Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

MA stopped-extension-dll-exception

Eddie Kirkman 8 years ago updated by anonymous 8 years ago 3

Our Identity broker MA is failing on its Delta Imports with the ever helpful "stopped-extension-dll-exception" error.

From Event Viewer, I get:

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: Error during processing of SearchRequest targetting cn=changelog: Operation timed out while waiting for message queue with id of 10. ---> System.OperationCanceledException: Operation timed out while waiting for message queue with id of 10.
at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.3.2266.0"

Apart from the fact that there was a dll exception, any idea what this is about or where to look for more useful information? I am seeing nothing with any errors in the IdB logs.

Answer
anonymous 8 years ago

Please try with the patch from http://voice.unifysolutions.net/topics/2672-delta-import-timeouts-on-identity-broker-51-management-agents/ (Unify.IdentityBroker.ChangeLog.Repository.Sql.dll - for the appropriate version of Identity Broker).

0
Answered

cd-error exporting to IdB

Carol Wapshere 8 years ago in UNIFYBroker/Aurion updated by anonymous 8 years ago 17

I need some help troubleshooting an issue exporting updates to Aurion Security Users.

- The IdB connector is using the standard Aurion Security User connector.

- The adapter connects only to the connector - no joins or transformations.

- When I try to export from MIM I see "cd-error" on all exports - but there is no message.

- There is nothing in the IdB logs about this adapter at all - it's like it isn't even getting that far.

- I can refresh the MA schema, I have also cleared the connector space and re-imported from IdB - so I know connectivity to IdB is fine.

I have tried enabling Verbose logging and an IdB trace (sent separately). I'm looking for suggestions about how else I can troubleshoot this.

Answer
anonymous 8 years ago

Resolved by switching the adapter DN template to UID=@IdBID

0
Answered

Data Transformation on fetching previous position end date

Jerry Natarajan 8 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 8 years ago 4

Hi,

I am trying to do a data transformation in Chris 21 person Adapter in IdB 4.1

Connector: Ch21 Placement connector

join criteria: detnumber

What I want to achieve:

select top 1 posenddate from all positions held(sort on desc) where end date is NOT null(which will be current position, so we don't want that)

is there a way to do this OOTB in IdB 4.1?

Answer
anonymous 8 years ago

The current set of join transformation options will all pick the open transformation, with the only way to select the previous being to change the offset of the window - which is not quite what you're after. In v5.1 you would be able to write the logic yourself using the PowerShell transformation. I believe your options are:

  • Use your solution logic to do the selection;
  • Update to v5.1 and use the PowerShell transformation;
  • Write an extended transformation using code (not recommended as it's not trivial).
0
Declined

Duplicates from Aurion

Carol Wapshere 8 years ago in UNIFYBroker/Aurion updated by anonymous 8 years ago 12

Question on whether we can make the Aurion connector more resilient to a specific issue I'm seeing where Aurion will repeatedly send all report data twice. It sends the full set of output between <DocumentRoot> and </DocumentRoot>, then starts all over again, this time skipping the opening <DocumentRoot> tag but still terminating with a final </DocumentRoot>.

The problem is definitely on the Aurion side and the customer has raised a support ticket - but at the same time perhaps we can make IdB a bit more resilient? If it ignored everything after the first </DocumentRoot> we'd be ok here. If there's a good reason why we can't do that then that's ok - I just want to be able to explain to the customer.

Answer
anonymous 8 years ago

Looks like fields are missing including the most important - Person_Number!

0
Declined

Resync of IDB Adapter Entities with FIM MA without a Full Import

Richard Green 9 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 3

As discussed with Curtis:

Recently at DET (and at TAFE) we have experienced some issues with IDB where one or more entities in the Adapter get out of sync with the entity state on the associated MA in FIM. This results in a few error conditions:

Delta imports of entities in this state usually present with a staging-error on the MA.

eg.

