Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Aurion IdB Connection timing out
My Aurion connectors are giving errors - I suspect a network / timeout issue. Is that just a matter of increasing the timeout for the agent (or getting a better network)?
Change detection engine import all items failed.
Change detection engine import all items for connector XXXXXX Security failed with reason Unable to connect to the remote server. Duration: 00:00:21.0082077
Error details:
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
This doesn't sound like the typical client timeout (https://unifysolutions.jira.com/wiki/display/IDBAUR51/Operation+fails+with+timeout+error). You could look at the connect timeout setting in the IIS site hosting the endpoint. However, it seems unusual for a connection to take this long to establish, suggesting possible network issues.
UI quirk when adding adapter transformations
When adding a new transformation, the UI defaults to the first Constant Value transformation:
The details field says Select a transformation for more information
When you then click the dropdown and choose Constant Value:
No real issue, just a quirk. May be worth showing the transformation explanation as default for the first selected one or adding a blank transformation option as the default selection in the dropdown.
Rename transformation could update existing references to field
Currently when adding an adapter, it is expected to contain LDAP compliant fields. If the fields are not LDAP compliant (contain invalid characters) then it recommends automatically adding rename transformations to LDAP compliant names.
When you add the adapter; however, it allows you to use invalid named fields to set the DN template.
Idea is that either the field name transformations are able to be added before setting the DN template (so that on creation all fields are LDAP compliant), or when a rename transformation is added it gives the option to update all existing references to the name (so that the DN template would be updated from the old value to the new value).
Two identical transformations producing different results in same adapter
The following 2 identical transformations are being used to flow the same data into 2 separate CS properties being used in the FIM configuration for different purposes.
The data in each property should be identical, but it is not ... there are some 1.3K users with nulls in the DEPARTMENTS field but which have values in the ALLDEPARTMENTS field, e.g.
3.5K have values in both.
Please advise what could be causing the null values in the second property, but only for about a quarter of the user base?
This is having a significant impact at CSODBB where the data in the original mapped value (DEPARTMENTS) is now significantly compromised. There is only one user with a null value in the ALLDEPARTMENTS property.
Note that in testing both values always had the same values present - this is only something which I have spotted since the change to introduce the second transform was promoted before Christmas.
Logged for customer against https://unifysolutions.jira.com/browse/CSODBB-536
What do you mean by "2 identical transformations"? They are not the same, one has a string filter, whereas the other does not. Check the configuration for the filter.
Changes register item processing on connector Chris21 Work Address Connector failed with reason The column adrline1 is not a pre-existing column in adapter Chris21 Person
The Connector import complete but we receive the error in the logs, do we need to bring the adrline1 column into the adapter by itself as well?
Changes register item processing on failed.
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Product.IdentityBroker.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request)
Hi André,
Did you check for existing instance of this issue? Please follow the resolution from http://voice.unifysolutions.net/topics/2675-unifyproductidentitybrokeradaptercolumnexception-the-column-erhrstrcdtrn-is-not-a-pre-existing/ (either discontinue use of v4.0.x, or install the available patch).
An FYI, a notice will be going out shortly about End of Product Life, so support for v4.0 will be ending (as per https://unifysolutions.jira.com/wiki/display/IDB/End+of+Product+Life+Policy).
Thanks.
Odd behaviour in Aurion/IdB5
While sending out updates to an attribute on users (email) in sewcurity connector, FIM reported errors (cd-error). The process sat spinning for an age. The log file reported success.
Only cosmetic - the next import showed the updates had happened and the pending exports cleared. Not sure if it is a bug or just the way it works, but worth documenting.
Connector failed with reason The key <null> has been duplicated
Aurion Security connector. Supposedly the prod and test instances are identically configured. In TEST I can connect security connector, retrieve and configure schema and then import all and get the users. In Prod, the connect and schema retrieval works, but the import all gives the following error. I have a copy of the XML file generated by the query and cannot see anything obviously wrong with it. Just wondering if you can suggest where I might look next?
Connector processing failed.
Connector Processing page 1 for
connector ProdSec failed with reason The key <null> has been
duplicated.. Duration: 00:00:00.0156193.
Error details:
System.ArgumentException: The key <null> has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
at
Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1
originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3
duplicateAction)
at
Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1
connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid
connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at
Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1
connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3
context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1
seenKeys)
at
Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1
connectorEntities, Int32& index, Int32 entitiesProcessedSoFar,
IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at
Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<PerformChangeDetection>b__0(IEnumerable`1
page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
Is it failing with the same connector configuration file? Or are you rebuilding? If rebuilding please confirm that the schema field mappings are there and match what was in test.
