Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Odd behaviour in Aurion/IdB5
While sending out updates to an attribute on users (email) in sewcurity connector, FIM reported errors (cd-error). The process sat spinning for an age. The log file reported success.
Only cosmetic - the next import showed the updates had happened and the pending exports cleared. Not sure if it is a bug or just the way it works, but worth documenting.
Connector failed with reason The key <null> has been duplicated
Aurion Security connector. Supposedly the prod and test instances are identically configured. In TEST I can connect security connector, retrieve and configure schema and then import all and get the users. In Prod, the connect and schema retrieval works, but the import all gives the following error. I have a copy of the XML file generated by the query and cannot see anything obviously wrong with it. Just wondering if you can suggest where I might look next?
Connector processing failed.
Connector Processing page 1 for
connector ProdSec failed with reason The key <null> has been
duplicated.. Duration: 00:00:00.0156193.
Error details:
System.ArgumentException: The key <null> has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
at
Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1
originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3
duplicateAction)
at
Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1
connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid
connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at
Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1
connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3
context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1
seenKeys)
at
Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1
connectorEntities, Int32& index, Int32 entitiesProcessedSoFar,
IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at
Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<PerformChangeDetection>b__0(IEnumerable`1
page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
Is it failing with the same connector configuration file? Or are you rebuilding? If rebuilding please confirm that the schema field mappings are there and match what was in test.
Office Connector Export fails with ma-extension-error - The dimage indicates an add attrib operation, but the attrib already exists on the object
Using
- Identity Broker Service 5.0.5
- Identity Broker for Office Enterprise 5.0.1.5
- Identity Broker for FIM 5.1.0 DEV
The following 2 entries appeared this morning in the Application event log on an IMPORT from the License Assignments MA:
Log Name: Application?Source: FIMSynchronizationService?Date: 27/01/2017 9:09:34 AM?Event ID: 6301?Task Category: Server?Level: Error?Keywords: Classic?User: N/A?Computer: AUHBSMIMWP0001.corp.qbe.com?Description:?The server encountered an unexpected error in the synchronization engine:? ? "BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX-GRS-GeneralInformation</value></attr><attr name="immutableId" type="string" multivalued="false"><value>CSE8gkANXU2N9pcjqwbMgQ==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-GeneralInformati</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0"?Event Xml:?<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">? <System>? <Provider Name="FIMSynchronizationService" />? <EventID Qualifiers="49152">6301</EventID>? <Level>2</Level>? <Task>3</Task>? <Keywords>0x80000000000000</Keywords>? <TimeCreated SystemTime="2017-01-26T22:09:34.000000000Z" />? <EventRecordID>5451582</EventRecordID>? <Channel>Application</Channel>? <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer>? <Security />? </System>? <EventData>? <Data>BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-GeneralInformation@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-GeneralInformation@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-GeneralInformation@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX-GRS-GeneralInformation</value></attr><attr name="immutableId" type="string" multivalued="false"><value>CSE8gkANXU2N9pcjqwbMgQ==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-GeneralInformati</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">iAAAAHUAaQBkAD0AZwByAHMALQBnAGUAbgBlAHIAYQBsAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBAAHUAcwAuAHEAYgBlAC4AYwBvAG0ALABvAHUAPQBhAGEAZAB1AHMAZQByAHMALABkAGMAPQBpAGQAZQBuAHQAaQB0AHkAYgByAG8AawBlAHIAAAA=</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0</Data>? </EventData>?</Event> Log Name: Application?Source: FIMSynchronizationService?Date: 27/01/2017 9:09:34 AM?Event ID: 6301?Task Category: Server?Level: Error?Keywords: Classic?User: N/A?Computer: AUHBSMIMWP0001.corp.qbe.com?Description:?The server encountered an unexpected error in the synchronization engine:? ? "BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX GRS-AS-Impairment</value></attr><attr name="immutableId" type="string" multivalued="false"><value>QfKC/JeKAUm1iIbIsMJivg==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-AS-Impairment</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0"?Event Xml:?