Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Identity Broker Full Import Scheduling
Hi Guys,
I've run accross an interesting issue with identity broker import scheduling. As an example, I have the following full import schedule configured for the DET Oneschool connector in SPOT:
<getAllEntities>
<timing name="Daily" offset="06:00:00" UseLocal="True" />
</getAllEntities>
The issue we are seeing, is that with this config, whenever the service is started a full import is immeadiately kicked off on this connector, regardless of the time of day. If the service is stopped and started again the same day, the import runs again.
I have seen the same behaviour on the WCIS connector with this config:
<getAllEntities>
<timing name="Daily" offset="05:30:00" UseLocal="True" />
</getAllEntities>
However for the imports that are scheduled to run at after hours in the evening, this behaviour is not exhibited. For example, the following config is on the HRuI connector:
<getAllEntities>
<timing name="Daily" offset="18:00:00" UseLocal="True" />
</getAllEntities>
It appears that any runs that are scheduled for the morning, reoccur whenever the service is started. As the Oneschool connector contains ~600k entities, this is rather inconvenient.
I've attached the entire connector config if needed for analysis. Is there anything evidently wrong here that can be quickly corrected? Is this a known issue?
Cheers
Richard
Improve feedback on inaccessible extensibility directory
When the extensibility directory cannot be written to due to permissions, the following is logged:
Application: Unify.Service.Connect.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at Unify.Product.IdentityBroker.IdentityBrokerEngine.Dispose() at Unify.Framework.DisposeVisit.DisposeVisitMethod[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at Unify.Framework.Visitor.Visit[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Action`2<System.__Canon,Int32>) at Unify.Framework.UnifyEngine`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Dispose() at Unify.Service.IdentityBrokerService.Dispose(Boolean) at System.ComponentModel.Component.Dispose() at System.ServiceProcess.ServiceBase.Run(System.ServiceProcess.ServiceBase[]) at Unify.Service.ConnectServiceBootStrap.Main()
This does not really explain what's actually happening, and should be updated to reflect the exact cause for why the service couldn't start.
Service fails to start due to Null reference exception.
The following is being logged with a clean installation using the most recent installer in prdgrp-test1.
Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at Unify.Framework.Data.DataEngine..ctor(IConfigurationEngine configurationEngine, IStandardPostEngine postEngine) at Unify.Framework.Data.DataEnginePlugInFactory`1.CreateComponent(IUnifyEnginePlugInFactoryInformation`1 factoryInformation) at Unify.Framework.DependencyPlugInGenerator`4..ctor(ICollection`1 plugInGenerator, IPlugInFactory`2 factoryInformationFactory) at Unify.Framework.UnifyEngine`1..ctor(TBranding branding, IEnumerable`1 additionalPlugInFactories, DirectoryInfo executingAssemblyLocation, IsolatedStorageFile isolatedStorageLocation) at Unify.Service.IdentityBrokerServiceEngine..ctor(DirectoryInfo assemblyExcutionPath, IsolatedStorageFile isolatedFile, IIdentityBrokerBranding branding) at Unify.Service.IdentityBrokerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Null values stored to database for multivalue attributes
During a full import from a MOSS List adapter, the following error is thrown inside the lazy evaluation stream. This may be because of a bad or incorrect null check in the LDIF components:
Value cannot be null.
at Unify.Framework.IO.LDIFSafeStringFilter.IsSafe(String sourceValue) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO.LDIF\LDIFSafeStringFilter.cs:line 46
at Unify.Framework.IO.LDIFValueSpec.WriteComponent(TextWriter writer) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO.LDIF\LDIFValueSpec.cs:line 41
at Unify.Framework.IO.LDIFAttrvalSpec.WriteComponent(TextWriter writer) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO.LDIF\LDIFAttrvalSpec.cs:line 56
at Unify.Framework.IO.LDIFAttrvalRecord.WriteComponent(TextWriter writer) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO.LDIF\LDIFAttrvalRecord.cs:line 60
at Unify.Framework.IO.LDIFComponentFileGenerator`1.GenerateFile(TextWriter writer, IEnumerable`1 entries) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO.LDIF\LDIFComponentFileGenerator.cs:line 46
at Unify.Product.IdentityBroker.LDIFAdapterBase.<>c_DisplayClass14`1.<CreateLDIFComponentStream>b_13(Stream stream) in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Adapter\Unify.IdentityBroker.Adapter.Remoting\LDIFAdapterBase.cs:line 399
at Unify.Framework.IO.LazyEvaluationStream.Evaluate(Object obj) in c:\workspaces\DEV\FrameworkCore\Source\IO\Unify.Framework.IO\LazyEvaluationStream.cs:line 124
Sharepoint connector ignores proxy configuration
Configuring following settings in an attempt to use Fiddler to debug connection.
Connector ignores proxy configuration, it does not appear to route traffic to proxyUri.
