tag:userecho.com,2024-03-19:/feeds/topics/en//UNIFY Solutions2024-03-18T06:31:24+00:00tag:voice.unifysolutions.net,2024-03-18:/communities/6/topics/4235-baseline-sync-calling-connector-entity-update-for-all-entities-even-when-there-are-no-value-changes/2024-03-18T06:31:24+00:002024-03-18T06:31:24+00:00Baseline Sync calling connector entity update for all entities even when there are no value changes [bugs] [planned]<p>When a Baseline Sync runs on a link the connector's update export functionality is called to update every entity, even when there are no field value changes. This places an unnecessary load on UNIFYBroker and performs null updates against the external system for no discernible reason, and since UNIFYBroker/Plus is unable to sync any other links while this takes place can result in unnecessary processing delays while the connector is busy effectively doing nothing.</p><br/><br/> Shane Day replied:<br/><p>I have replicated this behaviour in a development environment.</p><p><br></p><p>This behaviour occurs when during a synchronisation PowerShell task, a value is written to the entity object, even if the value being written does not change the value.</p><p>Example:</p><p><br></p><p>$entity[“field”] = $someCalculatedValue</p><p><br></p><p>In order to prevent the behaviour from occurring, I have a workaround, whereby any assignment to an Entity will compare the value to be written before assigning it:<br><br></p><p>Function Set-EntityValue {<br> param(<br> [Parameter(Mandatory=$True)] $entity,<br> [Parameter(Mandatory=$True)] $FieldName,<br> [Parameter(Mandatory=$True)] $FieldValue<br> )</p><p></p><p> $oldValue = GetEntityValue -entity $entity -FieldName $FieldName<br> if ($oldValue -ne $FieldValue){<br> $entity[$FieldName] = $FieldValue<br> $logger.LogInformation("$FieldValue : $FieldValue -ne $oldValue")<br> }<br>}</p><p><br></p><p>where GetEntityValue gets the IValue.Value property, or null if the IValue does not exist.<br></p><p></p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2024-02-19:/communities/6/topics/5361-jobs-stuck-processing/2024-02-19T01:43:12+00:002024-02-19T01:43:12+00:00Jobs Stuck Processing [bugs] [under review]<p>Hi,<br><br>We have observed jobs such as Connector imports and Link synchronization will occassionally get stuck in a processing loop and not complete. This causes a block in operations as Broker cannot import or synchronize new data. To clear the process a restart has to be performed. Attempting to cancel the job does not have any impact. <br><br>This happens intermittently and doesn't appear to have a consistent way of reproducing the issue. I understand this makes it difficult to troubleshoot the issue, so is there other possibilities for a solution we could explore? For example, could there be a timeout introduced so that the job is killed if it runs over a period of time without closing?<br><br>Let me know your thoughts and feedback.<br><br>Thanks,<br>Liam</p><br/><br/> Matthew Davis replied:<br/><p>Hi Liam,</p><p>You're right - without any consistent way to reproduce the issue it does make it hard. However, we can try and narrow down where it might be happening to see if there's a pattern.</p><p>- Is there specific environments, customers or operations that are getting stuck? </p><p>- Are there log files that can be supplied for times where a job was stuck, which might show a job starting but never finishing? </p><p>- What does the job report when it is stuck (for example, if an import operation is stuck, is it showing any entities returned?) </p><p>- Is there any consistency on the type of operation, for example always a powershell connector getting stuck, or a particular link + operation combo?</p><p>A timeout is definitely an option that we could explore, however I'd like to see if we can find the root cause of the problem, as operations shouldn't be getting stuck. So if we can find the cause of the problem, that'd be better for the future of the product than a bandaid fix.</p>Liam Schulzhttps://voice.unifysolutions.net/users/397-liam-schulz/topics/tag:voice.unifysolutions.net,2024-01-24:/communities/6/topics/5357-link-synchronization-not-triggering/2024-01-24T00:09:58+00:002024-01-24T00:09:58+00:00Link Synchronization not triggering [questions] [under review]<p>In UNIFYConnect test environment when attempting to perform a baseline synchronisation or delta changes synchronisation, the buttons seemingly do nothing when attempting to trigger on the link. The link is between a CSV connector/adapter and a locker with about ~10k entities. Nothing else is currently running, all other link schedules are disabled and no connectors are importing, nor are any change reflect options are running. </p><p>When I click a button to sync the page refreshes like it has executed but nothing else happens. Nothing appears under the "Recent Jobs" section of the link page and it logs 2 messages in the log:<br><br>23/Jan/2024 23:29:28<br>Information<br>LinkRequest to manually queue a baseline synchronization job on link started.<br>Request to manually queue a baseline synchronization job on link Managed User > AD User started.<br>23/Jan/2024 23:29:28<br>Information<br>LinkRequest to manually queue a baseline synchronization job on link completed.<br>Request to manually queue a baseline synchronization job on link 'Managed User > AD User' completed. Duration: 00:00:00.0310830</p><p>Is there a way I can see what is stopping the sync operation from executing? Let me know if you need more information.</p><p>Thank you</p><br/><br/> Matthew Davis replied:<br/><p>Hey Hayden,</p><p>The log messages you're seeing are for the job being queued, not actually executed. We've noted that in v5.3 the queue operation can take some time, so you'll likely see some log messages about the actual task being executed a short time after.</p><p>As we discussed on the phone too, be conscious that schema fields being mapped purely in powershell tasks (and not through normal entity mapping means) may not behave as expected, particularly in changes sync scenarios. The change detection engine relies on the link mappings to determine whether a change in an adapter (or a locker) should be flagged for a link, so for fields not mapped these changes will not be triggered.</p>Hayden Grayhttps://voice.unifysolutions.net/users/283-hayden-gray/topics/tag:voice.unifysolutions.net,2024-01-10:/communities/6/topics/5353-a-user-interface-could-not-be-located-for-this-agent-type/2024-01-10T01:29:09+00:002024-01-10T01:29:09+00:00A user-interface could not be located for this agent type. [questions] [answered]<p>Hi Team,</p><p>We are currently doing environment updates at a site and at the same time updating their UNIFYBroker version from 5.3.1 Revision 4 to the latest version 5.3.4 but are running into issues. The customer also has the Google Apps connectors installed in there environment, but the latest version that I can see available which I have installed is 5.3.2.</p><p>The install is successful and the service starts however when validating components in the UNIFYBroker interface I noticed the following errors occurring.</p><p>On the Google Agents the following error is produced:</p><p><em>A user-interface could not be located for this agent type. The list of known types are: <br> Unify.Agent.FTP (FTP Agent)<br> Unify.Agent.SSH (SSH Agent)<br> Unify.Agent.SqlServerDatabase (SQL Server Database Agent)<br> Unify.Agent.OracleDb (Oracle Database Agent)<br> Unify.Agent.OleDb (Ole Database Agent)<br> Google (Google Agent)</em><br><br>On the Google Connectors the following error is produced:</p><p><em>A user-interface could not be located for this connector type. The list of known types are:<br>Unify.IdentityBroker.Connector.Google.Calendar (Google Calendar)<br>Unify.IdentityBroker.Connector.Google.DomainContact (Google Domain Shared Contact)<br>Unify.IdentityBroker.Connector.Google.OrgUnit (Google Org Unit)<br>Unify.IdentityBroker.Connector.Google.Group (Google Group)<br>Unify.IdentityBroker.Connector.Google.UserSettings (Google User Settings)<br>Unify.IdentityBroker.Connector.Google.User (Google User)<br>Unify.Connectors.PowerShell (PowerShell Connector)<br>Unify.Connectors.Direct (Database Connector)<br>Unify.Connectors.CSV (CSV Connector)<br>Unify.Connectors.Placeholder (Placeholder Connector)</em></p><p><em><br></em></p><p>I saw a similar issue mentioned on a previous ticket regarding Aurion connectors where an incorrect version was being used and I am figuring something similar could be happening here.