Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Duplicate

Aurion connector time out "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

Adrian Corston 3 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 2 years ago 11

One of my Aurion connectors is failing to import all with the following error.  Two other Aurion connectors for the same agent do not return this error.  Test Connection for the agent is successful.  I can't find a client-side timeout parameter on the configuration screen.  The error is occurring around 5m24s after the import starts.  There were around 7,200 records the last time the import was working in this environment (I don't know how long ago that was).  The other two working connectors have similar entity counts and each take around 90 seconds to run to successful completion.

Could you please investigate?  If this is a server-side timeout please let me know and I'll escalate it to Aurion.

Image 6411

Customer identifying details have been redacted from the following log entry:

20230127,02:25:20,UNIFYBroker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Employee Connector failed with reason Unable to connect to the remote server. Duration: 00:05:24.5919187
Error details:
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XX.XX.XX:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket,IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Unify.Communicators.AurionAPI.EV397_AURION_WSService.LOGOFF(String P_TOKEN)
at Unify.Communicators.AurionWSCommunicator.Logout()
at Unify.Communicators.AurionAgent.Close()
at Unify.Connectors.AurionApiReadingConnector.d__5.System.IDisposable.Dispose()
at Unify.Connectors.AurionApiReadingConnector.d__5.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
0
Fixed

One InsufficientAccessRights error writing to AD results in thousands of lines of error messages in the UNIFYBroker log

Adrian Corston 3 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 6 months ago 6

When a write to AD fails with an InsufficientAccessRights error UNIFYBroker writes an error log entry for every user in the current update batch, which usually numbers in the thousands.  This is unwieldy, and due to log write throughput limitation in UNIFYConnect environments this results in degraded service logging functionality for several minutes at a time, while the logs are being written and new log entries cannot be viewed.

The AD LDAP export exception could be escalated as a single entity update failure, rather than a failure of an entire batch of entities.

Image 6409

Image 6410

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

0
Not a bug

Change Polling sometimes doesn't run when there are pending changes

Adrian Corston 3 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 9 months ago 2

Occasionally Change Polling won't start, even though there are pending sync changes showing.  Running a Baseline Sync clears the issue and subsequent changes make Change Polling work normally, so the workaround is to always have periodic Baseline Syncs scheduled in the solution.

Sadly, I have no idea what causes this or how to replicate it so it is likely to be quite difficult to track down.

Answer

Unable to reproduce, please re-open if this still persists

0
Completed

Button to run a Scheduled Job

Adrian Corston 3 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 6 months ago 2

I'd like a button for each Scheduled Job that manually runs it when clicked.

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

0
Fixed

Unicode support in the CSV connector

I have Unicode data in a locker field, sourced from a PowerShell connector, which looks file in the UNIFYBroker UI:

Image 6404

However when I export it to a CSV connector, the non-latin1 character doesn't appear to be correct:

Image 6405

(viewed using Notepad++)

Does the CSV connector support Unicode characters?

0
Not a bug

UNIFYBroker API cannot access the log file because it is being used by another process

Adrian Corston 3 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 2 years ago 2

In UNIFYConnect when attempting to retrieve a log file via the API it usually works fine but once I saw this error.  This is a very low priority issue for me.

20221214,20:00:16,UNIFYBroker,SyncEngine,Information,"Request to baseline synchronize link completed.
Request to queue a baseline synchronization job for the 'Employee > AD User' link completed. Duration: 00:00:12.2592180",Normal
20221214,20:00:19,UNIFYBroker,Logging engine,Warning,"Request to download log file.
Request to download log file for 12/14/2022 failed with message The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.. Duration: 00:00:00.1899900
Error details:
System.IO.IOException: The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Unify.Framework.Logging.CsvLogReaderWriter.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingEngine`1.DownloadLogFile(DateTime date)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Framework.Logging.LoggingEngineNotifierDecorator.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingController.DownloadLogFile(Int32 year, Int32 month, Int32 day)
at lambda_method(Closure , Object , Object[] )
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters)
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()",Normal

Answer
Adrian Corston 2 years ago

Just found a second occurrence; it may be happening when two or more log retrieval API calls are invoked simultaneously.  I have updated my implementation to not do that.

0
Won't fix

Entities keep reprovisioning for Simple Join Resolution links

Adrian Corston 3 years ago in UNIFYBroker/Plus updated 3 years ago 5

Using a link with Simple Join Resolution I see the same target entity being re-provisioned every time the Baseline Sync runs.

Image 6400

Image 6401

The problem continues until the duplicate detection algorithm fails to generate unique values for key fields like CN.

I'll put environment details and logs in the next comment.

0
Completed

Rebuild Aurion connector mapping table after report schema update

Adrian Corston 3 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 6 months ago 2

After an Aurion report is modified and Request Schema is run, the Schema attribute<->Mapping element table isn't updated.  It's not possible to add mappings for any new fields, and old fields remain in the table, which is confusing.

When a Request Schema is run, non-existant report field mappings should be removed, and any currently missing ones should be added.

Answer

This has been implemented and is available in the release of UNIFYConnect Module for Aurion, which will be made available shortly.

0
Answered

UNIFYBroker/Plus attempting to join source to incorrect target

Adrian Corston 3 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 5

Log says:

20221129,21:30:25,UNIFYBroker,Link,Error,"Request to sync changes on link failed.  Request to sync changes on link Employee > AD User (ad53013b-b271-4ed6-a959-dc11aeaa5eca) in direction outgoing failed with message Source entity '0b5d5a72-fd60-4777-b1ef-f1d4a035c87d' cannot be joined to ambiguous join targets: [391e6395-a3c2-424c-9799-30a98508ac1f, 5a6e4486-75f8-4487-ab8f-4eeccf06a524]. Cannot proceed with join. [Count:4321]. Duration: 00:00:04.5645340

Link join criteria is:

Image 6392

Source entity is:

Image 6393

Target entities are:

Image 6394

Image 6395

Why would an attempt to join to 5a6e4486-75f8-4487-ab8f-4eeccf06a524 be happening, given it doesn't match the join criteria?

Answer

The root cause of this was staff from the customer's outsourced IT department updating employeeID values wrongly, in contravention of documented processes.

Please close this ticket and mark 'not a bug'.

0
Fixed

Join calculation for source entity cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.

Adrian Corston 3 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 6 months ago 4

After the customer remediated duplicate employee IDs in AD, UNIFYBroker is still unable to correctly join and process links.  The error message has changed to:

Synchronization job failed syncing 4322 changes on the 'Employee > AD User' link from the adapter to locker with the reason Join calculation for source entity 'e892faf3-5c17-4e9c-9be9-f9ee33cc68fe' cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.. Job ID: bf3c52ec-49a2-4655-8f00-360a6ffce78c Duration: 00:00:04.2503352

I'll attach the email thread with the customer that provides background to the next message.

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.