Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Export error "Other"
When exporting to IdB from MIM in a customer DEV lab I am getting this error.
MIM reports "other"
detail shows connected data source error code 0x8023134a
detail button gives
System.Exception: Status: 0
at Unify.IdentityBroker.D2L.Agent.DefaultCommunicator.SendCommand(String urlPath, Method method, Object data) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Agent\DefaultCommunicator.cs:line 161
at Unify.IdentityBroker.D2L.Agent.DefaultCommunicator.Update(AgentEntity entity) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Agent\DefaultCommunicator.cs:line 96
at Unify.IdentityBroker.D2L.Connector.Connector.UpdateEntity(IConnectorEntity entity, ISaveEntityResults`2 results, DefaultCommunicator communicator) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Connector\Connector.cs:line 199
idb log shows:
| 19/Nov/2018 16:45:59 |
| LDAP Engine | A client has connected to the LDAP endpoint from address: 127.0.0.1:62654. |
| 19/Nov/2018 16:45:59 |
| LDAP engine | Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:62654 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.1093702. |
| 19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:62654 completed successfully. Duration 00:00:00. |
| 19/Nov/2018 16:46:00 |
| Connector | Request to add entity to connector. Request to add entities [Count:5] to connector D2L Connector. |
| 19/Nov/2018 16:46:00 |
| Connector | Add entities to connector completed. Add entities [Count:5] to connector D2L Connector reported 5 entities saved. Duration: 00:00:00.2656223 |
| 19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:62654 completed successfully without results available for logging. Duration 00:00:00.5312437. |
| 19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk End request. Handling of LDAP Bulk End request received from user admin on connection 127.0.0.1:62654 completed successfully without results available for logging. Duration 00:00:00. |
| 19/Nov/2018 16:46:01 |
| LDAP engine | Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:62654 to connect as user admin completed successfully. Duration: 00:00:00. |
| 19/Nov/2018 16:46:06 |
| Change detection engine | Change detection engine unscheduled started. Change detection engine unscheduled for connector D2L Connector started. |
| 19/Nov/2018 16:46:06 |
| Change detection engine | Change detection engine unscheduled completed. Change detection engine unscheduled for connector D2L Connector completed. Duration: 00:00:00.1093760 |
So everything looks fine from the IdB end, but MIM whinges and fails. Any idea where I should look?
Hey Eddie,
The D2L connector is a Professional Services connector that has been custom written for the customer.
To help you out, I had a quick look at the source, and that error comes from the request to the web service. The HTTP status code being returned is 0 and so therefore indicates an issue with the web service.
To assist with debugging, you could turn on diagnostic logging - the connector appears to have some logging help built in which logs the raw request and response.
I'd also recommend ensuring that the web service is functioning correctly.
If all else fails, contacting the PS developer who wrote the connector is recommended - they should be able to help out with debugging the issue.
Associations Connector fails with "Only one use of each socket address is normally permitted"
We have just put a solution in UAT that was working correctly in Dev. The two Locations connectors (Person and Organization) have imported fine. The Associations connector runs for a couple of minutes then fails with the error below.
I have asked the CM admin to look for service API errors on their side, but also wanted to ask: does the Associations connector make multiple connections that could be over-lapping?
Change detection engine import all items failed. Change detection engine import all items for connector CM Associations failed with reason Unable to connect to the remote server. Duration: 00:01:38.0443655 Error details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted 10.111.200.11:80 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at ServiceStack.ServiceClientBase.Send[TResponse](String httpMethod, String relativeOrAbsoluteUrl, Object request) at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<getalllocationuris>d__36.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.InnerGetAssociations(IEnumerable`1 uri, IEnumerable`1 relationshipTypes, Int32 pageSize, IWebServiceCommunicatorInformation information, CancellationToken token) at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.GetAllAssociations(IEnumerable`1 relationshipTypes, Guid connectorId, String searchQuery, Int32 pageSize, IWebServiceCommunicatorInformation information, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.HPTrimWebCommunicatorDecorator.GetAllAssociations(IEnumerable`1 relationshipTypes, Guid connectorId, String searchQuery, Int32 pageSize, IWebServiceCommunicatorInformation information, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Unify.Product.IdentityBroker.HPTrimWebCommunicatorDecorator.GetAllAssociations(IEnumerable`1 relationshipTypes, Guid connectorId, String searchQuery, Int32 pageSize, IWebServiceCommunicatorInformation information, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.HpTrimAgent.GetAllAssociations(IEnumerable`1 relationshipTypes, Guid connectorId, String searchQuery, Int32 pageSize, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.HpTrimAssociationsConnector.GetAllEntities(IStoredValueCollection storedValueState, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.ConnectorToReadingConnectorBridge.GetAllEntities(IStoredValueCollection storedValueState, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess() at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<run>b__0() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state) </run></getalllocationuris>
Is there any association fields on the connector that are not needed? The connector needs to make a call per field, per location, so cutting the connector schema to only what's needed would greatly reducing the number of calls being made. This may be enough to be a temporary work around while I look into this issue further.