</p><p>Thank you</p><br/><br/> Hayden Gray replied:<br/><p>Thanks Matt, that helped me find the issue.</p><p>Issues was the IIS site was pointing to the standaloneweb directory where it should be pointing to just the web directory. Repointing and doing an IIS reset got it working as expected.</p><p>Thank you</p>Hayden Grayhttps://voice.unifysolutions.net/users/283-hayden-gray/topics/tag:voice.unifysolutions.net,2023-12-13:/communities/6/topics/5266-unifybroker-api-cannot-access-the-log-file-because-it-is-being-used-by-another-process/2023-12-13T04:08:47+00:002023-12-13T04:08:47+00:00UNIFYBroker API cannot access the log file because it is being used by another process [bugs] [not a bug]<p>In UNIFYConnect when attempting to retrieve a log file via the API it usually works fine but once I saw this error. This is a very low priority issue for me.</p><p>20221214,20:00:16,UNIFYBroker,SyncEngine,Information,"Request to baseline synchronize link completed.<br>Request to queue a baseline synchronization job for the 'Employee > AD User' link completed. Duration: 00:00:12.2592180",Normal<br>20221214,20:00:19,UNIFYBroker,Logging engine,Warning,"Request to download log file.<br>Request to download log file for 12/14/2022 failed with message The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.. Duration: 00:00:00.1899900<br>Error details:<br>System.IO.IOException: The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.<br> at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)<br> at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)<br> at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)<br> at Unify.Framework.Logging.CsvLogReaderWriter.DownloadLogFile(DateTime date)<br> at Unify.Framework.Logging.LoggingEngine`1.DownloadLogFile(DateTime date)<br> at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)<br> at Unify.Framework.Logging.LoggingEngineNotifierDecorator.DownloadLogFile(DateTime date)<br> at Unify.Framework.Logging.LoggingController.DownloadLogFile(Int32 year, Int32 month, Int32 day)<br> at lambda_method(Closure , Object , Object[] )<br> at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters)<br> at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)<br>--- End of stack trace from previous location where exception was thrown ---<br> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()<br> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)<br> at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()<br>--- End of stack trace from previous location where exception was thrown ---<br> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()<br> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)<br> at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()<br>--- End of stack trace from previous location where exception was thrown ---<br> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()<br> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)<br> at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()<br>--- End of stack trace from previous location where exception was thrown ---<br> at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()<br> at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)<br> at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()",Normal</p><br/><br/> Adrian Corston replied:<br/><p>Just found a second occurrence; it may be happening when two or more log retrieval API calls are invoked simultaneously. I have updated my implementation to not do that.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-12-13:/communities/6/topics/5277-aurion-connector-time-out-a-connection-attempt-failed-because-the-connected-party-did-not-properly/2023-12-13T04:07:59+00:002023-12-13T04:07:59+00:00Aurion connector time out "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" [bugs] [duplicate]<p>One of my Aurion connectors is failing to import all with the following error. Two other Aurion connectors for the same agent do not return this error. Test Connection for the agent is successful. I can't find a client-side timeout parameter on the configuration screen. The error is occurring around 5m24s after the import starts. There were around 7,200 records the last time the import was working in this environment (I don't know how long ago that was). The other two working connectors have similar entity counts and each take around 90 seconds to run to successful completion.</p><p>Could you please investigate? If this is a server-side timeout please let me know and I'll escalate it to Aurion.</p><p><img src="/s/attachments/17376/6/396/0708ad09d685b051f2fedb6807f8dd4b.png"></p><p></p><p>Customer identifying details have been redacted from the following log entry:</p><pre>20230127,02:25:20,UNIFYBroker,Change detection engine,Error,"Change detection engine import all items failed.<br>Change detection engine import all items for connector Aurion Employee Connector failed with reason Unable to connect to the remote server. Duration: 00:05:24.5919187<br>Error details:<br>System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XX.XX.XX:443<br> at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)<br> at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket,IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)<br> --- End of inner exception stack trace ---<br> at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)<br> at System.Net.HttpWebRequest.GetRequestStream()<br> at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)<br> at Unify.Communicators.AurionAPI.EV397_AURION_WSService.LOGOFF(String P_TOKEN)<br> at Unify.Communicators.AurionWSCommunicator.Logout()<br> at Unify.Communicators.AurionAgent.Close()<br> at Unify.Connectors.AurionApiReadingConnector.d__5.System.IDisposable.Dispose()<br> at Unify.Connectors.AurionApiReadingConnector.d__5.MoveNext()<br> at System.Linq.Buffer`1..ctor(IEnumerable`1 source)<br> at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)<br> at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)<br> at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)<br> at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()<br> at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()<br> at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()<br> at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()<br> at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal</pre><br/><br/> Matthew Davis replied:<br/><p>This resolution of this issue is being tracked here: <a href="https://voice.unifysolutions.net/communities/6/topics/5311-allow-tcp-keepalives-to-be-set-for-aurion-connectors">Allow TCP keepalives to be set for Aurion connectors / UNIFYBroker Forum / UNIFY Solutions</a> </p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-12-13:/communities/5/topics/5302-how-to-set-unifynow-security-roles/2023-12-13T04:06:23+00:002023-12-13T04:06:23+00:00How to set UNIFYNow security Roles [questions] [answered]<p><a href="https://voice.unifysolutions.net/knowledge-bases/8/articles/2717-unifynow-security">https://voice.unifysolutions.net/knowledge-bases/8/articles/2717-unifynow-security</a> says "Operations on the UNIFYNow website require the user to be in one of the following four roles: Read, Write, Full, Admin"</p><p>How is this done - i.e. how is a user put in a Role?</p><br/><br/> Matthew Davis replied:<br/><p>Morning Adrian,</p><p>I believe this should be done through the App Roles feature of an app registration:</p><p><a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#app-roles-ui">Add app roles and get them from a token - Microsoft Entra | Microsoft Learn</a></p><p>I have a feeling that the config on the documentation may be incorrect, it may look more like this:</p><pre><add key="AuthorizeSetting" value="OpenId"><add key="ida:ClientId" value="{ClientId}"></add><add key="ida:AADInstance" value="https://login.windows.net/"></add><add key="ida:TenantId" value="{TenantId}"></add><add key="ida:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add></pre><p>Not many people use the auth feature, so it's also possible that Microsoft have changed a few things in how the auth works and issue claims since the feature was built. At a quick glance, we validate the ClientId and Authority (where Authority is the combination of the AADInstance and Tenantid). If you find that it's not working as expected, let us know and we can investigate to see if any changes are needed.