Identity Broker 5.1 Export issues

Andrew Silcock 8 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 7 years ago 9
Topic collaborators

Troubleshooting some export errors creating accounts from MIM through Identity Broker and getting the below bolded message in the logs. The corresponding error in MIM is nothing more useful than "cd-error" and there are no errors in the Windows Event Log to assist.

The MIM export is set to a single export at a time for troubleshooting purposes, but I've noticed there is a long time (some ~70 seconds) between the message in bold and the unbind request that follows.

20/Dec/2016 08:18:07
  • Information
LDAP engineHandling of LDAP Bulk Start request.
Handling of LDAP Bulk Start request received from user D2L on connection completed successfully. Duration 00:00:00.0200000.

20/Dec/2016 08:18:07
  • Information
LDAP engineHandling of LDAP Bulk Update request.
Handling of LDAP Bulk Update request received from user D2L on connection was postponed as it was not the next expected bulk request. This request will be handled as part of a future request. Duration 00:00:00.4845852.
20/Dec/2016 08:19:21
  • Information
LDAP engineHandling of LDAP unbind request.
Handling of LDAP unbind request received on connection to connect as user D2L completed successfully. Duration: 00:00:00.0623072.

Under review

Hi Andrew, a patch was recently created to fix up some issues with error handling (see http://voice.unifysolutions.net/topics/2739-export-errors-calling-resultssetfailed-on-an-entity-seems-to-fail-an-entire-batch/). Could you please let me know if that helps with the returned error? If not we'll look into the issue.


Hi Adam, can confirm the patch is installed as it was created for the same MA/environment.

Thanks - Andrew.

Hi Andrew,

Can you reproduce this consistently? If so, can you try running an LDAP trace?

Hi Curtis,

It is repeatable, I'm enabling LDAP tracing as per https://msdn.microsoft.com/en-us/library/aa366152(v=vs.85).aspx - can you please indicate which flags you require.

Thanks, Andrew.

Hi Andrew,

Curtis was referring to something like Wireshark or RawCap. We haven't seen LDAP tracing before, but if it achieves the same outcome I guess it'd be fine?


Are there any other options here - installing one of these tools would require going through change management process which would take a number of days at minimum.

RawCap isn't an install, it's just an executable.

thanks Adam will give that a go