Error occurs once per page "Cannot access destination table 'EntityValueOrigin'"
Once per page on export the following error occurs.There doesn't appear to be any impact from the error as the user is provisioned correctly by powershell and they also appear correctly in UNIFYBroker. They also appear in both the "adds" section of MIM and the "errors" section under "unexpected-error". The following stack trace appears in the Identity Broker logs.
We very recently upgraded from 5.0.3 but we are unsure if that's related.
UNIFYBroker Version: 5.1.0 Revision #2
MIM Version: 4.4.1749.0
System.InvalidOperationException: Cannot access destination table 'EntityValueOrigin'. ---> System.Data.SqlClient.SqlException: Invalid object name 'EntityValueOrigin'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlBulkCopy.RunParser(BulkCopySimpleResultSet bulkCopyHandler)
at System.Data.SqlClient.SqlBulkCopy.CreateAndExecuteInitialQueryAsync(BulkCopySimpleResultSet& result)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
--- End of inner exception stack trace ---
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalRestAsync(CancellationToken cts, TaskCompletionSource`1 source)
at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternalAsync(CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServerAsync(Int32 columnCount, CancellationToken ctoken)
at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState)
at Unify.Product.IdentityBroker.EntityValueOriginContext.InsertItems(ISet`1 addedItems, EntityValueOriginDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.OriginInformationProcessor.RunBase()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
Please run the Database upgrade script, located in the Database sub-directory of the Identity Broker installation directory.
Powershell Connector continuing to run script after MIM says run is complete
It looks like a Powershell MA's script is continuing to run well after the MA in MIM says the run has been completed. Is this a known thing which happens or is intended or is it a bug?
UNIFY Broker Version: v5.1.0 Revision #2MIM Version 4.4.17849.0
AddUser powershell code: D:\ADProvisioning.Powershell\UserAdd.ps1
Note: The code was previously "& D:\ADProvisioning.Powershell\UserAdd.ps1" but I changed it because I didn't understand the intent of running it as a separate process and to simplify the problem solving process. The issue still occurred when
Before running the export:
No log in file explorer yet for the AD Provisioning Export.
After running the export
All the errors are ma-extension-error, which may be genuine as the script I'm writing is still being worked on.
Here's the number of users steadily increasing
Here's the export log continuing to be updated after the run has been finished.
I can make the script I'm running available on request.
The issue turned out to be that the MIM Agent is timing out. Please see https://voice.unifysolutions.net/knowledge-bases/7/articles/3364-unifybrokermicrosoft-identity-manager-configuration for details on configuring the timeout. Please note in particular that bulk exports use only a single request per page (the Page Size setting), so you will need to either decrease the page size, increase the timeout, or improve the performance of the PowerShell script.
Generate a String Multi Value attribute from a String single value attribute
Hi,
Version IDB 5.0.3
Can the "Merge Collections Transformation" be used to generate a multivalue string adapter element from a single value connector attribute, and if not, how can this be achieved?
Thanks.
Regards,
It doesn't appear to (from the code) - it generates an adapter field from the first selected field (which would be a single valued field). It should be pretty easy to confirm, e.g. CSV connector.
Alternatively either upgrade to v5.1+ (https://voice.unifysolutions.net/knowledge-bases/7/articles/3058-unifybroker-release-notes) and to use the PowerShell transformation. Or write an import flow rule in the identity management platform of choice.
If you believe this is a scenario that would be of benefit to have included in the product, please raise a feature request. It would be helpful to also know the use case that you're trying to solve.
Thanks.
LDAP bulk update request postponed
In a customer DEV environment I am exporting some users from MIM and get an
ma-extension-error
0x80230703
unexpected-error reported for all of them by MIM
The eventvwr error is
The management agent controller encountered an unexpected error.
"BAIL: MMS(9724): extensionmanager.cpp(620): 0x80230703 (unable to get error text)
BAIL: MMS(9724): extensionmanager.cpp(2648): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(2150): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(521): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(9848): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(8569): 0x80230703 (unable to get error text)
Forefront Identity Manager 4.3.2124.0"
and IdB shows this in the log
| 05/Nov/2018 16:35:00 |
| LDAP Engine | A client has connected to the LDAP endpoint from address: 127.0.0.1:59560. |
| 05/Nov/2018 16:35:00 |
| LDAP engine | Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.0937243. |
| 05/Nov/2018 16:35:02 |
| LDAP engine | Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:59560 completed successfully. Duration 00:00:00.0010018. |
| 05/Nov/2018 16:35:03 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:59560 was postponed as it was not the next expected bulk request. This request will be handled as part of a future request. Duration 00:00:00.5950385. |
| 05/Nov/2018 16:36:22 |
| LDAP engine | Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. Duration: 00:00:00. |
None of these error messages really tell me what is going on. Any idea what the "postponed as it was not the next expected bulk request." thing is all about?