Office Connector Export fails with ma-extension-error - The dimage indicates an add attrib operation, but the attrib already exists on the object
Using
- Identity Broker Service 5.0.5
- Identity Broker for Office Enterprise 5.0.1.5
- Identity Broker for FIM 5.1.0 DEV
The following 2 entries appeared this morning in the Application event log on an IMPORT from the License Assignments MA:
Log Name: Application?Source: FIMSynchronizationService?Date: 27/01/2017 9:09:34 AM?Event ID: 6301?Task Category: Server?Level: Error?Keywords: Classic?User: N/A?Computer: AUHBSMIMWP0001.corp.qbe.com?Description:?The server encountered an unexpected error in the synchronization engine:? ? "BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX-GRS-GeneralInformation</value></attr><attr name="immutableId" type="string" multivalued="false"><value>CSE8gkANXU2N9pcjqwbMgQ==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-GeneralInformati</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0"?Event Xml:?<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">? <System>? <Provider Name="FIMSynchronizationService" />? <EventID Qualifiers="49152">6301</EventID>? <Level>2</Level>? <Task>3</Task>? <Keywords>0x80000000000000</Keywords>? <TimeCreated SystemTime="2017-01-26T22:09:34.000000000Z" />? <EventRecordID>5451582</EventRecordID>? <Channel>Application</Channel>? <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer>? <Security />? </System>? <EventData>? <Data>BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX-GRS-GeneralInformation</value></attr><attr name="immutableId" type="string" multivalued="false"><value>CSE8gkANXU2N9pcjqwbMgQ==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-GeneralInformati</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0</Data>? </EventData>?</Event> Log Name: Application?Source: FIMSynchronizationService?Date: 27/01/2017 9:09:34 AM?Event ID: 6301?Task Category: Server?Level: Error?Keywords: Classic?User: N/A?Computer: AUHBSMIMWP0001.corp.qbe.com?Description:?The server encountered an unexpected error in the synchronization engine:? ? "BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX GRS-AS-Impairment</value></attr><attr name="immutableId" type="string" multivalued="false"><value>QfKC/JeKAUm1iIbIsMJivg==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-AS-Impairment</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0"?Event Xml:?<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">? <System>? <Provider Name="FIMSynchronizationService" />? <EventID Qualifiers="49152">6301</EventID>? <Level>2</Level>? <Task>3</Task>? <Keywords>0x80000000000000</Keywords>? <TimeCreated SystemTime="2017-01-26T22:09:34.000000000Z" />? <EventRecordID>5451581</EventRecordID>? <Channel>Application</Channel>? <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer>? <Security />? </System>? <EventData>? <Data>BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX GRS-AS-Impairment</value></attr><attr name="immutableId" type="string" multivalued="false"><value>QfKC/JeKAUm1iIbIsMJivg==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-AS-Impairment</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0</Data>? </EventData>?</Event>
The delta import in MIM itself shows no errors on the Operations tab for the DI run profile, but the error was thrown to the event log at the exact time the DI operation completed.
The DI shows the 2 identities in the above XML error text in a delete/add scenario (3 adds and 2 deletes - where the 2 deletes appear as renamed user objects) as follows:
- UID=GRS-AS-Impairment@QBE.onmicrosoft.com => UID=GRS-AS-Impairment@us.qbe.com
- UID=GRS-GeneralImformati@QBE.onmicrosoft.com => UID=GRS-GeneralImformatiion@us.qbe.com
Both of the above renames look legitimate scenarios due to the way the AAD object is provisioned and subsequently an O365 mailbox is created as a part of the license assignment process. The cloud UPN was chosen as anchor for the FIM MA in lieu of the immutableId (Base64 of AD guid) for readibility reasons, and hence the delete/add scenario is not undesirable in this case. However there shouldn't be an exception being thrown here.
There are 27 instances of this error in the past 3 days - however there is no obvious impact on the MA in MIM (objects do not show as being in error) - hence I am assigning this a low priority.
Cross reference to JIRA issue QBE-73.
Agent summary screen UI error
Assume in all IdB51 not just aurion
Agent screen, select an agent, summary screen shows "connectors" (and links to the connectors) then "Agents" with links to the adapters. I think that word should be Adapters :)
Thanks for picking this up Eddie.
Will be corrected in an upcoming release.
Schema provider not committing updated schema
Just installed IdB 5.1 and Aurion connector. Set up Agent and set up connector. Tried to retrieve schema from query - that was successful - but the button proceed with schema did nothing (for ages) then threw error:
Error
System.ArgumentException: The parameters dictionary
contains a null entry for parameter 'connectorId' of non-nullable type
'System.Guid' for method 'System.Web.Mvc.ActionResult
ConnectorDetails(System.Guid)' in 'Unify.Connect.Web.ConnectorController'. An
optional parameter must be a reference type, a nullable type, or be declared as
an optional parameter.
Parameter name: parameters
at System.Web.Mvc.ActionDescriptor.ExtractParameterFromDictionary(ParameterInfo
parameterInfo, IDictionary`2 parameters, MethodInfo methodInfo)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext
controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext
controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__36(IAsyncResult
asyncResult, ActionInvocation innerInvokeState)
at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult
asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult
asyncResult)
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3c()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass45.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3e()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult
asyncResult)
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<>c__DisplayClass28.<BeginInvokeAction>b__19()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<BeginInvokeAction>b__1b(IAsyncResult
asyncResult)
Going back into the connector and the schema has saved (with no unique key, so that might be why the error) so maybe this is just cosmetic/timing issue.
I'm unable to reproduce, it might be a browser issue (e.g. browser not including the connectorId in the post). I've cleaned up the view and fixed something that some browsers don't like (stopped hiding UI form elements that are already of type hidden). Reopen if issue reoccurs in next v5.1/v5.2 release.
Customer support service by UserEcho