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-11-30:/communities/6/topics/5349-aurion-query-attribute-order/2023-11-30T04:52:11+00:002023-11-30T04:52:11+00:00Aurion Query Attribute Order [questions] [answered]<p>Hi, <br></p><p>I've had a question from the customer regarding the queries the Aurion connector uses to pull data via the WSDL. <br></p><p>Does it matter if extra attributes that are not included in the schema/mapping are added to the query and does it matter what order the attributes are returned in the query? </p><p>Thanks,<br>Liam<br></p><br/><br/> Matthew Davis replied:<br/><p>Hey Liam,</p><p>No - extra fields aren't an issue. The Aurion connector uses the configured schema and mappings as the source of truth for which fields to read. So when iterating through the results of the query, each schema mapping row is attempted to be read from the results and set on the entity if it exists. So if the schema mapping doesn't exist on the query it will just skip over it, and extra ones that might be returned from the query will just be ignored if they're not in the schema. </p><p>There's also no order requirement - the query results come back in blobs of XML, and we just iterate over the results retrieving the required elements. So the connector code has no expectation of order. </p>Liam Schulzhttps://voice.unifysolutions.net/users/397-liam-schulz/topics/tag:voice.unifysolutions.net,2023-11-28:/communities/6/topics/5338-how-can-we-re-trigger-an-ad-user-provision/2023-11-28T05:18:43+00:002023-11-28T05:18:43+00:00How can we re-trigger an AD User provision? [bugs] [won't fix]<p>Hi All</p><p>Is there a way to re-trigger an Outbound provision going from the Locker to AD.</p><p>- We have done a baseline sync</p><p>- We have checked the criteria required for a provision to AD</p><p>Is this a bug or is there a solution already made?<br></p><p>Many thanks</p><p>Andrei</p><p><br></p><br/><br/> Andrei Nicolas replied:<br/><p>Hi All</p><p>Thanks for that, yes Connect will provision well if there are no errors or duplicate accounts.</p><p><br>Will close this issue</p><p><br></p><p>Many thanks</p><p>Andrei</p>Andrei Nicolashttps://voice.unifysolutions.net/users/437-andrei-nicolas/topics/tag:voice.unifysolutions.net,2023-11-08:/communities/6/topics/5298-aurion-api-error-1-you-are-not-logged-on-to-the-aurion-web-services-application-server-use-the/2023-11-08T05:28:29+00:002023-11-08T05:28:29+00:00Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation [bugs] [fixed]<p>This issue is occurring in my customer's PROD environment, despite me having implemented the workaround of one Aurion agent for each Aurion connector and that workaround appearing to have worked correctly in their TEST environment (where these errors have not be observed):</p><p>Update entities 11 to connector Aurion Security User reported 11 entities saved, 11 failed. Duration: 00:00:57.4310747",Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (c71168bd-30e8-460e-832c-4e0983b47d6b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (8d7ab2cf-fb2a-41c4-9700-fbba79ca1722) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (00a0802e-f57f-40e2-8667-7a9c5d7a7004) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (800e7663-b6b8-4e36-849b-477c69fb21c0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (e55f8dbf-8d45-4f20-b561-08603923c0f0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (ee80f7e3-7b8b-4cf1-bf12-3e58713ee29b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (2435a9d0-263f-4c43-9e99-36ae99e239ae) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (dcfa3e64-be3a-41c4-a19b-a28fcef61700) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (c33745d2-dfd0-44f9-bbb9-456d2afdaac0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (a5805bac-7b60-4ed9-9bae-449b481c094b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal<br>20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (3d3b1f15-bc78-4415-9419-4c782f956976) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal</p><p>All Aurion connectors are part of an exclusion connector group.</p><p>Could you please investigate and advise?</p><br/><br/> Matthew Davis replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-11-08:/communities/6/topics/5326-aurion-security-user-writeback-fails-for-user-id-field-values-with-common-prefix/2023-11-08T05:27:28+00:002023-11-08T05:27:28+00:00Aurion security user writeback fails for user ID field values with common prefix [questions] [answered]<p>At my customer site their Aurion instance is configured with security user "UserID" field values which are populated from the user's AD sAMAccountName (username) field. Their usernames have values like "jsmi" (for John Smith) and "jsmi1" (for Jane Smith).</p><p>When writing data back for a user like "jsmi" the following error is logged by UNIFYBroker and the update isn't actioned in Aurion:</p><p>20230725,04:16:00,UNIFYBroker,EntitySaver,Error,The entity jsmi (3a657f98-06df-47e0-b0d8-bfd0c19b250b) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: Cannot identify an unique Aurion User from User Match Value,Normal</p><p>It appears the issue here is that the Aurion API is unable to identify a single unique security user to update, when there is another user whose UserID starts with the same value (i.e., jsmi1).</p><p>Is there some other way to configure UNIFYBroker so that it can successfully update my customer's Aurion security user data?</p><br/><br/> Matthew Davis replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-10-18:/communities/6/topics/5341-change-detection-engine-import-all-items-for-connector-aurion-person-failed-with-reason-25-see/2023-10-18T04:06:00+00:002023-10-18T04:06:00+00:00Change detection engine import all items for connector Aurion Person failed with reason -25 (see UNIFACE message guide) [bugs] [under review]<p>Hi,</p><p>I am trying to add the Employee_Number field from Aurion Person to a connector so that I can do write-back.</p><p>However, I am encountering the following error on Import All:</p><p><img src="/s/attachments/17376/6/397/4d6fec259fe8da335aeb761c3209fb21.png"></p><p></p><p>My mapping and schema is as follows:</p><p><img src="/s/attachments/17376/6/397/475e72f9edd6829749891e1a1d95ccaf.png"></p><p></p><p><img src="/s/attachments/17376/6/397/72c7a8ac0bc0c25064a46075163014d1.png"></p><p>Do you have more insight on what error -25 is? <br></p><p>Thanks,<br>Liam</p><br/><br/> Liam Schulz replied:<br/><p>Hi Matt,</p><p>I don't believe it was occurring as there had been entities imported on the connector, however the environment hasn't had schedules configured so it may have been some time since it ran. <br></p><p>The Aurion instance in question is the UNIFY dev instance so would it be possible to check if the license has expired?</p><p>Thanks,<br>Liam<br><br></p>Liam Schulzhttps://voice.unifysolutions.net/users/397-liam-schulz/topics/tag:voice.unifysolutions.net,2023-09-21:/communities/13/topics/5337-mim-application-drive-full-issue/2023-09-21T13:15:12+00:002023-09-21T13:15:12+00:00MIM Application Drive full issue [questions] <p>Hi Experts,</p><p>I need help from you regarding a situation which we are going through. We have a situation where MIM Sync stopped, i could see that the Database Drive in the MIM Database server is out of space. So when we troubleshoot, we could see that then Database logs are increasing and we are doing some fim sync runs cleanup.too. So is there any possibility to do some more housekeeping form MIM application end or increasing the Drive space is the only solution?</p><p>Also, the drive space is consuming close to 50 GB in every week so what could have been wrong and is there any issue from MIM application end or database end ?</p><p><br></p><p></p><br/><br/>suggested by: Kumar KattaKumar Kattahttps://voice.unifysolutions.net/users/442-kumar-katta/topics/tag:voice.unifysolutions.net,2023-09-14:/communities/6/topics/5330-time-offset-flag-not-re-evaluated-when-current-time-passes-source-field-timestamp/2023-09-14T01:22:20+00:002023-09-14T01:22:20+00:00Time Offset Flag not re-evaluated when current time passes source field timestamp [bugs] [not a bug]<p>My customer is failing UAT of the solution configuration because Time Offset Flags are not automatically updating when the source field timestamp is passed. There have not been any Clear Entity Changes run in this environment for many months, and entity data fields have been updated recently as part of the customer's UAT testing processes.