Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Reflection for adapter XXX failed with message One or more errors occurred
Using IdB 5.0.5 Rev#0
I noted today that 2 adapters were both red on the dashboard.
Searching in the IdB logs via the console for the word "error" I could see earlier today that there were 8 occurrences of some sort of timeout siting "System.Threading.ReaderWriterLock.*.
Can you please spend a few minutes to check this out over a remote shared desktop to confirm that this is indeed the problem for which a patch has since become available whereby changelog access was causing record locking?
Hi Bob,
This issue is unrelated to Delta Import timeouts on Identity Broker 5.1 Management Agents, as it occurs acquiring a lock for a different table. What is the impact of the issue? It looks like only one page of reflection fails at a time and subsequent pages continue to process normally, so the issue should be resolving itself.
Does Identity Broker PLUS v5.1.0 store previous Locker states?
I was able to find the change log for adapters and I was able to find the source log for lockers, but I couldn't find the change log for lockers (containing previous states of entities in lockers). Does one exist, and if so where would it be?
Thanks,
Tom
No, as there was no requirement to be able to query it directly. See http://voice.unifysolutions.net/topics/2929-auditing/ for details on how to keep track of this information (among other changes).
What is the expected behaviour of 2 unset priority datasources?
According to https://unifysolutions.jira.com/wiki/display/IDBPLUS51/Priority, data sources with unset priority are considered lowest priority.
Based on that, what is the expected behavior of an attribute in an adapter which has only 2 data sources, both of which are unset priority?
In this example, Person is a locker and Active Directory Person is a bidirectional link between the active directory adapter (the screen this screenshot was taken from) and the Person locker.
In the case of the attribute being changed in the source system and coming into the adapter through the connector: will it override what's already in there from person, or will it thrown away and have the data from the Person locker push back out to the connector?
Thanks,
Tom
Hi Tom,
In cases where both the existing value and the new value in an update are both from un-prioritised sources, the newest value (the update) is taken - last write wins.
PowerShell Transformation: Required Attribute
I want to use an attribute created in a PowerShell transformation in the DN, but am getting a "field not required" error. How can I configure this new attribute as required?
Hi Matt,
Good question. Currently there is no way to mark fields added via a PowerShell transformation as Required, but this is something we could look at adding support for. Please note though though that since you can't supply values in Add/Modify requests from an Identity Management platform for these fields (no way to reverse a PowerShell transformation), putting such a field in the Distinguished Name template would effectively block you from provisioning into that adapter.
IdBPlus Projects with Exchange Provisioning
Does anyone know of any projects that used IdBPlus and configured Exchange Provisioning? My initial investigation suggests it's more complicated than a simple enable-mailbox -identity x in a post-provisioning task.
The base script that I'd recommend starting with and adapting is as follows. It can be run unlimited times without duplication as it checks for users in AD that haven't been enabled. This particular script uses the default Exchange rules for mailbox name, but can be adapted by changing the arguments supplied to the Enable-Mailbox command:
