0
Fixed

Unable to retrieve schema

Matthew Woolnough 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 2 years ago 15

MIMs IdB MA is unable to retrieve schema from IdB during implmentation. Error returned is:

-------------------------------------------
Synchronization Service Manager

Unable to retrieve schema. Error: Exception from HRESULT: 0x80231343
-------------------------------------------


Event Log contains the following:

-------------------------------------------

The extensible extension returned an unsupported error.
 The stack trace is:
 
 Unify.Product.IdentityBroker.LdapOperationException: Object reference not set to an instance of an object.
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   at Unify.Product.IdentityBroker.LdapConnection.GetSchema(String schemaDn)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.Aggregate[TSource](IEnumerable`1 source, Func`3 func)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.4.1459.0

-------------------------------------------



Affected Versions:
Fixed by Version:

Answer

Answer
Planned

Thanks Matt,

It looks like you have an entry in the [Container] table left over from an adapter with a container name of users. These should be removed automatically when you delete the adapter, or if you delete it directly from the xml config, at service startup. I'm not sure how it's managed to stay in there for you if you don't have any such adapter. You can manually delete the entry from the [Container] table where the [DistinguishedName] column has the value OU=users,DC=IdentityBroker to resolve this issue, and I'll re-raise this as bug in our backlog.

You should be able remove the patches supplied on this issue as well.

GOOD, I'M SATISFIED
Satisfaction mark by Matthew Woolnough 2 years ago
Under review

Hi Matt,

Are there any corresponding errors in the Identity Broker logs?

Hi Matt,

I haven't been able to reproduce this error - I just tested with fresh installs of both Identity Broker v5.1 and Identity Broker for Microsoft Identity Manager v5.1. How far through the MA creation process are you getting before you receive the error?

I've attached Unify.IdentityBroker.LDAP.Engine.dll which should improve the reporting of the error to help us track down the cause. Please place the file into the Services directory, restart the Identity Broker service and re-attempt the MA creation process.

It throws the error on the Connectivity Tab, after I configure the credentials and hit Next >

Hi Matt,

Still didn't catch the specific instance of the null reference with that. With some local testing I think I've identified a section that is likely to be causing the error and improved the handling there. Please try again with the following patch Unify.IdentityBroker.LDAP.Engine.dll and re-attach the logs.


20170512,06:54:56,UNIFY Identity Broker,Adapter engine,Information,"Request to get adapter engine LDAP settings completed.
Request to get adapter engine LDAP settings completed. Duration: 00:00:00",Verbose
20170512,06:54:56,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP search request.
Handling of LDAP search request received from user mim on connection 127.0.0.1:64212 targeting DC=IdentityBroker with a scope of SingleLevel started.",Verbose
20170512,06:54:56,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read started.",Verbose
20170512,06:54:56,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read completed successfully.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request for entities.
Request for OneLevel entities under DC=IdentityBroker started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request for entities.
Request for OneLevel entities under DC=IdentityBroker completed. Duration: 00:00:00.0625004",Verbose
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request to get the schema type of the selected adapter.
Request to get the schema type of the 4e96758c-06c5-44dd-9f32-557b3e75d16f adapter started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request to get the schema type of the selected adapter.
Request to get the schema type of the 4e96758c-06c5-44dd-9f32-557b3e75d16f adapter completed. Duration: 00:00:00.0156254",Verbose
20170512,06:54:57,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP search request.
Handling of LDAP search request from user mim on connection 127.0.0.1:64212 targeting DC=IdentityBroker with a scope of SingleLevel completed successfully. Duration: 00:00:00.4687427.",Normal
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request to get adapter engine LDAP settings started.
Request to get adapter engine LDAP settings started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Adapter engine,Information,"Request to get adapter engine LDAP settings completed.
Request to get adapter engine LDAP settings completed. Duration: 00:00:00",Verbose
20170512,06:54:57,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request.
Handling of LDAP schema request received from user mim on connection 127.0.0.1:64212 for the server schema started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read completed successfully.",Verbose
20170512,06:54:57,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP schema request.
Handling of LDAP schema request from user mim on connection 127.0.0.1:64212 for the server schema failed with error ""Object reference not set to an instance of an object."". Duration: 00:00:00.0624985.",Normal
20170512,06:54:57,UNIFY Identity Broker,LDAP Engine,Error,"An error occurred on client from 127.0.0.1:64212. More details:
Internal Server Error #11: System.NullReferenceException: Object reference not set to an instance of an object.
   at Unify.Product.IdentityBroker.LDAPSchemaFactory`1.CreateComponent(IEnumerable`1 adapters)
   at Unify.Product.IdentityBroker.SchemaRequestHandler.<PerformSearch>d__6.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.StoredSearchResults.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__13.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequestInner(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.RequestHandlerAuditingDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPRequestHandlerSecurityDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__33.MoveNext()",Normal
20170512,06:54:57,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP unbind request.
Handling of LDAP unbind request received on connection mim to connect as user 127.0.0.1:64212 started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Unauthorized started.",Verbose
20170512,06:54:57,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Unauthorized completed successfully.",Verbose

Should be the same as previous, but just in case a change has sneaked in, here's the Adapter config file.

Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml

Hi Matt,

Still have not been able to reproduce this with your config. Attaching another version of Unify.IdentityBroker.LDAP.Engine.dll to further assist with diagnosis. Could you also confirm that aside from this DLL and others for the various connectors installed, you don't have any other DLLs in the Services directory or Patches subdirectory with Unify in the name?

20170515,21:53:37,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Read completed successfully.",Verbose
20170515,21:53:37,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP schema request.
Handling of LDAP schema request from user mim on connection 127.0.0.1:57276 for the server schema failed with error ""Value cannot be null.
Parameter name: operationalAdapter"". Duration: 00:00:00.1249849.",Normal
20170515,21:53:37,UNIFY Identity Broker,LDAP Engine,Error,"An error occurred on client from 127.0.0.1:57276. More details:
Internal Server Error #11: System.ArgumentNullException: Value cannot be null.
Parameter name: operationalAdapter
   at Unify.Product.IdentityBroker.LDAPSchemaFactory`1.ConvertObjectClass(IOperationalAdapter operationalAdapter)
   at Unify.Product.IdentityBroker.LDAPSchemaFactory`1.<>c__DisplayClass2_0.<CreateComponent>b__0(IOperationalAdapter adapter)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.LDAPSchemaFactory`1.CreateComponent(IEnumerable`1 adapters)
   at Unify.Product.IdentityBroker.SchemaRequestHandler.<PerformSearch>d__6.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.StoredSearchResults.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__13.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequestInner(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.RequestHandlerAuditingDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPRequestHandlerSecurityDecorator.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__33.MoveNext()",Normal
20170515,21:53:37,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP unbind request.
Handling of LDAP unbind request received on connection mim to connect as user 127.0.0.1:57276 started.",Verbose
20170515,21:53:37,UNIFY Identity Broker,Security engine,Information,"Require an LDAP access level
Request to require LDAP access level Unauthorized started.",Verbose

PS C:\Program Files\UNIFY Solutions\Identity Broker\Services> dir | ForEach-Object { $_.VersionInfo }

ProductVersion   FileVersion      FileName
--------------   -----------      --------
4.0.1.8          4.0.1.8          C:\Program Files\UNIFY Solutions\Identity Broker\Services\CassiniDev4-lib.dll
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Extensibility.zip
8.0.3.19514      8.0.3.19514      C:\Program Files\UNIFY Solutions\Identity Broker\Services\Newtonsoft.Json.dll
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Splunk.Client.dll
5.1.1 RC1        5.1.1.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.AurionHRMIS9302.dll
5.1.1 RC1        5.1.1.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.AurionHRMIS9302.Interfaces.dll
5.1.0            5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Contacts.dll
5.1.0            5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Contacts.Shared.dll
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007.dll
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007.Interfaces.dll
1.0.0.0          1.0.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007.Shared.dll
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007List.dll
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007List.Interfaces.dll
1.0.0.0          1.0.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Communicators.Moss2007List.Shared.dll
5.1.1 RC1        5.1.1.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Aurion.Api.dll
5.1.1 RC1        5.1.1.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Aurion.Api.Interfaces.dll
5.1.1 RC1        5.1.1.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Aurion.Shared.dll
5.1.0            5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Contacts.bak
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Microsoft.SharePoint.dll
5.1.0 RTM        5.1.0.0          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Connectors.Microsoft.SharePoint.Interfaces.dll
5.1.0 RTM        5.1.0.2          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.IdentityBroker.LDAP.Engine.dll
5.1.0 RTM        5.1.0.2          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect.Debug.exe
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect.Debug.exe.config
5.1.0 RTM        5.1.0.2          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect.exe
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect.exe.config
5.1.0 RTM        5.1.0.2          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.Debug.exe
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.Debug.exe.config
5.1.0 RTM        5.1.0.2          C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.exe
                                  C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.exe.config

Nothing in patches directory

Thanks Matt,

We've narrowed the NRE right down. When trying to respond to a schema request of the form "CN=[ContainerName],cn=schema" it's failing to find the relevant adapter. I'm attaching another version Unify.IdentityBroker.LDAP.Engine.dll which will log the failed lookup so we can determine if it should have found something or the request is invalid. If possible, could you please also run a trace to capture the LDAP traffic?

Answer
Planned

Thanks Matt,

It looks like you have an entry in the [Container] table left over from an adapter with a container name of users. These should be removed automatically when you delete the adapter, or if you delete it directly from the xml config, at service startup. I'm not sure how it's managed to stay in there for you if you don't have any such adapter. You can manually delete the entry from the [Container] table where the [DistinguishedName] column has the value OU=users,DC=IdentityBroker to resolve this issue, and I'll re-raise this as bug in our backlog.

You should be able remove the patches supplied on this issue as well.