Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Modify type returned by Time Offset Flag transformation.

Matthew Woolnough 8 years ago updated by anonymous 8 years ago 1

The value output by the Time Offset Flag Transformation that FIM imports from IdB 3.x is interpreted as a boolean.  There might be some automatic casting occurring based on selection of the attribute type in the Identity Broker FIM connector. 

5.1 returns a string and the automatic casting is not available.

Is there any way to select the returned object type? 

Answer
anonymous 8 years ago

Hi Matt,

No, the type of the field generated by a Time Offset Flag transformation must be a string type and cannot currently be changed.

0
Fixed

Reflection fails with "An item with the same key has already been added"

Matthew Woolnough 8 years ago updated by anonymous 8 years ago 11

Accountname is a DistinguishedName attribute & is used in Sharepoint connector as the Key and also as the DN in adapter. 

Image 4174


No key duplication errors are being seen. 

Data can be imported without error with Adapter disabled.  

When 'Generate Changes' is performed the error below is thrown. Is this the correct way to use a DN attribute as a DN? Not sure if this is a bug or misconfiguration.

<AdapterConfiguration AdapterId="4e96758c-06c5-44dd-9f32-557b3e75d16f" AdapterName="SharePoint Profiles" containerName="SPUsers" enabled="false" BaseConnectorId="770d9450-dcc8-41c9-b0b4-bc2d46fdc3ae" class="person">
      <dn template="[AccountName]" />
      <Groups />
      <adapterEntityTransformationFactory name="Sequential">
        <adapter name="Move" key="1bec7d3a-9384-49b6-ad4b-8266e5a286b0">
          <Extended>
            <columnMappings>
              <columnMapping SourceAttribute="UserProfile_GUID" TargetAttribute="UserProfileGUID" />
            </columnMappings>
          </Extended>
        </adapter>
      </adapterEntityTransformationFactory>
    </AdapterConfiguration>


20170605,07:13:28,UNIFY Identity Broker,Adapter,Error,"Request to reflect change entities of the adapter.
Request to reflect change entities of the SharePoint Profiles (4e96758c-06c5-44dd-9f32-557b3e75d16f) adapter errored with message: An item with the same key has already been added.. Duration: 00:00:00.5937686
Error details:
System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.Adapter.ConvertPageAndUpdateContainers(IEntity[] entities, Boolean updateContainers)
   at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner()
   at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
   at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges()
   at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
   at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<RunBase>b__9_0(IOperationalAdapter adapter)",Normal


Answer
anonymous 8 years ago

Hi Matt,

I have identified the cause of the issue, and the following Unify.Framework.IO.LDIF.dll, when placed into the Services directory, should resolve this. This patch will be included in future versions of Identity Broker v5.1 and up.

0
Answered

The Connector Does not support anchor modification

Werner Deysel 8 years ago in UNIFYBroker/Workday updated by anonymous 8 years ago 1 1 duplicate

Hi,

i dont find much documentation on error codes for the Identity Broker, but this anchor modification is a new error that i see in the exporting errors.

Can someone explain to me what this is, and how to fix this?

Answer
anonymous 8 years ago

Hi Werner,

This is currently documented at Anchor Modification and Handling Renames. It means that the solution is attempting to update the value of the key field for the connector - for a connector that doesn't support the operation. The fix is to stop attempting these operations.

Thanks.

0
Answered

Query T001F065_ACTUAL_POSITION_NO in IdB 5.x Aurion Position query

Matthew Woolnough 8 years ago in UNIFYBroker/Aurion updated by anonymous 8 years ago 5

Client DBA was able to determine that the Aurion position connector actually runs 3 queries in IDB version 3 and 5.  

The first and third are identical but the second script is totally different. 

In version 3, the position appears to be retrieved from "T001F065_ACTUAL_POSITION_NO" whereas in version 5 appears to try to determine position information from "T101F005_POSITION_NO". 

Is it possible to have the position query retrieve data from "T001F065_ACTUAL_POSITION_NO" in IdB 5.x?



Answer
anonymous 8 years ago

OK, It sounds as though there is a misalignment between dev & prod. Will ask them to update the environment.

