular pattern suggests that each entity failed to save (reported back by the connector) - the problem with the logger in v5.1 was that it used the number of attempted entities as the success count (and didn't even report on the failure count). This is improved in future versions.
Look at the MIM logs to see the error details for each entity.
HPE Content Manager import all fails with Object reference not set to an instance of an object
Getting the following error when running a full import from HPE Content Manager.
Change detection engine import all items failed.
Change detection engine import all items for connector CM Persons failed with reason Object reference not set to an instance of an object.. Duration: 00:00:04.3124780
Error details:
System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<>c.<RestWorkaround>b__43_0(RestLocationResult result)
at System.Linq.Enumerable.WhereArrayIterator`1.MoveNext()
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.RestWorkaround(IWebServiceCommunicatorInformation information, IEnumerable`1 fields, Boolean includeAccessControls, String searchQuery, Int32 pageSize)
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<InnerGetLocations>d__30.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
I’ve tried clearing the connector and running the import again, but get the same thing.
Hi Carol
Here is a patch for you to try. Please install and rerun the failing operation. It should replace the patch Curtis provided last week.
Aurion Security User not set on export
Hi Guys,
We seem to have uncovered a possible bug with the Aurion connector. We have 2 issues with our solution - firstly that the OsUserId on the Aurion Security User is initally populated with an incorrect value (not an IDB issue).
However, when the solution attempts to update this value with the correct value (as set n AD), it does not appear to persist in Aurion.
The export is lined up as an update, and successfully exports from the MA through IDB without error, however the value is not actually set on the Security User object within Aurion.
A subsequent delta import results in an exported-change-not-reimported error on the MA.
The environment is using IDB v5.3.1 and communicating with Aurion v11.4.6
We will also provide the version of the Aurion connector soon
Cheers
Sean/Richard.
Method not found when trying to get Schema
Trying to request schema for an HPE Content Manager connector and I get the following error:
An error has occurred: Method not found: 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility Unify.Product.IdentityBroker.IMultiKeyedConnectorFactoryInformation.get_SchemaConfigurationUtility()'.
Is this because the connector doesn't support schema retrieval, or have I done something wrong?
The Agent test connection succeeds, and that's as far as I've got.
The original issue
An error has occurred: Method not found: 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility
Unify.Product.IdentityBroker.IMultiKeyedConnectorFactoryInformation.get_SchemaConfigurationUtility()'
is not environmental, will only depend on the version of Broker and all patches installed, and will require a patch to fix. If you didn't experience this issue in lower environments, there must be a difference in what is installed. If schema retrieval works in Dev, make sure that what is installed in Dev is also installed in higher environments. If it doesn't, please try upgrading Dev to confirm that the upgrade will resolve the issue.
Also - would this also mean I'd have to update Aurion and MIM components?
No, upgrading UNIFYBroker from v5.3.1.0 to v5.3.1.1 will not require updating other components.
Test Harness "Copy to CSV" creates file with headers but no data
When I used "Copy to CSV" from the Test Harness plugin, it creates the CSV file with headers but none of the data from the source connector.
UNIFY Identity Broker
About: | UNIFY Identity Broker Management Studio v5.2.1 Revision #0 © 2004 - 2017 UNIFY Solutions Pty. Ltd. |
Hi Adrian,
This is working as intended. Please see Connector Test Harness for details on using the connector test harness.
The Copy to CSV operation can be used to add a CSV connector with an identical schema to an existing connector. Used in conjunction with the Add operation described below, you can also backup the existing entity context into the newly created CSV connector.
Customer support service by UserEcho