</p><p>Example: entity ID 70cb5e8e-8a8d-48f9-a123-911a836574f4 in partition 838b79fc-a31e-4b70-bcc8-e94550b3ff57 in ACCC TEST. PostEnd, based on EndUTC, is still "No" but it should be "Yes".</p><p>Could you please check entity ID e71b989c-1a01-4542-9334-8e69c12abb6c on that same partition, which is due to see PostEnd change from "No" to "Yes" in around 15 hours from now (8/22/2023 2:00:00 PM UTC). Please confirm that it is all fine (i.e., a future change exists in the database) and then after the timestamp is passed I'll check and verify if the PostEnd value has updated automatically as it should.</p><br/><br/> Matthew Davis replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-09-12:/communities/6/topics/5334-gateway-was-unable-to-be-started-due-to-one-or-more-errors-occurred/2023-09-12T05:47:52+00:002023-09-12T05:47:52+00:00Gateway was unable to be started due to One or more errors occurred. [bugs] [under review]<p>Hi,</p><p>We have seen across multiple Broker instances that the following error occurs for LDAP gateways:<br>"The gateway <gateway name> (guid) was unable to be started due to One or more errors occurred."</p><p>Unfortunately there doesn't seem to be much more information that what is provided in the log. Examination of the log file further with CMTrace doesn't reveal anymore information. <br></p><p>In one particular affected customer's case, I checked the Azure Provisioning service to see if there was any significant event that may have caused this, but could not find anything there either.</p><p>The workaround is to Recycle the gateway, but this currently relies on manual checking to see if it has occurred or not and this appears to be happening on a frequent basis. We would like to address the root cause issue if possible.</p><p>Is there additional logging levels that could be applied to find out what could be causing this?<br><br>Thanks,<br>Liam</p><br/><br/> Matthew Davis replied:<br/><p>Thanks for the clarification Liam - those logs are helpful.</p><p>It looks like the Broker service is restarting itself, and upon restart the SCIM gateway will attempt to reach out to the AAD service to get metadata for bearer token auth validation. It could be failing due to the fact that the service has just restarted (and underlying connectivity is still being established), as I can see in the logs that sometimes it's one of the gateways, and sometimes both.</p><p>We'll investigate whether there's some more resiliency we can add to this startup procedure, as it's housed in a library provided by Microsoft for SCIM functionality so it might not be something we can control completely. </p><p>I'll also loop in David (but suggest you reach out to him as well), as this issue is only occurring because something is restarting the service automatically. The gateways would normally only restart under certain conditions (service start, gateway config change etc) so isn't a normal operation for them.</p>Liam Schulzhttps://voice.unifysolutions.net/users/397-liam-schulz/topics/tag:voice.unifysolutions.net,2023-09-06:/knowledge-bases/7/articles/5333-database-clean-up-jobs/2023-09-06T23:48:56+00:002023-09-06T23:48:56+00:00Database Clean up Jobs [news] <p>There are a few database clean-up jobs triggered in Broker, These are as follows:<br></p><p></p><p><strong>Unused containers <strong>cleaning </strong>Job</strong><br><strong>Description:</strong><br>This job is designed to remove object containers from the database containers table if there are no entities associated with distinguished names (DNs) corresponding to these containers.<br><strong>Frequency</strong>:<br>This job is run every 10 minutes.<br></p><p></p><p><strong><strong>Change logs cleaning job</strong></strong></p><p><strong><strong><strong>Description</strong>:</strong></strong></p><p>Removes adapter change logs that have lasted 14 days.</p><p><strong>Frequency</strong>:</p><p>This job is run every 2 hours.</p><strong><br>Link Connection's cleaning job<br><strong><strong><strong>Description</strong>:</strong></strong><br></strong>Removes link connections whose adapter and locker entities no longer exist.<br><strong>Duration:<br></strong>This job runs once a day.<br><br><p><strong>LDAP connection cleaning </strong><strong>Job</strong></p><p><strong><strong>Description</strong>:</strong></p><p>This job removes LDAP connections that do not have any connected clients or those that have gone idle. a connection goes idle when not used for 2 hours.</p><p><strong>Frequency</strong>:</p><p>This job is run every 1 minute.</p><p><strong><br></strong></p><p><br></p><p></p><ul></ul><p></p><br/><br/>suggested by: Roba ElshazlyRoba Elshazlyhttps://voice.unifysolutions.net/users/429-roba-elshazly/topics/tag:voice.unifysolutions.net,2023-08-21:/knowledge-bases/7/articles/3436-unifybrokermicrosoft-active-directory-downloads/2023-08-21T03:18:11+00:002023-08-21T03:18:11+00:00UNIFYBroker/Microsoft Active Directory Downloads [news] <p>This page contains all UNIFYBroker/Microsoft Dynamics Active Directory downloads.</p><ul> <li><a data-toggle="pill" href="#past">Past</a></li> <li><a data-toggle="pill" href="#current">Current</a></li> <li><a data-toggle="pill" href="#future">Future</a></li></ul><div> <div id="past"><div> <strong>WARNING:</strong> These packages may not contain important improvements or bug fixes. It is recommended to upgrade to a Current version.</div><h3>v5.3</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released</th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/luidsfhjuwkvsksp4ga">UNIFYBroker for Microsoft Active Directory v5.3.0 RTM.msi</a></td><td>5.3.0.0</td><td>Release</td><td>2018-5-18</td></tr></tbody></table><h3>v4.1</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/dy5q0v9ifeq5ubcicgbw5a">UNIFY Identity Broker for Microsoft Active Directory v4.1.2 x64.msi</a></td><td>4.1.2.1</td><td>Release</td><td>2015-06-12</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/sbpmhzw6reqne8s56r03a">UNIFY Identity Broker for Microsoft Active Directory v4.1.2 x86.msi</a></td><td>4.1.2.1</td><td>Release</td><td>2015-06-12</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/l0rr31wtuusez8aqnasjfg">UNIFY Identity Broker for Microsoft Active Directory v4.1.1 x64.msi</a></td><td>4.1.1.1</td><td>Candidate</td><td>2014-09-16</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/v5nnpeikhkwhngpjxkjbw">UNIFY Identity Broker for Microsoft Active Directory v4.1.1 x86.msi</a></td><td>4.1.1.1</td><td>Candidate</td><td>2014-09-16</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/vdi1kqx0zkgeu3h1xmfia">UNIFY Identity Broker for Microsoft Active Directory v4.1.0 x64.msi</a></td><td>4.1.0.0</td><td>Candidate</td><td>2014-06-01</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/cq6uhffmie68a2vka96va">UNIFY Identity Broker for Microsoft Active Directory v4.1.0 x86.msi</a></td><td>4.1.0.0</td><td>Candidate</td><td>2014-06-01</td></tr></tbody></table></div> <div id="current"><h3>v5.3</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released</th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/tsk2x4r9kihqmuydl70gg">UNIFYBroker for Microsoft Active Directory v5.3.1 RTM.msi</a></td><td>5.3.1.0</td><td>Release</td><td>2023-8-21</td></tr></tbody></table><h3>v5.2</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/v6amalrqp0m7qau8vawwa">UNIFY Identity Broker for Microsoft Active Directory v5.2.0 RC1.msi</a></td><td>5.2.0.1</td><td>Candidate</td><td>2017-06-08</td></tr></tbody></table><h3>v5.1</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/bkpiinyzq0euzwjso6dg">UNIFY Identity Broker for Microsoft Active Directory v5.1.0 RTM.msi</a></td><td>5.1.0.2</td><td>Release</td><td>2017-02-15</td></tr></tbody></table><h3>v5.0</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody> <tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/ccbyl7zeeiernoghjygkw">UNIFY Identity Broker for Microsoft Active Directory v5.0.1 x64.msi</a></td><td>5.0.1.3</td><td>Candidate</td><td>2016-08-18</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/1nxfww9oce2n88kqgeu2aq">UNIFY Identity Broker for Microsoft Active Directory v5.0.1 x86.msi</a></td><td>5.0.1.3</td><td>Candidate</td><td>2016-08-18</td></tr></tbody></table><h3>v4.1</h3><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/5vuhhaftz0eju6iiutltew">UNIFY Identity Broker for Microsoft Active Directory v4.1.3 x64.msi</a></td><td>4.1.3.0</td><td>Development</td><td>2015-11-05</td></tr><tr><td><a href="https://downloads.unifysolutions.net/D/IDBAD/nij8tsykg0az2nuwwqc0og">UNIFY Identity Broker for Microsoft Active Directory v4.1.3 x86.msi</a></td><td>4.1.3.0</td><td>Development</td><td>2015-11-05</td></tr></tbody></table> </div> <div id="future"><div> <strong>WARNING:</strong> These packages are likely to be unstable until promoted to Candidate. Previous versions must be completely uninstalled.