Image 3731


Exporting changes to entities in this state usually results in an error similar to this:

Internal Server Error #9:
Unify.Product.IdentityBroker.LDAPModifyException: Cannot add the value 43-61-72-6D-65-6C to the existing,
non-multivalue field SAFE-MiddleName.


   at Unify.Product.IdentityBroker.LDAPModifyRequestToEntityConverter.HandleAttributeValueAdd(IModifyRequestOperation
op, IAdapterEntity entity, IEntitySchema schema)


   at
Unify.Product.IdentityBroker.LDAPModifyRequestToEntityConverter.Transform(IRfcModifyRequest
sourceValue, IAdapterEntity origEntity)


   at
Unify.Product.IdentityBroker.ModifyRequestHandler.InnerApplyTransformation(IHandleRequestCoreRequest
request, LDAPModifyRequestToEntityConverter converter)

The advice to-date on how to resolve this issue is "run a full import/full sync" or alternatively "clear the entity from IDB and re-import". While both of these actions usually work, they aren't always a valid/practical option in an operational environment. (Here at DET, running a Full Import/Sync on SAFE consumes most of the day, and block all other operations while it's running.)

I was discussing this issue with Curtis, and he suggested that a change to the FIM Adapter might be possible to address this. Essentially adding in some logic to identify and flag records that have failed with either a staging error on import, or specific IDB related export errors (Likely text file store in the MA data directory).

Then on the next delta import, any existing records that are flagged could be requested and supplied as a full object, in order to re-sync it's state with FIM.

Does this sound feasible?

Cheers

Richard

0
Not a bug

Chris21 Connector updating source attributes, that are not configured

Jerry Natarajan 9 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 9 years ago 5

@HSF, We migrated IdB4.0 to 4.1 and we have configured in FIM to flow email address to update back in chris21. And during testing chris21 tech team found that IdB is updating attributes like surname, dob etc in addition to email address. I checked all connector and adapter configuration, there is no flow to the above attributes. in FIM there is just one export flow from MV to chris21 person, email address. I can send the adapter and connector config, but couldnt find a way to add them here.

Image 3730

Answer
anonymous 9 years ago

Jerry confirmed that this was the case.

0
Not a bug

Error on import from chris21

Jerry Natarajan 9 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 8 years ago 5

I'm getting the following error on import from Identity Broker for chris21 v4.1.

Change detection engine import all items failed.Change detection engine import all items for connector Chris21 Person Connector failed with reason An error occurred while evaluating a task on a worker thread. See the inner exception details for information.. Duration: 00:00:51.0016320
Error details:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread. See the inner exception details for information. ---> System.ArgumentException: An item with the same key has already been added.
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
at System.Linq.Enumerable.ToDictionary[TSource,TKey](IEnumerable`1 source, Func`2 keySelector)
at Unify.Product.IdentityBroker.PageableEntityChangesReportGenerator`2.ToDistinctChangesEnumerable(IEnumerable`1 entitiesWithKey, IHashSet`1& knownEntityKeys)
at Unify.Product.IdentityBroker.PageableEntityChangesReportGenerator`2.CreateDifferencesReport(IEnumerable`1 knownEntities, IEnumerable`1 newEntities)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass12_0.<PerformChangeDetection>b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
--- End of inner exception stack trace ---
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForAvailableThread()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass27_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)

Answer
anonymous 8 years ago

Issue was resolved via data refresh.

0
Answered

Need to join based on a value being NULL

Carol Wapshere 9 years ago in UNIFYBroker/Aurion updated by anonymous 9 years ago 13

Aurion is giving me multiple security records per person. I have been told the only way to select the correct record is to go for the one where "Clearance Date To" is NULL. How do I do this in IdB 5?

Answer
anonymous 9 years ago

The Aurion query tool should allow you to do this (Filters). Otherwise select a key that provides uniqueness and use the available transformations or solution code to select the correct record.

0
Answered

Connector config not showing

Eddie Kirkman 9 years ago updated by anonymous 8 years ago 4

I know I have seen this before, but cannot find it anywhere.

The ISAS connector at TAFE is a SQL connector and is not showing me its config in any kind of user friendly way. Any idea what needs to be done to rectify? I assume (but do not know) that it used to be correct.

Image 3716

Answer
anonymous 8 years ago

No response.

0
Declined

SQL AlwaysOn support

Bob Bradley 9 years ago updated by anonymous 8 years ago 4

Does IdentityBroker support the SQL AlwaysOn Availability Groups feature introduced with SQL2016? An "early adopter" preview of a MIM2016 supporting this feature has just been made available to MVPs, and with growing awareness of this feature, it would be good to put this on the roadmap if it's not already there.

Answer
anonymous 8 years ago

No demand or subsequent requests. Closed.