# STEP 1
# The first step involves securing the password to Exchange.
# The following command should be run in a PowerShell console, changing the out-file to the desired location:
# read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt
# Enter the password to Exchange. A file should be written to the desired location.
# If a permission error was shown, try running the script as administrator, or select a new location.
# STEP 2
# Configure the following settings:
# ExchangeServer - Configure the URL to the PowerShell virtual directory on the Exchange machine.
# AdminAccount - The name of the account being used to connect to the Exchange machine.
# SearchBase - The deepest container that holds all items being managed.
# Filter - The LDAP filter to select items that have not been mail enabled. This will probably not need to be updated.
# Password - The file path should be updated to the file created in STEP 1.
$ExchangeServer = http://exchange/PowerShell/
$AdminAccount = "DOMAIN\Administrator"
$SearchBase = "OU=RootContainer,DC=organization"
$Filter = "(&(objectCategory=user)(objectClass=user)(!msExchHomeServerName=*))"
$Password = cat C:\securestring.txt | convertto-securestring
# END OF CONFIGURABLE SECTION #
$UserCredential = New-Object -Typename System.Management.Automation.PSCredential -Argumentlist $AdminAccount,$Password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeServer -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session
Add-Type -Assembly Microsoft.ActiveDirectory.Management
Import-Module ActiveDirectory
$users = get-aduser -LDAPFilter $Filter -searchbase $SearchBase -searchscope "Subtree"
if ($users -ne $null)
{
foreach ($user in $users)
{
Enable-Mailbox $user.SamAccountName | Set-Mailbox -SingleItemRecoveryEnabled $true
}
}
#Exit-PSSession
Remove-PSSession -session $Session
Error during processing of SearchRequest targetting cn=changelog: Operation timed out
The following 3 exceptions were logged today in the Application Event log for a failed MIM DI run profle against an IdB adapter:
<p style="margin-top:5pt;margin-bottom:5pt;font-family:Calibri;font-size:11.0pt"><span lang="en-US">Log Name: Application</span><span lang="en-AU"><br> </span><span lang="en-US">Source: FIMSynchronizationService</span><span lang="en-AU"><br> </span><span lang="en-US">Date: 5/07/2017 12:44:09 PM</span><span lang="en-AU"><br> </span><span lang="en-US">Event ID: 6110</span><span lang="en-AU"><br> </span><span lang="en-US">Task Category: Management Agent Run Profile</span><span lang="en-AU"><br> </span><span lang="en-US">Level: Warning</span><span lang="en-AU"><br> </span><span lang="en-US">Keywords: Classic</span><span lang="en-AU"><br> </span><span lang="en-US">User: N/A</span><span lang="en-AU"><br> </span><span lang="en-US">Computer: AUHBSMIMWP0001.corp.qbe.com</span><span lang="en-AU"><br> </span><span lang="en-US">Description:</span><span lang="en-AU"><br> </span><span lang="en-US">The management agent "License Entitlements" step execution completed on run profile "DI" but the watermark was not saved.</span><span lang="en-AU"><br> </span><span lang="en-US"> </span><span lang="en-AU"><br> </span><span lang="en-US"> Additional Information</span><span lang="en-AU"><br> </span><span lang="en-US"> Discovery Errors : "0"</span><span lang="en-AU"><br> </span><span lang="en-US"> Synchronization Errors : "0"</span><span lang="en-AU"><br> </span><span lang="en-US"> Metaverse Retry Errors : "0"</span><span lang="en-AU"><br> </span><span lang="en-US"> Export Errors : "0"</span><span lang="en-AU"><br> </span><span lang="en-US"> Warnings : "0"</span><span lang="en-AU"><br> </span><span lang="en-US"> </span><span lang="en-AU"><br> </span><span lang="en-US"> User Action</span><span lang="en-AU"><br> </span><span lang="en-US"> View the management agent run history for details.</span><span lang="en-AU"><br> </span><span lang="en-US">Event Xml:</span><span lang="en-AU"><br> </span><span lang="en-US"><Event xmlns="</span><a href="http://schemas.microsoft.com/win/2004/08/events/event"><span lang="en-US">http://schemas.microsoft.com/win/2004/08/events/event</span></a><span lang="en-US">"></span><span lang="en-AU"><br> </span><span lang="en-US"> <System></span><span lang="en-AU"><br> </span><span lang="en-US"> <Provider Name="FIMSynchronizationService" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventID Qualifiers="32768">6110</EventID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Level>3</Level></span><span lang="en-AU"><br> </span><span lang="en-US"> <Task>1</Task></span><span lang="en-AU"><br> </span><span lang="en-US"> <Keywords>0x80000000000000</Keywords></span><span lang="en-AU"><br> </span><span lang="en-US"> <TimeCreated SystemTime="2017-07-05T02:44:09.000000000Z" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventRecordID>9375144</EventRecordID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Channel>Application</Channel></span><span lang="en-AU"><br> </span><span lang="en-US"> <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer></span><span lang="en-AU"><br> </span><span lang="en-US"> <Security /></span><span lang="en-AU"><br> </span><span lang="en-US"> </System></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventData></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>License Entitlements</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>DI</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> </EventData></span><span lang="en-AU"><br> </span><span lang="en-US"></Event></span></p> <p style="margin-top:5pt;margin-bottom:5pt;font-family:Calibri;font-size:11.0pt"><span lang="en-US">Log Name: Application</span><span lang="en-AU"><br> </span><span lang="en-US">Source: FIMSynchronizationService</span><span lang="en-AU"><br> </span><span lang="en-US">Date: 5/07/2017 12:44:09 PM</span><span lang="en-AU"><br> </span><span lang="en-US">Event ID: 6803</span><span lang="en-AU"><br> </span><span lang="en-US">Task Category: Management Agent Run Profile</span><span lang="en-AU"><br> </span><span lang="en-US">Level: Error</span><span lang="en-AU"><br> </span><span lang="en-US">Keywords: Classic</span><span lang="en-AU"><br> </span><span lang="en-US">User: N/A</span><span lang="en-AU"><br> </span><span lang="en-US">Computer: AUHBSMIMWP0001.corp.qbe.com</span><span lang="en-AU"><br> </span><span lang="en-US">Description:</span><span lang="en-AU"><br> </span><span lang="en-US">The management agent "License Entitlements" failed on run profile "DI" because the server encountered errors.