</div>None. </div></div><br/><br/>suggested by: Adam van VlietAdam van Vliethttps://voice.unifysolutions.net/users/287-adam-van-vliet/topics/tag:voice.unifysolutions.net,2023-07-26:/communities/6/topics/5327-support-for-daterelationalcomparestring-and-relational-adapter-transform-types/2023-07-26T06:26:28+00:002023-07-26T06:26:28+00:00Support for DateRelational.Compare.String and Relational adapter transform types [questions] [answered]<p>I have encountered a UNIFYBroker customer who has DateRelational.Compare.String and Relational adapter transform types configured (UNIFYBroker 5.1.0#2). I have been asked to upgrade them to the latest UNIFYBroker release. Can you please confirm:</p><p>1. Are these transform types still available in the latest UNIFYBroker release?</p><p>2. Has their functionality or features changed since the 5.1.0#2 release?</p><p>3. If they are available, what are they now called in the UNIFYBroker UI?</p><p><img src="/s/attachments/17376/6/396/6f28e18dd5c916bba48fa7da96778e8a.png"></p><br/><br/> Matthew Davis replied:<br/><p>Hi Adrian,</p><p>The <strong>DateRelational.Compare.String</strong> and <strong>Relational</strong> are old names for the current <em>Join</em> transformation. This transformation was reworked back in UNIFYBroker 4.1, so it's likely this configuration was upgraded from an old 3.x or 4.x config up to 5.1.</p><p>The product still respects the old transformation names, although may not </p><p>Between 5.1 and 5.3 there's been no changes to the way that entity windows and selections function. </p><p>There was no changes to the join transformation functionality itself, however there was minor changes made to the overall transformation process in terms of how changes are aggregated and reported (as support for postgresql was added). I don't expect this would impact functionality as we've not had other customers report issues between the versions.</p><p>If you are migrating the configuration rather than re-creating, you may find the UI continues to report the transformations using the old name (as you see in the screenshot above). Otherwise a new transformation can be created using the Join transform.</p><p>Let me know if you've got any more questions or have issues with the upgrade.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-07-24:/communities/6/topics/5324-unifyconnect-writing-back-aurion-data-to-fields-that-its-not-configured-to-export-to/2023-07-24T00:21:18+00:002023-07-24T00:21:18+00:00UNIFYConnect writing back Aurion data to fields that it's not configured to export to [questions] [answered]<p>Recently my customer refreshed their TEST HR SOT (Aurion) from PROD. I ran an import to pick up the updated data, but didn't notice that it failed (due to a duplicate value for a key field in the refreshed data). Then I cleared locker data and reloaded it.</p><p>Then I ran a baseline sync to write back two fields to the HR SOT. It appears that at this time data on all fields (and not just the write-back fields) of entities in the HR SOT was reverted to pre-refresh values.</p><p>Is it likely that when I ran the baseline sync UNIFYBroker/Plus applied the mappings from the outbound link on top of the pre-existing out-of-date connector data, and then overwrote all that old field data back to Aurion, even for fields that are not configured to be written back?</p><br/><br/> Matthew Davis replied:<br/><p>Hi Adrian,<br></p><p>The Aurion API only supports updating specific fields on the API, separate to the queries being read. Currently, the UNIFY Aurion connector maps all suitable* connector entity fields back to the API call.</p><p>*<em> A suitable connector entity field is one where the field schema name matches the name provided by the default schema provider, in line with the appropriate connector documentation (such as <a href="https://voice.unifysolutions.net/knowledge-bases/7/articles/3112-aurion-person-connector">Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions</a> )</em><em></em><em></em></p><p>If the appropriate schema field can't be found, then the value isn't set on the outgoing API call. According to the Aurion API documentation, this field would be ignored.</p><p>In this case, the baseline sync would have triggered the export operation on the connector for entities, which would have taken the reverse-transformed adapter entity (pre-refresh, as the import failed) and exported any fields that the connector was able to map - which is likely why those values got reverted.</p><p>I suspect that if you were to have different connector schema field names for any fields you're not wanting to have exported, and make use of the <strong>Query Mappings</strong> connector configuration, then only the expected fields would be updated.</p><p>We do have an item on the backlog to re-work the Aurion connector, having the connector schema be driven by the query with explicit configuration back to the API operations (rather than the inverse, as it stands currently). </p><p>We do also have an item to improve the Baseline Sync to avoid exporting entities when changes haven't been made, but we're working through the implications of that on true-up support (and potentially wouldn't have helped in this scenario if the values you were wanting to export were different already). </p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-06-16:/communities/6/topics/5319-powershell-sync-task-cant-connect-to-ad/2023-06-16T06:02:07+00:002023-06-16T06:02:07+00:00PowerShell sync task can't connect to AD [questions] [declined]<p>Sometimes I see errors in my customer's production environment when the birthright group provisioning PowerShell task is unable to connect to AD. This is happening immediately after a successful connection to AD has provisioned the user account. There are two types of errors that are returned, as below:</p><p>UnifyLog20230517.csv:1629:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1916629",Normal<br>UnifyLog20230518.csv:57203:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2855075",Normal<br>UnifyLog20230521.csv:219718:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:01:00.0326068",Normal<br>UnifyLog20230521.csv:219982:20230521,15:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:220247:20230521,15:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:234120:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0287518",Normal<br>UnifyLog20230521.csv:234384:20230521,16:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:234683:20230521,16:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:248409:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0017363",Normal<br>UnifyLog20230521.csv:248672:20230521,17:41:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:248971:20230521,17:43:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:262577:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0161713",Normal<br>UnifyLog20230521.csv:262840:20230521,18:40:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:263093:20230521,18:42:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:276860:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0138167",Normal<br>UnifyLog20230521.csv:277241:20230521,19:40:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:277494:20230521,19:42:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:291308:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170553",Normal<br>UnifyLog20230521.csv:291572:20230521,20:41:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:291845:20230521,20:43:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:305473:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0058264",Normal<br>UnifyLog20230521.csv:305736:20230521,21:40:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:305989:20230521,21:42:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:319874:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170181",Normal<br>UnifyLog20230521.csv:320142:20230521,22:41:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:320398:20230521,22:43:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal<br>UnifyLog20230521.csv:331465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.1680608",Normal<br>UnifyLog20230521.csv:331472:20230521,23:30:44,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard <br>Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal<br>UnifyLog20230521.csv:331477:20230521,23:30:47,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard <br>Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal<br>UnifyLog20230523.csv:10338:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.0310308",Normal<br>UnifyLog20230523.csv:32001:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2325114",Normal<br>UnifyLog20230523.csv:32955:Add entities [Count:8] to connector AD User reported 8 entities saved, 0 failed. Duration: 00:00:02.0700229",Normal<br>UnifyLog20230523.csv:34211:Add entities [Count:4] to connector AD User reported 4 entities saved, 0 failed. Duration: 00:00:01.0275391",Normal<br>UnifyLog20230526.csv:12458:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1577689",Normal<br>UnifyLog20230531.csv:11081:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1605492",Normal<br>UnifyLog20230531.csv:11851:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1728933",Normal<br>UnifyLog20230602.csv:2129:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1171594",Normal<br>UnifyLog20230602.csv:2138:20230602,01:09:42,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=dtai2,OU=Standard <br>Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal<br>UnifyLog20230604.csv:21979:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.5039543",Normal<br>UnifyLog20230605.csv:7281:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1775722",Normal<br>UnifyLog20230605.csv:24280:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.4059702",Normal<br>UnifyLog20230606.csv:18238:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2258243",Normal<br>UnifyLog20230606.csv:20135:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2077376",Normal<br>UnifyLog20230606.csv:20865:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2686140",Normal<br>UnifyLog20230609.csv:11402:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1731736",Normal<br>UnifyLog20230611.csv:21783:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2460368",Normal<br>UnifyLog20230611.csv:21786:20230611,15:38:16,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=spoyn,OU=Standard <br>Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal<br>UnifyLog20230612.csv:24388:Add entities [Count:7] to connector AD User reported 7 entities saved, 0 failed. Duration: 00:00:01.7047121",Normal<br>UnifyLog20230612.csv:24410:20230612,15:40:07,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aeasl,OU=Standard <br>Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal<br>UnifyLog20230612.csv:24465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:00.1749234",Normal<br>UnifyLog20230613.csv:11991:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2090408",Normal<br>UnifyLog20230613.csv:25059:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2958574",Normal<br>UnifyLog20230614.csv:17864:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1804325",Normal<br>UnifyLog20230614.csv:29130:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2327871",Normal</p><p>The birthright group provisioning is a critical event-driven call and it must succeed. Can you please investigate why it failed like this and see if there's some way to improve it's reliability?</p><br/><br/> Matthew Davis replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-06-09:/communities/5/topics/5314-edit-operation-return-404-not-found-for/2023-06-09T05:29:16+00:002023-06-09T05:29:16+00:00Edit operation return 404 Not Found for /Operation/CreateRunProfileOperationChooseManagementAgentByViewInformation [questions] [answered]<p><img src="/s/attachments/17376/5/396/909f28e9267b2cb7480c6c8f8d97614c.png"></p><p></p><p>New UNIFYNow installation with extensibility files copied across from an older server as part of a server migration. Other parts of the UNIFYNow UI are working fine, such as below. It seems to be just the /Operation/CreateRunProfileOperationChooseManagementAgentByViewInformation that shows the error.</p><p>Both the old and new UNIFYNow installs are v4.0.4</p><p><img src="/s/attachments/17376/5/396/93f38b493ef12d909e71915d27f8ac15.png"></p><p></p><p>What have I misconfigured or missed?</p><br/><br/> Beau Harrison replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-06-09:/knowledge-bases/8/articles/3325-unifynow-end-of-product-life-policy/2023-06-09T01:29:48+00:002023-06-09T01:29:48+00:00UNIFYNow End of Product Life Policy [news] <p>{% include_topic_description 3323 %}</p><p>For UNIFYNow 4.0, UNIFY has extended end of product life through to 13th January, 2026 in lieu of new feature releases occurring currently.</p><p></p><h3>Product Versions</h3><table><thead><tr><th>Version</th><th>Date First Released</th><th>End of Product Life</th></tr></thead><tbody><tr><td>4.0</td><td>2017-06-23</td><td>2026-01-13</td></tr><tr><td>3.2</td><td>2015-06-22</td><td>2020-06-22</td></tr></tbody></table><br/><br/>suggested by: Adam van VlietAdam van Vliethttps://voice.unifysolutions.net/users/287-adam-van-vliet/topics/tag:voice.unifysolutions.net,2023-06-05:/knowledge-bases/8/articles/2730-how-to-request-a-unifynow-license/2023-06-05T23:18:39+00:002023-06-05T23:18:39+00:00How to Request a UNIFYNow License [news] <h3>Outline</h3><p>This topic outlines the process of a customer requesting a license. The process involves the creation of a private Ticket in the <a href="http://voice.unifysolutions.net/forums/5-/" rel="nofollow">UNIFYNow Forum</a>.</p><h3>Making the request</h3><p>In this example, a new license request is shown for a fictitious customer.</p><p>First, navigate to the <a href="http://voice.unifysolutions.net/forums/5-/">UNIFYNow Forum</a>. You will be presented with the following page.</p><p><img src="/s/attachments/17376/8/8/a6b791fde34532cb30a889a7add3015f.png" style="width: 500px;"></p><p>Click the "Or leave us a private message" link.</p><p>Set the <em>Header </em>to "License Request" and populate the <em>Description</em> with the details of the license. At a minimum, add the Client Name, Client Contract, Client email, Version and Site Code (found on the About page of UNIFYNow). This information should be added in plain text in the body of the ticket, not as an image or in an attached file. Set the <em>Category </em>to "License Requests".</p><p><img src="/s/attachments/17376/8/8/b6b09a2150567f7141c86f3ca306101d.png" style="width: 500px;"></p><p>You can copy and paste the below table and update the details.</p><table><tbody><tr><td>Client Name</td><td>TempURI Organisation</td></tr><tr><td>Client Contact</td><td>Sample Client</td></tr><tr><td>Client Email</td><td>sample.client@tempuri.org</td></tr><tr><td>Version</td><td>UNIFYNow v4.x</td></tr><tr><td>Site Code</td><td>00:50:56:B7:34:3B</td></tr><tr><td>Environment</td><td>Production</td></tr></tbody></table><p><br>Click the Post button to submit the request. You will be presented with the page for your Ticket, and you will be able to track the progress of your request from here.</p><p><img src="/s/attachments/17376/8/8/a1007fb9bcf7d74eee6156a0b03eee20.png" style="width: 500px;"></p><p>You will receive an email notification when updates are made to your request.</p><h3>Retrieving the license</h3><p>When your request has been approved, a support agent will attach the license file to your ticket. You can download the license file by clicking on the download link. The license will also be attached to the email notification informing you of the approval of your request.</p><p><img src="/s/attachments/17376/8/8/70c1bff6c32a0da788c249a8312822e3.png" style="width: 500px;"></p><p>Once you have downloaded the license file, you can apply it to UNIFYNow by following the instructions on <a href="http://voice.unifysolutions.net/topics/2728-/">Installing the UNIFYNow License</a>.