Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

Aurion connector time out "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"
One of my Aurion connectors is failing to import all with the following error. Two other Aurion connectors for the same agent do not return this error. Test Connection for the agent is successful. I can't find a client-side timeout parameter on the configuration screen. The error is occurring around 5m24s after the import starts. There were around 7,200 records the last time the import was working in this environment (I don't know how long ago that was). The other two working connectors have similar entity counts and each take around 90 seconds to run to successful completion.
Could you please investigate? If this is a server-side timeout please let me know and I'll escalate it to Aurion.
Customer identifying details have been redacted from the following log entry:
20230127,02:25:20,UNIFYBroker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Employee Connector failed with reason Unable to connect to the remote server. Duration: 00:05:24.5919187
Error details:
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XX.XX.XX:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket,IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Unify.Communicators.AurionAPI.EV397_AURION_WSService.LOGOFF(String P_TOKEN)
at Unify.Communicators.AurionWSCommunicator.Logout()
at Unify.Communicators.AurionAgent.Close()
at Unify.Connectors.AurionApiReadingConnector.d__5.System.IDisposable.Dispose()
at Unify.Connectors.AurionApiReadingConnector.d__5.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal

This resolution of this issue is being tracked here: Allow TCP keepalives to be set for Aurion connectors / UNIFYBroker Forum / UNIFY Solutions

One InsufficientAccessRights error writing to AD results in thousands of lines of error messages in the UNIFYBroker log
When a write to AD fails with an InsufficientAccessRights error UNIFYBroker writes an error log entry for every user in the current update batch, which usually numbers in the thousands. This is unwieldy, and due to log write throughput limitation in UNIFYConnect environments this results in degraded service logging functionality for several minutes at a time, while the logs are being written and new log entries cannot be viewed.
The AD LDAP export exception could be escalated as a single entity update failure, rather than a failure of an entire batch of entities.

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

Change Polling sometimes doesn't run when there are pending changes
Occasionally Change Polling won't start, even though there are pending sync changes showing. Running a Baseline Sync clears the issue and subsequent changes make Change Polling work normally, so the workaround is to always have periodic Baseline Syncs scheduled in the solution.
Sadly, I have no idea what causes this or how to replicate it so it is likely to be quite difficult to track down.

Unable to reproduce, please re-open if this still persists

Button to run a Scheduled Job
I'd like a button for each Scheduled Job that manually runs it when clicked.

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

Unicode support in the CSV connector
I have Unicode data in a locker field, sourced from a PowerShell connector, which looks file in the UNIFYBroker UI:
However when I export it to a CSV connector, the non-latin1 character doesn't appear to be correct:
(viewed using Notepad++)
Does the CSV connector support Unicode characters?

UNIFYBroker API cannot access the log file because it is being used by another process
In UNIFYConnect when attempting to retrieve a log file via the API it usually works fine but once I saw this error. This is a very low priority issue for me.
20221214,20:00:16,UNIFYBroker,SyncEngine,Information,"Request to baseline synchronize link completed.
Request to queue a baseline synchronization job for the 'Employee > AD User' link completed. Duration: 00:00:12.2592180",Normal
20221214,20:00:19,UNIFYBroker,Logging engine,Warning,"Request to download log file.
Request to download log file for 12/14/2022 failed with message The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.. Duration: 00:00:00.1899900
Error details:
System.IO.IOException: The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Unify.Framework.Logging.CsvLogReaderWriter.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingEngine`1.DownloadLogFile(DateTime date)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Framework.Logging.LoggingEngineNotifierDecorator.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingController.DownloadLogFile(Int32 year, Int32 month, Int32 day)
at lambda_method(Closure , Object , Object[] )
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters)
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()",Normal

Just found a second occurrence; it may be happening when two or more log retrieval API calls are invoked simultaneously. I have updated my implementation to not do that.

Entities keep reprovisioning for Simple Join Resolution links
Using a link with Simple Join Resolution I see the same target entity being re-provisioned every time the Baseline Sync runs.
The problem continues until the duplicate detection algorithm fails to generate unique values for key fields like CN.
I'll put environment details and logs in the next comment.

Rebuild Aurion connector mapping table after report schema update
After an Aurion report is modified and Request Schema is run, the Schema attribute<->Mapping element table isn't updated. It's not possible to add mappings for any new fields, and old fields remain in the table, which is confusing.
When a Request Schema is run, non-existant report field mappings should be removed, and any currently missing ones should be added.

This has been implemented and is available in the release of UNIFYConnect Module for Aurion, which will be made available shortly.

UNIFYBroker/Plus attempting to join source to incorrect target
Log says:
20221129,21:30:25,UNIFYBroker,Link,Error,"Request to sync changes on link failed. Request to sync changes on link Employee > AD User (ad53013b-b271-4ed6-a959-dc11aeaa5eca) in direction outgoing failed with message Source entity '0b5d5a72-fd60-4777-b1ef-f1d4a035c87d' cannot be joined to ambiguous join targets: [391e6395-a3c2-424c-9799-30a98508ac1f, 5a6e4486-75f8-4487-ab8f-4eeccf06a524]. Cannot proceed with join. [Count:4321]. Duration: 00:00:04.5645340
Link join criteria is:
Source entity is:
Target entities are:
Why would an attempt to join to 5a6e4486-75f8-4487-ab8f-4eeccf06a524 be happening, given it doesn't match the join criteria?

The root cause of this was staff from the customer's outsourced IT department updating employeeID values wrongly, in contravention of documented processes.
Please close this ticket and mark 'not a bug'.

Join calculation for source entity cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.
After the customer remediated duplicate employee IDs in AD, UNIFYBroker is still unable to correctly join and process links. The error message has changed to:
Synchronization job failed syncing 4322 changes on the 'Employee > AD User' link from the adapter to locker with the reason Join calculation for source entity 'e892faf3-5c17-4e9c-9be9-f9ee33cc68fe' cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.. Job ID: bf3c52ec-49a2-4655-8f00-360a6ffce78c Duration: 00:00:04.2503352
I'll attach the email thread with the customer that provides background to the next message.

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.
Customer support service by UserEcho