<communicator
ignoreCertificateError="True"
pollingChangeTokenOffset="-1.00:00:00"
credentials="Custom"
proxy="Custom"
preauthenticate="true"
timeout="02:00:00"
proxyUri="http://localhost:8888"
uri="http://kweb.bne.catholic.edu.au/informationservices/SSAS/SSA/"
domain="CATHOLIC"
user="svc_FIM_SharePoint"
securePassword="TE+bBSNefb5uHPQAhhSpsw==" certificate="" listName="eMinerva Exceptions - All Schools" viewName="" rowLimit="100">
</communicator>
GetTransformedEntities: The transaction is in doubt
The following exception was encountered during a full import of two adapters:
An exception has occured whilst performing a job for adapter 9c0cc85e-de5b-448e-946d-73f3323f5a78 job GetTransformedEntities (ParallelGate): System.Transactions.TransactionInDoubtException: The transaction is in doubt. ---> System.Data.SqlClient.SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject stateObj, UInt32 error) at System.Data.SqlClient.TdsParserStateObject.ReadSni(DbAsyncResult asyncResult, TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadNetworkPacket() at System.Data.SqlClient.TdsParserStateObject.ReadByte() at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.TdsExecuteTransactionManagerRequest(Byte[] buffer, TransactionManagerRequestType request, String transactionName, TransactionManagerIsolationLevel isoLevel, Int32 timeout, SqlInternalTransaction transaction, TdsParserStateObject stateObj, Boolean isDelegateControlRequest) at System.Data.SqlClient.SqlInternalConnectionTds.ExecuteTransactionYukon(TransactionRequest transactionRequest, String transactionName, IsolationLevel iso, SqlInternalTransaction internalTransaction, Boolean isDelegateControlRequest) at System.Data.SqlClient.SqlDelegatedTransaction.SinglePhaseCommit(SinglePhaseEnlistment enlistment) --- End of inner exception stack trace --- at System.Transactions.TransactionStatePromotedIndoubt.PromotedTransactionOutcome(InternalTransaction tx) at System.Transactions.CommittableTransaction.Commit() at System.Transactions.TransactionScope.InternalDispose() at System.Transactions.TransactionScope.Dispose() at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Framework.ParallelGate.ParallelGateJob.RunBase() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
- The CPU usage while these adapters were importing was consistently around 98/99% usages, with 200k memory usage.
- There were 10k and 9.999k entities in the respective adapters being imported.
- The full imports into FIM both suceeded, and took
- 6 minutes 11 seconds and,
- 5 minutes 24 seconds to complete respectively.
Identity Broker authentication issues with ISA Proxy
When attempting to import from Aurion error thrown:
System.New.webException: The remote server returned an error: (407) Proxy Authentication Required.
Proxy authentication is configured in the ConnectorEngine.extensibility.config.xml.
Config files and error log attached.
Application log errors.txt
ConnectorEngine.extensibility.config.xml
Unify.Service.Connect.exe.config
UnifyLog20110906.csv
Improve handling of Root Organization behaviour
See APRA-38, IDBSP-47 and http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/e9c91765-4c35-424d-888d-58e993783855. SharePoint 2010 will become unresponsive if the root organization is set to be its own parent, even though SharePoint does not prevent you from doing so programmatically or via the UI. Both the UI and the object model are affected by this bug. SharePoint considers the root organization to be the first organization with a parent of -1 in its database (ie. how it determines its value of the RootOrganization property). It is operationally and functionally valid for multiple organizations to exist with a parent of -1, and also to be self-referential (ie. their own parent), but doing so on the profile SharePoint considers its root brings about this instability. The connector could account for this functional limitation by preventing the solution from modifying the parent of the root organization. It is then up to solution implementers to ensure the behaviour of their hierarchy is correct.
Estimate includes work initial research carried out already, as well as implementing and testing.
Run an Import all on the Aurion MA is receive stopped-extension-dll-file-not-found error.
Busy configuring a Lab to test IdB 3 to 5 upgrade for Aurion.
Software using:
Server 1:
- FIM Sync - 4.1.3646.0
- Unify.Framework.ILM2007FP1Adapter - 3.0
- Codeless Framework - 3.0.4.4
Server 2:
- IdB Service - 3.0.8.1
- IdB Management Studio - 3.0.7* IdB for Aurion - 3.0.5.2
- SQL 2012
Unify.Framework.ILM2007FP1Adapter.dll file is copied to C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions and the xml is exported from the adapter and copied to C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\UIShell\XMLs\PackagedMAs. The miiserver.exe.config is configured as per Jira.
The Connectors import all entities and the Aurion MA's could be created, but when I run an Import all on the Aurion MA is receive stopped-extension-dll-file-not-found error.
Event Viewer errors:
The server encountered an unexpected error: "Could not load file or assembly 'file:///C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\Unify.Adapters.ILM2Adapter.dll' or one of its dependencies. The system cannot find the file specified. at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) at Microsoft.MetadirectoryServices.Impl.ScriptHost.InitializeWorker(InitializeArguments pArgs) InnerException=> none "
and
The management agent "Aurion Employee" failed on run profile "Full import". The run step stopped because a configured extension dll for this management agent was not found. User Action Verify that the extension is located in the Extensions directory.
Issues with SharePoint list polling
I've encountered issues with the new polling functionality of the list connector. In both SharePoint 2007 and 2010, the following error is thrown when changes are present in the list:
Timestamp Severity Source Module Message 23/06/2011 4:18:12 PM Warning Change detection engine poll failed. Change detection engine "Change detection engine poll for connector SharePoint 2007 List Connector failed with reason StartIndex cannot be less than zero. Parameter name: startIndex. Duration: 00:00:03.2295000 Error details: System.ArgumentOutOfRangeException: StartIndex cannot be less than zero. Parameter name: startIndex at System.String.Remove(Int32 startIndex, Int32 count) at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.GetIdsWhereClause(Int32[] ids) in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 371 at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.<GetListItems>d__6.MoveNext() in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 232 at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext() at Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext() at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit() at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads) at Unify.Framework.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities) at Unify.Framework.ChangeDetectionPollJob.RunBase() at Unify.Framework.MutexJobDecorator.Run() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)"
Config attached
ConnectorEngine.extensibility.config.xml
Customer support service by UserEcho
