As reported by customer:

We started to have an issue with the Unify Connector on Friday night.

The connection between UMC and IdM has failed with the following error;

30/10/2015 20:42:39        Warning        Adapterrequest to get entity from adapter space failed.        Adapter        "Adapter request to get attribute changes from adapter space 53e85508-7648-409c-bd3a-0737028eba29 failed with reason Warning: Fatal error 9001 occurred at Oct 30 2015  8:42PM. Note the error and time, and contact your system administrator

The rest of the error is listed below. Is this an error that you’ve seen before? Would you know how to resolve this?

We have UNIFY Identity Broker v3.0.6 service running.

Reason: System.Data.SqlClient.SqlException:Warning: Fatal error 9001 occurred at Oct 30 2015  8:42PM. Note the errorand time, and contact your system administrator.   at
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean
breakConnection)   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj)   at
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj)   at
System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName,
Boolean async)   at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result,
String methodName, Boolean sendToPipe)  at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()   at
Unify.Repository.ChangesItemContext.CreateContext(SqlConnection connection)   at
Unify.Framework.LinqWhereQuery`5.GetEnumerator()   at
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()   at System.Linq.Enumerable.<DistinctIterator>d__7a`1.MoveNext()   at
Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext()   at
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()   at
System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()   at
Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext()   at
Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext()   at
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()   at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext()   at
Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext()   at
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)   at
Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.Publish(Guid
adapterId)   at
Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverNotificationDecorator.Publish(Guid
adapterId)   at
Unify.Adapters.NovellIdentityManagerIdentityBrokerDriver.Publish(Guid
adapterId)   at SyncInvokePublish(Object ,
Object[] , Object[] )   at
System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance,
Object[] inputs, Object[]& outputs)   at
System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&
rpc)   at
System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&
rpc)   at
System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&
rpc)   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean
isOperationContextSet)"

I am currently experiencing the same issue mentioned in ACMA-11 - WAMIKey not populating via IdB Aurion connector and now receiving "Aurion API error -1: Employee No not found in Aurion" which i did not believe was required for security users

From the looks of this issue it indicates that some changes were performed in order to get this working. Can we confirm these changes have followed on the 4.1 release?

I'm 99% sure my configuration is spot on..
I've spent a lot of time modifying this and trying different things to no avail.

Any help would be appreciated as this is currently holding up my production go-live

Please see configuration attached below

<connectorconfiguration>
      <connector id="34bfc0b6-1dd1-4254-80b0-53932487d505" connector="Unify.Connectors.Aurion.SecurityUser" name="Aurion Security Users" queueMissed="false" enabled="true" auditLevel="None">
        <entitySchema>
          <field name="User" key="true" readonly="true" required="true" validator="string" id="925ce35d-f275-4dd6-a115-d03b58d00b5d">
            <Extended xmlns="" />
          </field>
          <field name="OsUserId" key="false" readonly="false" required="false" validator="string" id="9016c684-2a1c-4471-bdec-4f4d916ea191">
            <Extended xmlns="" />
          </field>
          <field name="Name" key="false" readonly="false" required="false" validator="string" id="8dddc336-e7bd-443f-9707-d0b83ee88a64">
            <Extended xmlns="" />
          </field>
          <field name="WamiKey" key="false" readonly="false" required="false" validator="string" id="66c5aa11-eb9b-4e90-ab5b-0612bbdc428c">
            <Extended xmlns="" />
          </field>
          <field name="Status" key="false" readonly="false" required="false" validator="string" id="e0d63812-ebcc-4ef9-90dd-16081cade845">
            <Extended xmlns="" />
          </field>
          <field name="Password" key="false" readonly="false" required="false" validator="string" id="c998cf42-49f5-4206-aaf8-6a9e91e7d812">
            <Extended xmlns="" />
          </field>
          <field name="PasswordExpired" key="false" readonly="false" required="false" validator="boolean" id="1c1cabfd-2efb-4720-84c7-e8ba0fd09c6b">
            <Extended xmlns="" />
          </field>
          <field name="ExternalMailType" key="false" readonly="false" required="false" validator="string" id="a177f794-2395-461b-b2f7-03a22afdf7ab">
            <Extended xmlns="" />
          </field>
          <field name="EmailAddress" key="false" readonly="false" required="false" validator="string" id="a98935fc-b53d-4122-be9e-68e72a76324b">
            <Extended xmlns="" />
          </field>
          <field name="MessageGroupCode" key="false" readonly="false" required="false" validator="string" id="a4d1b16e-dbd9-453b-9ef9-fa206aac4f99">
            <Extended xmlns="" />
          </field>
        </entitySchema>
        <Extended>
          <apiSchema name="AQT_Output">
            <queries>
              <query queryId="LIFEHOUSESECUSER" />
            </queries>
            <attribute name="User_Id" target="User" />
            <attribute name="OS_User_Id" target="OsUserId" />
            <attribute name="User_Name" target="Name" />
            <attribute name="Person_Number" target="WamiKey" />
            <attribute name="User_Status" target="Status" />
            <attribute name="User_Password" target="Password" />
            <attribute name="Password_Expired_Flag" target="PasswordExpired" />
            <attribute name="Email_Address" target="EmailAddress" />
          </apiSchema>
        </Extended>
        <Groups />
        <Agents>
          <Agent id="fc40e36f-7431-4d7f-9654-ae1e34a4727f" type="Unify.Agent.Aurion" />
        </Agents>
      </connector>
      <getAllEntities />
      <polling />
    </connectorconfiguration>

<AdapterConfiguration AdapterId="aeeff3fe-ea0a-4326-8f65-291419d2c66e" AdapterName="Aurion Sec Users" enabled="true" BaseConnectorId="34bfc0b6-1dd1-4254-80b0-53932487d505" class="sec_user" AdapterImportSettings="CoupledProcess">
      <dn template="CN=[User]" />
      <Groups />
    </AdapterConfiguration>

It seems that the IDB Lite and IDaaS system fail to handle the following scenario:

1. Create a new account in chris21 and make the account’s manager someone who do not and will not exist in AD.
2. Let it sync and create the user, when it attempts to update the user’s manager, it fails with the error that the manager could not be found.
3. Now change the account’s manager (mgrdetnumber) to someone who do exist in AD.
4. The system will continue to resolve the previous manager and will permanently fail to update this user.

