0
Not a bug

Unexpected-error when exporting data from MIM to UnifyBroker

Anthony Soquin 11 months ago in UNIFYBroker/Microsoft Identity Manager updated by Beau Harrison (Software Engineer) 11 months ago 8

Hi,

From UNIFYBroker 5.3.1 RC2, Active Directory accounts are created via the powershell connector.

MIM (4.4.1749) is exporting data to UnifyBroker. The user is created in AD with the correct AccountName.

There is no error in UnifyBroker Logs, but for each batch of users (5 at the moment), MIM is showing the error message: unexpected-error with the DN of the first user. After the creation of the user, the user doesn't appear in the Connector space. FI & FS are required to get them back and link the user in MIM.


Do you have any idea to remove this error in MIM for all executed batch? It seems to be a communication issue from UNIFYBroke to MIM.


Thanks.

Regards

Affected Versions:
Fixed by Version:
Under review

Hi Anthony

Can you please attach the logs. Just because there are no errors, they may still be helpful. If they are large files, please indicate the approximate time the operations were run.

Can you try capturing network traffic with Wireshark or Rawcap while running an export?

You can call me on Team if you need anything else or do some checks in the environment directly.

The request in the trace you provided is returning the message "The entry could not be added as it already exists.". That means that for at least one of the entities MIM is attempting to add, another entity already exists in the adapter with the same DN.

Thanks for your answer.

This is where it's starting to be interesting.

Connector and Adapter empty. Same error.

Log and Rawcap dump: User2.rar

Even more interesting, in the new trace the request succeeded. What ever caused MIM to fail wasn't because of the add request. Are you sure there's no other information provided about why it failed? Nothing in the Windows event log or anywhere else MIM may log to?

Not much.

The default unexpected-error message:

Is there any way to troubleshoot the output from the DLL: Unify.IdentityBroker.FIMAdapter.dll ?

If the error is not generated by UNIFYBroker that means that the DLL is throwing the error.

Not a bug

Hi Anthony,

I've looked into this issue a bit further and have determined a few things.

Firstly, the cause is not the export component of the MA extension. This processes completes successfully as was demonstrated in the second network trace you provided. I suspect the error message contained in the first was a result of a previous attempt to run the export, which succeeded in creating the entities in Broker, but where the overall export failing in MIM.

Secondly, from the MIM stack trace you provided, it appears that the error is originating from the password extension (see the line with ..\passwordext.cpp in the trace). The password component of the MA extension isn't at fault, however, as a failure from this results in a trace which looks like this


, and the internal exception message would be logged in a separate log entry. Additionally, as the only action performed by this code is to send password change requests and none of these requests appeared in the provided network traces, it would appear the error occurred before the extension's password component was called into.

I would imagine that the most likely cause is a configuration or data issue that surfaces as the MA prepares the password before it is provided to the MA extension for sending.

Hope this information helps. I'll close this topic as it doesn't appear to be a product issue. If you come across anything that would indicate otherwise, let me know.