</p><br/><br/>suggested by: Curtis LusmoreCurtis Lusmorehttps://voice.unifysolutions.net/users/266-curtis-lusmore/topics/tag:voice.unifysolutions.net,2023-06-01:/communities/6/topics/5312-aurion-connector-exports-fail-when-import-runs-concurrently-due-to-logoff/2023-06-01T01:35:33+00:002023-06-01T01:35:33+00:00Aurion connector exports fail when import runs concurrently due to logoff [bugs] [duplicate]<p>When an Aurion connector import operation runs while a connector export is already running the export fails with its session logged off:</p><p>14:30:00 baseline sync kicks off export:</p><p>Synchronization job started syncing 7977 changes on the 'Managed User > Aurion Security User' link from the locker to adapter. Job ID: 9f521182-e52e-4082-8685-899600d4456f",Normal</p><p>14:33:37 evidence of exports occurring:</p><p>Add entities [Count:3] to connector Aurion Security User reported 3 entities saved, 3 failed. Duration: 00:00:01.0862857",Normal</p><p>14:51:15 scheduled import operation runs:</p><p>20230531,14:51:15,UNIFYBroker,Change detection engine,Information,"Change detection engine import all items started.</p><p>Change detection engine import all items for connector Aurion Security User started.",Normal</p><p>14:52:54 hundreds of failed updates reported due to logoff (shared session with import?):</p><p>20230531,14:52:54,UNIFYBroker,Connector,Information,"Update entities to connector completed.</p><p>Update entities 6375 to connector Aurion Security User reported 6375 entities saved, 225 failed. Duration: 00:19:11.1067288",Normal</p><p>20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity bcoff (2a12bf64-7aec-4101-a696-fa84054b0a0d) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal</p><p>20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity kbair (603121f8-2724-4d34-a177-630bb718656b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal</p><p>…</p><p>Either import and export operations should be able to run concurrently without interfering with each other, or otherwise the system should not permit them to run concurrently.</p><br/><br/> Matthew Davis replied:<br/><p>Fix should be contained in the overarching fix for the LOGON issue.</p><p><a href="https://voice.unifysolutions.net/communities/6/topics/5298-aurion-api-error-1-you-are-not-logged-on-to-the-aurion-web-services-application-server-use-the">https://voice.unifysolutions.net/communities/6/topics/5298-aurion-api-error-1-you-are-not-logged-on-to-the-aurion-web-services-application-server-use-the</a></p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-05-31:/communities/6/topics/5311-allow-tcp-keepalives-to-be-set-for-aurion-connectors/2023-05-31T01:26:59+00:002023-05-31T01:26:59+00:00Allow TCP keepalives to be set for Aurion connectors [ideas] [under review]<p>Matt wrote in email:<br><br></p><blockquote>I have found some documentation that suggest long-lived TCP connections in Azure components are terminated after 4 minutes. Normally, you’d hope that a terminated TCP connection would immediately result in an exception such as “the underlying connection was closed”. </blockquote><blockquote>... I was able to reproduce the lack of response on this report in both the PowerShell harness and SoapUI. After some testing to force the connection to stay alive, I was able to find a way to successfully get this report to import on the test VM.</blockquote><blockquote>.... I’ll have to investigate the best way to solve this one long term. It might be something we need to set inside the connector, or inside UNIFYBroker, or inside the platform. I’m not sure if the problem is unique to Aurion or whether we can replicate it elsewhere – that’ll be part of the investigation to determine the best way to fix it. This command shouldn’t even be necessary – so we’d have to investigate the side effects of it and ensure that we won’t break something else by having this set.</blockquote><p>Due to my customer having long running reports, could you please provide a fix for this issue?</p><p></p><br/><br/> Beau Harrison replied:<br/><p>Hi Adrian</p><p>I've added the ability to enable and configure TCP keep alive. Which environment should I organize the patch deployed to?</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-05-22:/communities/6/topics/5309-aurion-api-function-used-by-the-person-connector-for-export/2023-05-22T23:08:35+00:002023-05-22T23:08:35+00:00Aurion API function used by the Person connector for export [questions] [answered]<p>Hi <a href="mailto:matthew.davis@unifysolutions.net" id="OWAAMF418B523595945CA83B254782DFC2FC4Z">@Matthew Davis</a> <a href="mailto:beau.harrison@unifysolutions.net" id="OWAAM6F3D6E353E5E49369FB705B92B49D1DAZ">@Beau Harrison</a></p><p>A customer has asked which Aurion API function is used by the Aurion Person connector export functionality. I believe it’s EMP_UPDATE_PERS. Can you please confirm?</p><p>Thanks</p><br/><br/> Matthew Davis replied:<br/><p>Hi Adrian,</p><p>The export functions used by the connectors is listed on their documentation pages: </p><p><a href="https://voice.unifysolutions.net/knowledge-bases/7/articles/3112-aurion-person-connector">Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions</a> </p><p><img src="/s/attachments/17376/6/286/55e851ad74cd82e9360f2aba50d679aa.png"></p><p><br></p><p>You're correct for the person connector - it uses the <strong>EMP_UPDATE_PERS</strong> function for exports.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-05-19:/communities/6/topics/4141-unify-pre-build-checklist/2023-05-19T10:39:55+00:002023-05-19T10:39:55+00:00UNIFY* Pre-build Checklist [ideas] [completed]<p>Similar to the checklist developed on the back of the ultimately successful WA Water Lite implementation, this <a href="https://unifysolutions.sharepoint.com/:w:/t/marketing/ESM-dVUzlNdIg1QVgqamvdkBkotH1XOsDaJZF9v0Tooy8w?e=7Qw4i5">Aurion Pre-installation Checklist </a>contains the necessary steps for a successful implementation UNIFYBroker+ as well as both UNIFYAssure and UNIFYConnect IdAAS flavours.</p><p>An updated checklist will now be required for each of the in-flight UNIFYConnect implementations, as well as future Broker+ installations (where the server specs are still required), and apart from the following recommendation needs to be specified by Engineering:</p><ul><li>Correlation IDs are available in all production and non-production Active Directory environments</li></ul><br/><br/> Matthew Davis replied:<br/><p>Presales activity which is now available as part of our default contract.</p>Bob Bradleyhttps://voice.unifysolutions.net/users/284-bob-bradley/topics/tag:voice.unifysolutions.net,2023-05-19:/communities/5/topics/2465-azure-ad-check-operation/2023-05-19T10:35:12+00:002023-05-19T10:35:12+00:00Azure AD check operation [ideas] [declined]<p>When a FIM Event Broker configuration includes an incoming operation list for the WAAD (OOTB Windows Azure AD) connector, a check operation is required which can be used to poll AAD for changes.</p><br/><br/> Matthew Davis replied:<br/><p>Closing as UNIFYNow is in maintenance mode, so no feature requests are currently slated.</p>Bob Bradleyhttps://voice.unifysolutions.net/users/284-bob-bradley/topics/tag:voice.unifysolutions.net,2023-05-19:/communities/6/topics/5269-button-to-run-a-scheduled-job/2023-05-19T10:33:24+00:002023-05-19T10:33:24+00:00Button to run a Scheduled Job [ideas] [planned]<p>I'd like a button for each Scheduled Job that manually runs it when clicked.</p><br/><br/> Matthew Davis replied:<br/><p>Planned for UNIFYBroker 6.0</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-05-12:/communities/6/topics/5308-ad-user-import-systemnullreferenceexception-object-reference-not-set-to-an-instance-of-an-object/2023-05-12T03:26:27+00:002023-05-12T03:26:27+00:00AD User import: System.NullReferenceException: Object reference not set to an instance of an object. [bugs] [under review]<p>The following error is occurring on both Full imports and Delta imports from Active Directory, in a customer UNIFYConnect environment:</p><pre>20230512,02:28:25,UNIFYBroker,Change detection engine,Error,"Change detection engine import changes failed.Change detection engine import changes for connector AD User failed with reason One or more errors occurred.. Duration: 00:00:02.9714687Error details:System.AggregateException: One or more errors occurred. ---> System.NullReferenceException: Object reference not set to an instance of an object. at Unify.Connectors.AD.ADConnector.TransformEntry(ADAgent agent, SearchResultEntry searchResultEntry, Int64& uSNChangedToken) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.d__10`1.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.AuditEntityPollingAsyncConnectorDecorator.