0
Answered

Boolean Constant attribute appears as String in connector space

Matthew Woolnough 8 years ago updated by anonymous 8 years ago 13

As shown in the image below, Boolean constant appears as a string in the Connector Space. 



Image 4169

Answer
anonymous 8 years ago

Without knowing what sharing exists in MIM between MAs for identical object types and attributes, it seems you have a bug on your hands. You've demonstrated that we are reporting the correct type to MIM and that MIM is capable of understanding the schema correctly, but for some reason with that name it's stuck thinking it's a string. You'll have to either raise a support ticket with Microsoft, or stick to the changed field name and move on.

0
Not a bug

Export Returns Entity Schema Validation Error

Aneesh Varghese 8 years ago in UNIFYBroker/Microsoft Dynamics CRM updated by anonymous 8 years ago 4

Image 4165

Previous Version: Microsoft Dynamics CRM Connector 4.1.1.1

Upgraded Version: Microsoft Dynamics CRM Connector 5.1.0.0

Management Agent Export Error:

System.Exception: A -2147204326 fault occurred with message A validation error occurred.  The value of 'address3_addresstypecode' on record of type 'contact' is outside the valid range.. See the server logs for details.

[Microsoft.Crm.ObjectModel: Microsoft.Crm.ObjectModel.TargetAttributeValidationPlugin]
[fc743e7d-fbea-4695-bdb9-7d78334c8474: TargetAttributeValidationPlugin]


   at Unify.Product.IdentityBroker.DynamicsCrmAgent.GetException(OrganizationServiceFault fault)

 

IdB Stack Trace

Request to retrieve logs.
Request to retrieve logs failed with message Collection was modified; enumeration operation may not execute.. Date: 31/05/2017. Skip: 0. Take: 10. Search: address3_addresstypecode. Duration: 00:00:03.7129126
Error details:
System.InvalidOperationException: Collection was modified; enumeration operation may not execute.
at System.Collections.Generic.List`1.Enumerator.MoveNextRare()
at System.Linq.Enumerable.WhereListIterator`1.MoveNext()
at System.Linq.Enumerable.<SkipIterator>d__4d`1.MoveNext()
at System.Linq.Enumerable.<TakeIterator>d__3a`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.Logging.LoggingEngineNotifierDecorator.<>c__DisplayClass6_0.<ReadLogSearch>b__0()
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Framework.Logging.LoggingEngineNotifierDecorator.ReadLogSearch(DateTime date, String search, Int32 skip, Int32 take)
at Unify.Product.IdentityBroker.IdentityServiceCollector.ReadLogSearchSkipTake(DateTime date, String search, Int32 skip, Int32 take)
at SyncInvokeReadLogSearchSkipTake(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)


Answer
anonymous 8 years ago

Confirmed this is a CRM/client specific issue and can be safely ignored. 

0
Answered

The new ECMA 2.0 IdB MA export run profile returns "cd-error" after the IdB/CRM Connector upgrade (from v4.x to v5.1.x)

Aneesh Varghese 8 years ago in UNIFYBroker/Microsoft Dynamics CRM updated by anonymous 8 years ago 11

The new ECMA 2.0 IdB Mangement Agent Export Run Profile Returns "cd-error" after the IdB/CRM Connector Upgrade (from v4.x to v5.1.x)

Previous Version: Microsoft Dynamics CRM Connector 4.1.1.1

Upgraded Version: Microsoft Dynamics CRM Connector 5.1.0.0


IdB error logs

.Net SqlClient Data Provider:

System.Data.SqlClient.SqlException (0x80131904): Transaction (Process ID 56) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.

   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

       .....

Error Number:1205,State:48,Class:13

Image 4161

Answer
anonymous 8 years ago

Summary from Aneesh (private comment):

To recap, this issue is caused by imports and exports to CRM (though via different connectors) running at the same time and timing out. Curtis, you suggested running two operations in isolation. I reviewed the CRM Management Agents (MA) and I can see that this MA (Dynamics CRM – Export) is only used for exporting change back to the CRM and there is a separate MA called “Dynamics CRM – Users” is created to import changes from CRM. I am not sure why two separate management agents created instead of just one for both import and export operations. I will check with the client. If no real reason, I will recommend merging both MA’s into just one MA to avoid any concurrency issues.
0
Answered

Date handling changes

Matthew Woolnough 8 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 4

I have a date attribute in my Aurion Adapter called DateCommenced.  