<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">? <System>? <Provider Name="FIMSynchronizationService" />? <EventID Qualifiers="49152">6301</EventID>? <Level>2</Level>? <Task>3</Task>? <Keywords>0x80000000000000</Keywords>? <TimeCreated SystemTime="2017-01-26T22:09:34.000000000Z" />? <EventRecordID>5451581</EventRecordID>? <Channel>Application</Channel>? <Computer>AUHBSMIMWP0001.corp.qbe.com</Computer>? <Security />? </System>? <EventData>? <Data>BAIL: MMS(28072): ..\tripleholo.cpp(2413): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(1313): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\tower.cpp(12030): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?<delta operation="update" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker">? <anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor>? <primary-objectclass>Licensee</primary-objectclass>? <objectclass>? <oc-value>Licensee</oc-value>? </objectclass>? <attr name="AADUserLicensingMail" operation="add" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="AADUserLicensingUserPrincipalName" operation="replace" type="string" multivalued="false">? <value>GRS-AS-Impairment@us.qbe.com</value>? </attr>? <attr name="accountEnabled" operation="replace" type="boolean" multivalued="false">? <value>true</value>? </attr>?</delta>?<tower><unapplied-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unapplied-export><escrowed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></escrowed-export><unconfirmed-export><delta operation="none" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor></delta></unconfirmed-export><pending-import><delta operation="add" dn="UID=GRS-AS-Impairment@us.qbe.com,OU=AADUsers,DC=IdentityBroker"><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><primary-objectclass>Licensee</primary-objectclass><objectclass><oc-value>Licensee</oc-value></objectclass><attr name="AADUserLicensingMail" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="AADUserLicensingUserPrincipalName" type="string" multivalued="false"><value>GRS-AS-Impairment@us.qbe.com</value></attr><attr name="accountEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="dirSyncEnabled" type="boolean" multivalued="false"><value>true</value></attr><attr name="displayName" type="string" multivalued="false"><value>US-BOX GRS-AS-Impairment</value></attr><attr name="immutableId" type="string" multivalued="false"><value>QfKC/JeKAUm1iIbIsMJivg==</value></attr><attr name="mailNickname" type="string" multivalued="false"><value>GRS-AS-Impairment</value></attr><attr name="objectClass" type="string" multivalued="true"><value>Licensee</value></attr></delta></pending-import><synchronized-hologram></synchronized-hologram><anchor encoding="base64">fgAAAHUAaQBkAD0AZwByAHMALQBhAHMALQBpAG0AcABhAGkAcgBtAGUAbgB0AEAAdQBzAC4AcQBiAGUALgBjAG8AbQAsAG8AdQA9AGEAYQBkAHUAcwBlAHIAcwAsAGQAYwA9AGkAZABlAG4AdABpAHQAeQBiAHIAbwBrAGUAcgAAAA==</anchor><connector>0</connector><connector-state>normal</connector-state><seen-by-import>1</seen-by-import><rebuild-in-progress>0</rebuild-in-progress><obsoletion>0</obsoletion><need-full-sync>0</need-full-sync><placeholder-parent>0</placeholder-parent><placeholder-link>0</placeholder-link><placeholder-delete>0</placeholder-delete><pending>1</pending><ref-retry>0</ref-retry><rename-retry>0</rename-retry><sequencers><current><batch-number>0</batch-number><sequence-number>0</sequence-number></current><unapplied><batch-number>0</batch-number><sequence-number>0</sequence-number></unapplied><original><batch-number>0</batch-number><sequence-number>0</sequence-number></original></sequencers><import-delta-operation>add</import-delta-operation><export-delta-operation>none</export-delta-operation></tower>BAIL: MMS(28072): d:\bt\48066\sources\dev\sync\server\sqlstore\csobj.h(1256): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(2071): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?BAIL: MMS(28072): ..\syncstage.cpp(665): 0x8023030a (The dimage indicates an add attrib operation, but the attrib already exists on the object.)?Forefront Identity Manager 4.3.2195.0</Data>? </EventData>?</Event>
The delta import in MIM itself shows no errors on the Operations tab for the DI run profile, but the error was thrown to the event log at the exact time the DI operation completed.
The DI shows the 2 identities in the above XML error text in a delete/add scenario (3 adds and 2 deletes - where the 2 deletes appear as renamed user objects) as follows:
- UID=GRS-AS-Impairment@QBE.onmicrosoft.com => UID=GRS-AS-Impairment@us.qbe.com
- UID=GRS-GeneralImformati@QBE.onmicrosoft.com => UID=GRS-GeneralImformatiion@us.qbe.com
Both of the above renames look legitimate scenarios due to the way the AAD object is provisioned and subsequently an O365 mailbox is created as a part of the license assignment process. The cloud UPN was chosen as anchor for the FIM MA in lieu of the immutableId (Base64 of AD guid) for readibility reasons, and hence the delete/add scenario is not undesirable in this case. However there shouldn't be an exception being thrown here.
There are 27 instances of this error in the past 3 days - however there is no obvious impact on the MA in MIM (objects do not show as being in error) - hence I am assigning this a low priority.
Cross reference to JIRA issue QBE-73.
