Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Google passwords are not being set on creation
Google passwords are not being set on creation, subsequent resets in AD are synchronised successfully.
In MIM the export_password attribute is set with the desired password, I was unable to find any information about this attribute or how to configure the Password Script in the Google Connector.
Unsure of when this started to re-occur as most users authenticate via the IDP, however Chromebooks authenticate directly. It appears this issue has occurred before https://voice.unifysolutions.net/communities/6/topics/2816-passwords-are-not-set-on-google-account-creation however the key is configured to be email address.
Identity Broker: v5.2.0 Revision #3
Google Connector: 5.2.0.2
Unify.IdentityBroker.Communicator.Google.dll: 5.2.0.1
So just confirming, using the Identity Broker version of the Newtonsoft fixes that particular issue? I'll update the connector to use the same version so that it isn't able to override it.
Do you have an update on whether the password change is working?
An item with the same key has already been added
I have just upgraded IdB in TEST to 5.2, and migrated in the Connector and Adapter files from Dev. Dev was already on 5.2 and all connectors are working.
In TEST all of the new Connectors (names "PowerShell HomeFolder*" and "PowerShell MemberOf*") are failing with the error below. The "Powershell Exchange*" connectors work fine (though they already pre-existing in IdB 5.1 before I upgraded to 5.2).
The Connector config file is the same as the one I sent with the previous question. While the error looks very similar to that one it can't be the same - that was a duplicate schema mapping in the connector config, but Powershell connectors don't have schema mapping.
My Import scripts drop a full log of all entity values before running the $entity.Create ... $entity.Commit loop. There are no duplicate sAMAccountNames.
Note that when I did the IdB database upgrade in Test I removed the final lines from the script as told to do here. I don't seem to have had any problems with this in Dev, but thought it worth mentioning.
Change detection engine import all items failed. Change detection engine import all items for connector PowerShell HomeFolder NMI failed with reason An error occurred while evaluating a task on a worker thread. See the inner exception details for information.. Duration: 00:01:37.5326976 Error details: Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread. See the inner exception details for information. ---> System.ArgumentException: An item with the same key has already been added. at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add) at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector) at Unify.Product.IdentityBroker.Repository.EntityLinqQueryConverterUtilitiesBase`4.GetCollectionKeyData(TEntityKey key, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass31_0.<convertitemtovalues>b__0(KeyValuePair`2 entityValueAndKey) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<selectmanyiterator>d__16`2.MoveNext() at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page) at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate() --- End of inner exception stack trace --- at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException() at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit() at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities) at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess() at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<run>b__0() at Unify.Framework.<span class="redactor-selection-marker" id="selection-marker-1"></span>AsynchronousJobExecutor.PerformJobCallback(Object state) </run></performchangedetection></selectmanyiterator></convertitemtovalues>
For future reference, this issue is caused by entries in the CollectionKey table with the same Caption field value. The duplicate captions, produced by a defect in Identity Broker v5.1, cause exceptions to be thrown in several areas of the application after performing an upgrade to Identity Broker v5.2 which assume these values to be unique.
The simplest solution for this issue would be running the database clear script found in the <InstallDir>/Database directory. If this is not possible or desirable, attempt to run the script I provided below which clears the CollectionKey table of all unused entries and may resolve this issue. If the issue persists at this point a script or tool can be provided suitable to the specific environment to more directly correct the database state.
Does IdB v5.2 support Windows 2016
The best I could find was the link below;
which does mention Window 2008 SP1 or later, but client’s question is specific to Windows 2016 testing and certification. To be honest I believe what they really mean is, are the following products tested to be supporting Windows 2016 by UNIFY. Or should they get the new server build on Windows 2012 2012 R2 64bit
- UNIFY Identity Broker Service v5.2.1.0 RTM x64
- UNIFY Identity Broker for Microsoft Identity Manager v5.1.0 RTM
- UNIFY Identity Broker for Aurion v5.2.0 RC1
Thank You.
Hi Rizwan,
Identity Broker has been tested against all versions of Windows from 2008 SP1 and onwards, with most testing against 2016. I'll look at updating the page so that it's a little more clear.
If the client was actually referring to Microsoft certification, then no; the certification program is not available at the moment as it's being reworked.
Thanks.
Client Upgrade to .Net 4.6 cause MA to Fail
Hi,
I'm investigating an ACTGOV incident (Ivanti Incident 50255) and they have run into issues testing an upgrade to .Net 4.6 on an existing installation in their TEST environment.
The description from ACTGOV is as follows:
Hi,
We would like to upgrade .net on our Education FIM server to 4.6 but we found that when we do so in our test environment that our Maze MAs stop working. In the event log we get the error message:
Given the MA refuses to even start the problem appears to be Unify.Framework.ILM2007FP1Adapter.dll. Are you able to provide an updated version of this DLL that has been compiled with .net 4.6?
The version we currently have is 3.0.1.1 with a time stamp of 9/7/2013.
Cheers,
I was hoping you may be able to assist with a copy of the dll able to run with .Net 4.6 or what the action for remediation on this issue is.
Below are also the software versions the client has:
- FIM 2010 Sync Engine
- FIM Service Portal and SSPR
- Identity Broker for FIM 4
- Identity Broker for CISCO 4
- Identity Broker for viewDS
- Identity Broker for Sharepoint 4
Let me know if you need any more details.
Thank you,
Hayden Gray
I'm not sure why that would cause the MA to fail, the Windows Event Log might have more information. However, if you're targeting Identity Broker v4+ you should be using the matching MA dll (not v3). If you're still on v3, you should upgrade to v4+ as it's no longer supported (extended support can be arranged, see https://voice.unifysolutions.net/knowledge-bases/7/articles/3321-identity-broker-support-policy).