As you use the UniqueIdentifier field in the DN template, which is a required field on the connector, that field needs to be included in the export (which I can see in the trace was not included).
HPE CM Associations Connector
I think I need to use this connector - I have to create reference relationships between location objects.
I create a new connector and select this type. The schema provided is exactly the same as for the Locations connector - surely this is wrong? I went with the default schema and ran an Import All - and I just got the list of Locations. So firstly - there may be something wrong with this connector as it doesn't do anything differently to the Locations connector.
I have looked at the KB pages about this connector but they are very high level and don't tell me how to set them up.
Do we have a working config I can look at? Specifically I need to:
- set up the parent-child relationship between Organizations
- add people to organizations
- set person Supervisor
Release is up now in the usual place. Version v5.3.1
Export error Status: 400 Bad Request
I am seeing a small number (16) repeating errors in one of my MAs - with exports failing for some users with this error.
System.Exception: Status: 400 Bad Request
at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.SendCommand(String urlPath, Method method, Object data)
at Unify.IdentityBroker.xxxx.Agent.DefaultCommunicator.Add(AgentEntity entity)
at Unify.IdentityBroker.xxxx.Connector.Connector.AddEntity(IConnectorEntity entity, ISaveEntityResults`2 results, DefaultCommunicator communicator)
Three of them are for a known data error (malformed email addresses) but I cannot find anything to tell me more about why the others are failing.
I see the same error in Eventviewer for each failed user. In IdB I see this in the log - it reports 16 entities saved then reports that 0 were successful. Any help in interpreting this log or the issue would be appreciated
| 17/Oct/2018 16:41:33 |
| Adapter | Adapter request to add entities for adapter space. Adapter request to add entities [Count:16] for adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f). |
| 17/Oct/2018 16:41:33 |
| Connector | Request to add entity to connector. Request to add entities [Count:16] to connector xxxx Connector. |
| 17/Oct/2018 16:41:34 |
| Connector | Add entities to connector completed. Add entities [Count:16] to connector xxxx Connector reported 16 entities saved. Duration: 00:00:01.1431907 |
| 17/Oct/2018 16:41:34 |
| Adapter | Adapter added entities to adapter space. Adapter added [Count:16] entities (0 successful) to adapter xxxx (920ed433-e1e9-4aa3-b682-3bfee876de9f). Duration: 00:00:01.1693154 |
| 17/Oct/2018 16:41:34 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user xxxx on connection 127.0.0.1:56662 completed successfully without results available for logging. Duration 00:00:02.3027112. |
A while ago, the error reporting interface in the connectors was improved such that the status of individual entities can be reported back to the identity management platform.
From the log entries, can I assume you're on v5.1? This particular pattern suggests that each entity failed to save (reported back by the connector) - the problem with the logger in v5.1 was that it used the number of attempted entities as the success count (and didn't even report on the failure count). This is improved in future versions.
Look at the MIM logs to see the error details for each entity.
HPE Content Manager import all fails with Object reference not set to an instance of an object
Getting the following error when running a full import from HPE Content Manager.
Change detection engine import all items failed.
Change detection engine import all items for connector CM Persons failed with reason Object reference not set to an instance of an object.. Duration: 00:00:04.3124780
Error details:
System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<>c.<RestWorkaround>b__43_0(RestLocationResult result)
at System.Linq.Enumerable.WhereArrayIterator`1.MoveNext()
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.RestWorkaround(IWebServiceCommunicatorInformation information, IEnumerable`1 fields, Boolean includeAccessControls, String searchQuery, Int32 pageSize)
at Unify.Product.IdentityBroker.HPTrimV9WebCommunicator.<InnerGetLocations>d__30.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
I’ve tried clearing the connector and running the import again, but get the same thing.
Hi Carol
Here is a patch for you to try. Please install and rerun the failing operation. It should replace the patch Curtis provided last week.
Aurion Security User not set on export
Hi Guys,
We seem to have uncovered a possible bug with the Aurion connector. We have 2 issues with our solution - firstly that the OsUserId on the Aurion Security User is initally populated with an incorrect value (not an IDB issue).
However, when the solution attempts to update this value with the correct value (as set n AD), it does not appear to persist in Aurion.
The export is lined up as an update, and successfully exports from the MA through IDB without error, however the value is not actually set on the Security User object within Aurion.
A subsequent delta import results in an exported-change-not-reimported error on the MA.
The environment is using IDB v5.3.1 and communicating with Aurion v11.4.6
We will also provide the version of the Aurion connector soon
Cheers
Sean/Richard.
Customer support service by UserEcho