Agent summary screen UI error
Assume in all IdB51 not just aurion
Agent screen, select an agent, summary screen shows "connectors" (and links to the connectors) then "Agents" with links to the adapters. I think that word should be Adapters :)
Thanks for picking this up Eddie.
Will be corrected in an upcoming release.
Schema provider not committing updated schema
Just installed IdB 5.1 and Aurion connector. Set up Agent and set up connector. Tried to retrieve schema from query - that was successful - but the button proceed with schema did nothing (for ages) then threw error:
Error
System.ArgumentException: The parameters dictionary
contains a null entry for parameter 'connectorId' of non-nullable type
'System.Guid' for method 'System.Web.Mvc.ActionResult
ConnectorDetails(System.Guid)' in 'Unify.Connect.Web.ConnectorController'. An
optional parameter must be a reference type, a nullable type, or be declared as
an optional parameter.
Parameter name: parameters
at System.Web.Mvc.ActionDescriptor.ExtractParameterFromDictionary(ParameterInfo
parameterInfo, IDictionary`2 parameters, MethodInfo methodInfo)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext
controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext
controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__36(IAsyncResult
asyncResult, ActionInvocation innerInvokeState)
at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult
asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult
asyncResult)
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3c()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass45.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3e()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult
asyncResult)
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<>c__DisplayClass28.<BeginInvokeAction>b__19()
at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<BeginInvokeAction>b__1b(IAsyncResult
asyncResult)
Going back into the connector and the schema has saved (with no unique key, so that might be why the error) so maybe this is just cosmetic/timing issue.
I'm unable to reproduce, it might be a browser issue (e.g. browser not including the connectorId in the post). I've cleaned up the view and fixed something that some browsers don't like (stopped hiding UI form elements that are already of type hidden). Reopen if issue reoccurs in next v5.1/v5.2 release.
Passwords are not set on Google account creation
When a new account is created an error is generated in the IdB log and the user is created in Google, however the password has not been set.
Packet Trace: UserCreate.pcap
Log: UnifyLog20170117.csv
Apologies Boyd, I left out a couple of extra DLLs. I just dropped this patch onto a fresh v5.0.5 install to check and the service starts and I'm able to create adapters fine, so hopefully this resolves it for you.
Google User Settings Connector does not work in v5
Google User Settings Connector does not work in version 5 as some options are not able to be configured in the UI. Settings Screenshots.docx
An attempt was made to edit settings directly in the xml configuration file based on V4, however this was not successful.
Unify.IdentityBroker.Connector.Google.Web.dll
Copy file to web\bin. It'll be available in the next release.
Export to Identity Broker (Google Apps) failing
Export to Identity Broker (Google Apps) failing with an error reported in MIM which stops all remaining exports. There is no error in reported in the Identity Broker logs and the change is made successfully in Google.
Problem may have been introduced with RC 5.0.5. Changes were made successfully prior to Identity Broker upgrade.
MIM Error
System.Exception: A Google API exception was thrown for call Users.MakeAdmin with message "Google.Apis.Requests.RequestErrorNot Authorized to access this resource/api [403] Errors [ Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global] ] ". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError Not Authorized to access this resource/api [403] Errors [ Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global] ] at Google.Apis.Requests.ClientServiceRequest`1.Execute() at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) --- End of inner exception stack trace --- at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass111`1.<BackoffRetry>b__109() at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException) at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) at Unify.Product.IdentityBroker.GoogleAgent.MakeUserAdmin(DirectoryService directoryService, IEntitySchema schema, User user, IConnectorEntity entity, Boolean throwExceptions) at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClassc1.<UserUpdate>b__be(IConnectorEntity loopEntity)
The export fails because there is a difference between the isAdmin value and what was returned by Google for the existing user values. Parts of the export work because the MakeAdmin call is separate from the other calls. Try removing the isAdmin field from the schema, or add the required scope to the service account.
Password Synchronization not working for Google Apps
Passwords are not being set for newly created users and not being synchronised for existing users.
Does Identity Broker need to be configured to use Secure LDAP to synchronise passwords?
I have attached a packet trace and believe the LDAP BIND requests are attempts to synchronize the password.
Hi Boyd
I've created a patch that should fix this issue. Place it in the installDir\Services directory, restart the service and reattempt the password sync operations. Let me know if you have any issues.
Google Groups - Clearing External Membership
Clearing all External Members from Google Groups is not working, there is no error reported during the export however membership remain unchanged.
Hi Boyd
I've found that this issue was being caused by a defect which has already been fixed and is included in Identity Broker v5.0.5 RC1. Are you able to upgrade to this version?
Customer support service by UserEcho