In the IdB UI it appears as 2010-05-24. 

When it imports into MIM, it's a string type and is shown in the connector space as:

2010-05-24T00:00:00:000

When I look at FIM, (which we're replacing) it's also a string type, however it's shown in the connector space as:

2010-05-24

Has something changed in the handling of Dates between 3.x and 5.x? 

0
Not a bug

Time Offset Flag Transformation throws error when no data present

Matthew Woolnough 8 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 6

The UI is displaying "Specified argument was out of the range of valid values. Parameter name: key"  after configuring a Time Offset Flag Transformation.   Looking at the data, there is nothing currently in the column, I suspect this might be causing the error. 

There are two configured transformations:

<adapter name="TimeOffsetFlag" key="e761c890-313b-4b88-bfcf-272595dcf784">
  <Extended offset="-P15DT10H" sourceColumn="DateCommenced" destinationColumn="EmployeeStarted" LesserValue="True" EqualValue="True" GreaterValue="False" NullValue="False" adjustForLocal="false" xmlns="" />
</adapter>
<adapter name="TimeOffsetFlag" key="00eaab5c-89e9-41b4-9728-e7b342d07db8">
  <Extended offset="PT10H" sourceColumn="DateTerminated" destinationColumn="EmployeeTerminated" LesserValue="False" EqualValue="True" GreaterValue="False" NullValue="True" adjustForLocal="false" xmlns="" />
</adapter>

The first one foes not throw an error. The second one does.



Answer
anonymous 8 years ago

Hi Matt,

Where is the UI displaying this error? Is it under the Transformations section, between a heading Time Offset Flag and its corresponding description? Please ensure that you don't have duplicate column names in your adapter, i.e. that there isn't already a column named DateTerminated. If there is, either rename the existing column or change the Target for the Time Offset Flag Transformation.

0
Fixed

Object reference not set to an instance of an object error when attempting to retrieve schema

Matthew Woolnough 8 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 9

When trying to retrieve schema, MIM throws error below.

Log Name:      Application
Source:        FIMSynchronizationService
Date:          30/05/2017 8:44:54 AM
Event ID:      6801
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dc1devfim01.dev.apra.gov.au
Description:
The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Unify.Product.IdentityBroker.LdapOperationException: Object reference not set to an instance of an object.
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   at Unify.Product.IdentityBroker.LdapConnection.GetSchema(String schemaDn)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.Aggregate[TSource](IEnumerable`1 source, Func`3 func)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_LdapSchema()
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
   at Unify.Product.IdentityBroker.UnifyLdapConnector.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.4.1459.0"
Error in logs is as follows:
20170529,22:44:53,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read completed successfully.",Verbose
20170529,22:44:53,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP schema request.
Handling of LDAP schema request from user mim on connection 127.0.0.1:65135 for the server schema failed with error ""Ob
ject reference not set to an instance of an object."". Duration: 00:00:00.",Normal
20170529,22:44:53,UNIFY Identity Broker,LDAP Engine,Error,"An error occurred on client from 127.0.0.1:65135. More detail
s:
Internal Server Error #11: System.NullReferenceException: Object reference not set to an instance of an object.
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken tok
en, Action`1 postAction)
   at Unify.Product.IdentityBroker.RequestHandlerAuditingDecorator.HandleRequest(IRfcLdapMessage message, CancellationTo
ken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPRequestHandlerSecurityDecorator.HandleRequest(IRfcLdapMessage message, Cancellati
onToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__33.MoveNext()",Normal
20170529,22:44:53,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP unbind request.
Handling of LDAP unbind request received on connection mim to connect as user 127.0.0.1:65135 started.",Verbose
20170529,22:44:53,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level


Answer
anonymous 8 years ago

Hi Matt,

Thanks for the feedback, I agree that the product could handle this more gracefully, and we'll take it into consideration.

For your immediate issue, you should be able to resolve this by removing the container corresponding to the previous container name and re-populating the adapter entity context.