Workaround: Run a baseline operation against AD, this is a bad workaround because baselines can usually only be run over weekends.

I am trying to configure an instance of a Relational.Composite transformation by following the online guide for this, specifically with the goal of deriving a new DN attribute via a composite key relationship. I was originally trying to find out what the parameter name might be (the equivalent group transformation has a "GroupTarget" parameter) but couldn't find anything (see comment on the link above). However, I since realised that I am probably supposed to be setting the "target" property of the dn element itself ... but now that I am doing this I am getting an erroneous "The column ValueLevel1ID is a pre-existing column in adapter Meta Tuple Value Adapter". I say erroneous because there is no such duplicate declaration.

My suspicion here is that most people have been using the "columnMappings" element with this transformation instead of "dn" and hence this question hasn't come up before - and the example xml appears to include redundant properties InputKey and RelationshipKey, so I am thinking there might be another doco inconsistency here too?

A get all entities timing configuration of the following, will not evaluate and blocks access to the home page.

<getAllEntities>
        <Timing id="5793f282-2d8a-4fa8-8f9c-2f055334087c" name="DailyExclusion" useLocal="true">
          <ExclusionPeriods>
            <ExclusionPeriod daysExclusionApplies="Monday,Tuesday,Wednesday,Thursday,Friday,Saturday" start="00:00:00" end="23:59:59" />
          </ExclusionPeriods>
          <Timing id="66f8c661-8535-405f-ad53-5a17299b5030" name="DayExclusion" daysToExclude="Sunday,Monday,Tuesday,Wednesday,Thursday,Friday" useLocal="true">
            <Timing id="3280577b-fe63-405c-986e-d1d02f26ed0a" name="RecurringTimespanStandardTime" useLocal="true" startFrom="2012-05-21T14:00:11">
              <Timespan value="00:00:30" />
            </Timing>
          </Timing>
        </Timing>
      </getAllEntities>

I'm not happy with the text box and 'Add search terms' button.

*I tried adding a search term manually and nothing happened. I got the format wrong but there was no feedback on what was going on, it just did nothing.

*I then added a search term using the buttons above the attribute names and it created a term for me.

*I then tried adding it again manually and it failed (format wrong again). Once I got the format correct, however, it deleted the existing terms because I had the column name wrong. An error message when adding it rather then deleting all the terms would be good.

*finally I managed to get it to add once I termed everything properly.

Can I suggest also:

• Have a format suggestion near the button to help
• When clicking the 'Add' button over the column name, it defaults to Attribute 'hasValue', hasValue 'Equals'... 'HasValue' doesn't really mean much in the language we call English. I get that it means 'Attribute hasValue equals True' but it needs you to think about what it means rather then being obvious.

Test to confirm that Identity Broker for Microsoft Active Directory is capable of provisioning users in an enabled state. A few things we know:

• SSL must be enabled in AD and on the connection;
• The password must meet the complexity requirements;
• User userAccountControl to enable the account;
• If using unicodePwd there are some prerequisites for the format of the password (enclosed in quotes and base64 encoded);

Other:

• Is anything logged in AD/Windows event log that can help diagnose?
• Can the traffic be traced?
• Is there another password field that gets the outcome without having to use unicodePwd?
• Do we have to change the connector to make this easier?

The x86 service is currently a replica of the x64/Any CPU service. This will create increased workload in the future for maintenance. In future versions, please use the x64/Any CPU service by using a bootstrap that is the 32-bit service.

1. Deployed IdbV4.1
2. Deployed SAP connector v4.1
4. Cut and paste to ConnectorEngine config file from v308 working config files
5. Open idb admin page and found the following eror:

20131007,01:43:40,UNIFY Identity Broker,AgentEngine,Warning,"The test of agent somerset.its.monash.edu.au SAP HCM Agent failed with message System.BadImageFormatException: An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B)
at SAP.Connector.Connection.Open()
at Unify.Product.IdentityBroker.SapHrCommunicator.Open()
at Unify.Product.IdentityBroker.SapHrCommunicator.TestConnection()
at Unify.Product.IdentityBroker.AgentEngine.Test(Guid agentId).",Normal

Config file and log file attached

I'm installing Identity Broker 4.X for the first time and noticed that the installation process removed my 3.X service from the services pane. During the installation I specified a new database and installed to a non default directory (different to my 3.X install).

Just wanted to know whether we are able to install them both side by side or if this is not supported. It may be useful in a personal dev environment to have access to both, not sure about client sites however.

Two other things.
1) I've noticed too that while the Identity Broker 3.X service was removed from the services pane, the installation didn't seem to uninstall the existing version, it just unregistered the service. I've attached a screen shot. There may be a bug there.
2) Also I could not see in the installation doco or Version 3 to 4 notes whether side by side is supported or not. Which ever case it is, it might be worth adding it there if I havent simply over looked it.