</span><span lang="en-AU"><br> </span><span lang="en-US">Event Xml:</span><span lang="en-AU"><br> </span><span lang="en-US"><Event xmlns="</span><a href="http://schemas.microsoft.com/win/2004/08/events/event"><span lang="en-US">http://schemas.microsoft.com/win/2004/08/events/event</span></a><span lang="en-US">"></span><span lang="en-AU"><br> </span><span lang="en-US"> <System></span><span lang="en-AU"><br> </span><span lang="en-US"> <Provider Name="FIMSynchronizationService" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventID Qualifiers="49152">6803</EventID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Level>2</Level></span><span lang="en-AU"><br> </span><span lang="en-US"> <Task>1</Task></span><span lang="en-AU"><br> </span><span lang="en-US"> <Keywords>0x80000000000000</Keywords></span><span lang="en-AU"><br> </span><span lang="en-US"> <TimeCreated SystemTime="2017-07-05T02:44:09.000000000Z" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventRecordID>9375143</EventRecordID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Channel>Application</Channel></span><span lang="en-AU"><br> </span><span lang="en-US"> <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer></span><span lang="en-AU"><br> </span><span lang="en-US"> <Security /></span><span lang="en-AU"><br> </span><span lang="en-US"> </System></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventData></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>License Entitlements</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>DI</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> </EventData></span><span lang="en-AU"><br> </span><span lang="en-US"></Event></span></p> <p style="margin-top:5pt;margin-bottom:5pt;font-family:Calibri;font-size:11.0pt"><span lang="en-US">Log Name: Application</span><span lang="en-AU"><br> </span><span lang="en-US">Source: FIMSynchronizationService</span><span lang="en-AU"><br> </span><span lang="en-US">Date: 5/07/2017 12:44:09 PM</span><span lang="en-AU"><br> </span><span lang="en-US">Event ID: 6801</span><span lang="en-AU"><br> </span><span lang="en-US">Task Category: Server</span><span lang="en-AU"><br> </span><span lang="en-US">Level: Error</span><span lang="en-AU"><br> </span><span lang="en-US">Keywords: Classic</span><span lang="en-AU"><br> </span><span lang="en-US">User: N/A</span><span lang="en-AU"><br> </span><span lang="en-US">Computer: AUHBSMIMWP0001.corp.qbe.com</span><span lang="en-AU"><br> </span><span lang="en-US">Description:</span><span lang="en-AU"><br> </span><span lang="en-US">The extensible extension returned an unsupported error.</span><span lang="en-AU"><br> </span><span lang="en-US"> The stack trace is:</span><span lang="en-AU"><br> </span><span lang="en-US"> </span><span lang="en-AU"><br> </span><span lang="en-US"> "Unify.Product.IdentityBroker.LdapOperationException: Error during processing of SearchRequest targetting cn=changelog: Operation timed out.</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__9.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__33.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)</span><span lang="en-AU"><br> </span><span lang="en-US">Forefront Identity Manager 4.3.2195.0"</span><span lang="en-AU"><br> </span><span lang="en-US">Event Xml:</span><span lang="en-AU"><br> </span><span lang="en-US"><Event xmlns="</span><a href="http://schemas.microsoft.com/win/2004/08/events/event"><span lang="en-US">http://schemas.microsoft.com/win/2004/08/events/event</span></a><span lang="en-US">"></span><span lang="en-AU"><br> </span><span lang="en-US"> <System></span><span lang="en-AU"><br> </span><span lang="en-US"> <Provider Name="FIMSynchronizationService" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventID Qualifiers="49152">6801</EventID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Level>2</Level></span><span lang="en-AU"><br> </span><span lang="en-US"> <Task>3</Task></span><span lang="en-AU"><br> </span><span lang="en-US"> <Keywords>0x80000000000000</Keywords></span><span lang="en-AU"><br> </span><span lang="en-US"> <TimeCreated SystemTime="2017-07-05T02:44:09.000000000Z" /></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventRecordID>9375142</EventRecordID></span><span lang="en-AU"><br> </span><span lang="en-US"> <Channel>Application</Channel></span><span lang="en-AU"><br> </span><span lang="en-US"> <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer></span><span lang="en-AU"><br> </span><span lang="en-US"> <Security /></span><span lang="en-AU"><br> </span><span lang="en-US"> </System></span><span lang="en-AU"><br> </span><span lang="en-US"> <EventData></span><span lang="en-AU"><br> </span><span lang="en-US"> <Data>Unify.Product.IdentityBroker.LdapOperationException: Error during processing of SearchRequest targetting cn=changelog: Operation timed out.</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__9.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__33.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()</span><span lang="en-AU"><br> </span><span lang="en-US"> at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)</span><span lang="en-AU"><br> </span><span lang="en-US">Forefront Identity Manager 4.3.2195.0</Data></span><span lang="en-AU"><br> </span><span lang="en-US"> </EventData></span><span lang="en-AU"><br> </span><span lang="en-US"></Event></span></p>
This is the first time I've seen a timeout occur for a DI to the change log - is there something that can be set specifically to mitigate this? So far indexing issues have impacted only full imports, but not deltas - and these are mitigated by daily index rebuilds.