An item with the same key has been added
I upgraded to IdB 5.2.1 in Dev and the Aurion Person connector has stopped working with the error below. It has disabled itself and won't let me re-enable it, so I can't run the import again, or even clear the connector.
The key is the Aurion WAMIKey and there cannot be a duplicate. The Aurion DB in dev has not been updated since it was working with Idb 5.1 (no new persons added).
Message An error has occurred: An item with the same key has already been added. Type System.ArgumentException Stacktrace at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add) at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) at Unify.Connectors.Aurion.AurionConnectorInformationFactoryBase`1.Transform(XElement sourceValue) at Unify.Product.IdentityBroker.ConnectorControllerBase.GetSpecializedConnector[TInfo,TExtended](Guid connectorId, String expectedType, String callingPath, Func`2 toExtended) at Unify.Product.IdentityBroker.PluggedConnectorControllerBase`2.GetConnector(Guid connectorId) at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<getexecutor>b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.<invokeactionasynccore>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.<executeasync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.AuthorizationFilterAttribute.<executeauthorizationfilterasynccore>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.<sendasync>d__1.MoveNext() </sendasync></executeauthorizationfilterasynccore></executeasync></invokeactionasynccore></getexecutor>
There are duplicate Contact_Phone_Number mappings, please try removing one.
A task was cancelled
When running connector imports in IdB 5.2 (PowerShell connector) I am seeing a message "A task was cancelled" though there doesn't actually seem to be any problem. MD says this is a known issue but I need to ask for a patch for 5.2.
This is the full error:
System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Connect.Web.Client.ConnectorClient.d__35.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Connect.Web.Client.ProfiledConnectorClient.d__108.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Framework.Web.UnifyController.d__39.MoveNext()
Hi Carol,
Could you please try applying the following patch, and let me know if the issue persists? Patch.zip
SAP HCM Agent - Test connection fails
Environment:
OS : Windows Server 2016
IDB Service: IDB v4.1.5 x64
IDB SAP Broker : v4.1.3 x64
Test connection on SAP HCM Agents returns error below:
An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B)
Troubleshooting done so far:
Current environment with IDB v4.1.3 + IDB SAB Broker v4.1.2 running on Windows 2008 R2 with same credentials and same parameters to connect to SAP instance works without any issues.
IDB Logs have this entry below
The test of agent SAP HCM Agent failed with message System.BadImageFormatException: An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B)
at SAP.Connector.Connection.Open()
at Unify.Product.IdentityBroker.SapHrCommunicator.Open()
at Unify.Product.IdentityBroker.SapHrCommunicator.TestConnection()
at Unify.Product.IdentityBroker.SapHrAgent.TestConnection()
at Unify.Product.IdentityBroker.AgentEngine.Test(Guid agentId).
No errors logged in Event Viewer.
Existing issues:
- https://voice.unifysolutions.net/communities/6/topics/630-sap-connector-v41-badimageformatexception
- https://voice.unifysolutions.net/communities/6/topics/643-can-not-run-sap-connector-badimageformatexception
- https://voice.unifysolutions.net/communities/6/topics/381-error-results-when-connecting-to-sap-hcm-using-sap-hcm-wizard-in-management-studio
Or use the SapHR.Remote.4.1.3.zip package to separate the service from the connectivity to SAP. There's an item in our backlog to migrate this package up to v5+.
Migrating IdentityBroker configuration from one env to another
Database migration will copy both configuration and data. Just wonder how to migration the configuration only without migrating data?
The dimage indicates an add attrib operation, but the attrib already exists on the object.
Identity Broker is occasionally throwing “staging-error” as part of the Delta Import.
Please see the attached files with error logs.
Could you please review and advice?
Version Details:
Identity Broker: v5.1.0 Revision # 2
FIM 2010 R2: 4.1.3508.0
Adam/Richard/Aneesh, please replicate this (it shouldn't need the same systems). The information should be in Aneesh's comments, it's just that the analysis hasn't been done to show why it's a problem. A replication might help us track down the sequence of events that lead to the problem.
Access denied importing Boolean value
I have been struggling with an odd issue. I have a number of PowerShell connectors in my solution, and quite a few of them have Boolean attributes (in addition to String). I have created a new connector which is very similar to the existing ones, and uses very similar scripts. Here is what is happening:
- When I comment out my import step for the Boolean attribute (so it just imports the String attributes) the full import works
- When I add the Boolean attribute in the import fails with "Access Denied". I know the correct value is actually being generated as I'm dropping a debug log file which shows all the values it's trying to put into the entity.
- When I run a Polling import (where I can list account names in a text file and it just imports those) it works correctly, including bringing in the Boolean value. This is also weird as it's the same Powershell script - the differences are in the initial collection of data, but the part where it updates and commits the entities is identical for both full and polling imports.
I thought it might be something to do with $null values but have made sure that the script always sets a default value of $false. This is the error message - it is definitely happening during the loop where I go through the data I've collected committing the entities.
I've also upgraded IdB to 5.2, but no change from 5.1 on this issue.
Change detection engine import all items for connector PowerShell HomeFolder failed with reason Access is denied. Duration: 00:01:19.9160765
Error details:
System.UnauthorizedAccessException: Access is denied ---> System.ComponentModel.Win32Exception: Access is denied
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()",Normal
Via phone call, the problem was that the line which was being commented out includes a call to Test-Path, and we believe the permissions error is happening there.
Customer support service by UserEcho