Hi Bob,
Which version of Identity Broker is installed, and do you have any patches installed for Unify.IdentityBroker.ChangeLog.Repository.Sql.dll? As of Identity Broker v5.1, there should no longer be any SQL locking around access to the changelog context. This change will also be included in an upcoming Identity Broker v5.0 release, although it is not present in the current v5.0.5 RC1.
Post-Provisioning in IdBPlus After Object Creation in Target?
The documentation says that the post-provisioning task will run "after the new target entity is committed to the target entity space." This leads me to believe that the object might not actually be in the target connected system yet, it's only in the IdBPlus connector. If I, for example, ran a mailbox provisioning in post-provisioning task will the AD account definitely be there by the time post-provisioning runs?
Hi Daniel,
Thanks for the great question! Yes, post-provisioning tasks run AFTER the entity has been pushed out to the target system. I'll update the documentation to make this point clearer.
Sync Schedule in IdBPlus. Polls Adapter or Connector?
When you set a Sync Schedule in IdBPlus does the schedule define how often it checks the adapter for changes or does it override the connector schedule?
Hi Daniel,
They relate to how often it checks for changes in adapters. The basic process is as follows:
- Connector import (manual or scheduled)
- Change detection process detects changed connector entities
- Entries created in changes register to indicate connector entities which have changed
- Reflection runs (scheduled every few seconds), processes changed connector entities and updates adapter entities
- Entries created in sync changes register to indicate adapter entities which have changed
- Synchronization runs (manual or scheduled), processes changed adapter entities and updates locker entities
cd-error exporting to SharePoint Users
I am receiving cd-errors when exporting users to Sharepoint. I have found the following issue which is resolved by using adapter DN template of UID=@IdBID,however I am already using this config.
There is no other debugging information provided. How can I resolve this?
http://voice.unifysolutions.net/topics/2860-cd-error-exporting-to-idb/
Hi Matt,
Please try the patch from DN Creation not escaping LDAP Reserved Characters.
Unable to cast object of type 'Unify.Product.IdentityBroker.RfcBulkUpdateResponse' to type 'Unify.Product.IdentityBroker.Rfc2251.IRfcRequest
Error being raised in IdB 5.1 not sure of the impact as yet.
Handling of LDAP Bulk Update request received from user mim on connection 127.0.0.1:55606 failed with error ""Unable to cast object of type 'Unify.Product.IdentityBroker.RfcBulkUpdateResponse' to type 'Unify.Product.IdentityBroker.Rfc2251.IRfcRequest'."". Duration 00:01:23.1812324.",Normal 20170630,05:43:41,UNIFY Identity Broker,LDAP Engine,Error,"An error occurred on client from 127.0.0.1:55606. More details: Internal Server Error #11: System.InvalidCastException: Unable to cast object of type 'Unify.Product.IdentityBroker.RfcBulkUpdateResponse' to type 'Unify.Product.IdentityBroker.Rfc2251.IRfcRequest'.nformation,"Request to update entity to connector. Request to update entities [Count:1] to connector SharePoint User Profile.",Normal 20170630,05:43:41,UNIFY Identity Broker,Connector,Information,"Update entities to connector completed. Update entities 1 to connector SharePoint User Profile reported 1 entities saved. Duration: 00:00:00.5780823",Normal 20170630,05:43:41,UNIFY Identity Broker,Adapter,Informati at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t) at System.Threading.Tasks.Task.Execute() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__33.MoveNext()",Normal 20170630,05:43:41,UNIFY Identity Broker,Adapter,Information,"Request to reflect change entities of the adapter. Request to reflect change entities of the SharePoint Profiles (4e96758c-06c5-44dd-9f32-557b3e75d16f) adapter started.",Verbose 20170630,05:43:41,UNIFY Identity Broker,Changes register engine,Information,"Request to retrieve changes register context. Request to retrieve changes register context started.",Verbose
Hi Matt,
Thanks for raising this. In this case the error is legitimate, although there's a mistake in the reporting of the error which needs to be corrected. The attached Unify.IdentityBroker.LDAP.Engine.dll should correct the error reporting.
The actual error is due to the fact that Identity Broker failed to reply to an LDAP request because the connection was closed by the remote client, most likely because the remote client timed out.
Customer support service by UserEcho