<>c__DisplayClass1_0.b__0(IEnumerable`1 entities) at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass8_0`1.b__0(Task`1 t) at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.b__0(Task`1 t) at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() at System.Threading.Tasks.Task.Execute()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Product.IdentityBroker.EventNotifierEntityPollingAsyncConnectorDecorator.d__1.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at Unify.Product.IdentityBroker.ChangeDetectionEntityPollAsyncJob.RunBase() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)---> (Inner Exception #0) System.NullReferenceException: Object reference not set to an instance of an object. at Unify.Connectors.AD.ADConnector.TransformEntry(ADAgent agent, SearchResultEntry searchResultEntry, Int64& uSNChangedToken) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.d__10`1.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.AuditEntityPollingAsyncConnectorDecorator.<>c__DisplayClass1_0.b__0(IEnumerable`1 entities) at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass8_0`1.b__0(Task`1 t) at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.b__0(Task`1 t) at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() at System.Threading.Tasks.Task.Execute()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Unify.Product.IdentityBroker.EventNotifierEntityPollingAsyncConnectorDecorator.d__1.MoveNext()<---",Normal</pre><br/><br/> Matthew Davis replied:<br/><p>Hi Adrian,</p><p>Thanks for the update - that's a great piece of information. We'll definitely update the documentation, but we'll also see whether there's better ways to handle these scenarios (rather than expecting those values to be set implicitly) to handle scenarios like this better.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-04-28:/communities/6/topics/5307-button-to-allow-ui-deletion-of-locker-entities/2023-04-28T02:26:52+00:002023-04-28T02:26:52+00:00Button to allow UI deletion of locker entities [ideas] <p>When a locker has inbound provisioning but not inbound deprovisioning it is sometimes desirable to manually delete an entity which is no longer wanted. A button to do this would be helpful, because the current workaround is to suspend all outbound processing, delete all locker entities and perform a complete data reload.</p><br/><br/>suggested by: Adrian CorstonAdrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-04-06:/communities/6/topics/5300-locker-entities-should-not-retain-attribute-values-that-came-from-joins-that-have-been-removed/2023-04-06T03:10:12+00:002023-04-06T03:10:12+00:00Locker entities should not retain attribute values that came from joins that have been removed [ideas] [under review]<p>After a link join is removed using the UI a locker entity retains attribute values that were previously contributed through the link. This outcome is highly undesirable, since the locker now has information that should not be there (in my case an AD samaccountname value which is misleading, since the the AD user's adapter entity join was removed in order to allow the adapter entity to rejoin to a different locker record, but now both locker records have the same samaccountname value!) There is no way to initiate removal of this out-of-date attribute data from the locker other than joining the locker to a different adapter entity (which may not be feasible) or performing a complete data reload from scratch (which is time-consuming and an outage). Running a baseline sync on the link does not fix the problem. The attribute values on the entity should be updated appropriately when the join is removed.</p><br/><br/> Adrian Corston replied:<br/><blockquote>Just so I can confirm I understand the problem correctly, you've manually removed a join between a locker entity (L1) and adapter entity (A1) and that adapter entity (A1) has now joined to another locker entity (L2). So your L1 entity now either has no join, or has picked up another join, and L2 is now joined to A1.</blockquote><p>Yes, correct.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-03-30:/communities/6/topics/3953-entity-search-taking-long-time-for-partitions-that-have-a-lot-of-entities/2023-03-30T03:19:56+00:002023-03-30T03:19:56+00:00Entity Search taking long time for partitions that have a lot of entities [ideas] [planned]<p>Hi Guys,</p><p>I've noticed with that latest version of UNIFYBroker v5.3 above that the Entity Search is slow for large partitions (both connectors and adapters that are usually around 300k-400k entities and about 20 or so attributes each record).</p><p>I am aware that some changes have been made to the entity search in recent versions and have raised tickets before about timeout that occur in some cases. I have noticed this occurring in both IIS and self hosted versions. The workaround for this currently is to increase the timeout value, but even when this is increase for larger connectors you can be waiting for 15~20 minutes or longer for the entity search to load. In previous versions of Broker (5.0) the old entity search would load the entities with 5~10 seconds.</p><p>So I'm proposing that the search doesn't necessarily need to be reverted but investigated as to why it take so long and to see if it can be improved. Let me know if you need any information on this, I'm happy to provide any information on environments this is currently affecting.</p><p>Thanks</p><br/><br/> Matthew Davis replied:<br/><p>Hey Hayden,</p><p>We've got this one slated to investigate and improve for the upcoming UNIFYBroker 6.0 release. It looks like it regressed somewhere between 5.1 and 5.3, where the data layer was re-worked to support other database technologies like PostgreSQL. </p><p>It's definitely on our priority list to have a better experience for 6.0 so I'll keep you posted on how it goes. Unfortunately there's been some core dependent technologies deprecated between 5.3 and 6.0 for the data layer, which have resulted in significant changes to how we interact with the database. That means we'll be unlikely to roll a fix back to 5.3 - however given the lifetime left on the version I'm hoping that's not a huge deal.</p>Hayden Grayhttps://voice.unifysolutions.net/users/283-hayden-gray/topics/tag:voice.unifysolutions.net,2023-03-30:/communities/6/topics/4273-change-detection-engine-unscheduled-for-connector-x-failed-with-reason-circular-dependency-detected/2023-03-30T03:09:46+00:002023-03-30T03:09:46+00:00Change detection engine unscheduled for connector X failed with reason Circular dependency detected while attempting to determine base key of A. Current working key: A Process keys: A, B [bugs] [fixed]<p><img src="/s/attachments/17376/6/396/28c738cb09d74d5b565c27e2c74bab39.png"></p><p></p><p>This error is being written to the UNIFYBroker logs in multiple UNIFYConnect environments. I deleted all transforms that referred to those fields, removed references to the fields from links, and then recreated them all, but it didn't stop the error from appearing.</p><br/><br/> Matthew Davis replied:<br/><p>Fix was rolled into latest 5.3.4 release, and will have been rolled out to UNIFYConnect environments.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-03-30:/communities/6/topics/4011-powershell-transformation-recalculation/2023-03-30T03:04:50+00:002023-03-30T03:04:50+00:00PowerShell transformation recalculation [questions] [answered]<p>We have staff details sourced from Oracle table example fields are EmployeeNumber, StartDate and LastUpdated. The requirement is to activate the staff account seven days before the start date. We calculate the AccountStatus in a PowerShell transformation i.e. Active or Inactive based on the StartDate. UNIFYBroker is configured to run full import every hour.</p><p>For example, a new staff member is added into the source system on 20-Dec-2019; and after 20-Dec-2019 the record is not updated in the source system, below is the state. </p><div style="width: 358px; height: 133.8px; margin: 0px;"><div><p></p></div></div><p></p><div><div><div><div><div></div><div></div></div></div></div></div><div><div><div><div><div></div><div><div><div><div title="Protected by Grammarly"> </div></div></div></div></div></div></div></div><table> <tbody><tr> <td> <p><strong>Staff Connector</strong></p> </td> <td> <p><strong>Staff Adapter</strong></p> </td> </tr> <tr> <td> <p>EmployeeNumber = 123456</p><p>StartDate = 2-Jan-2020</p><p>LastUpdated = 20-Dec-2019</p> </td> <td> <p>EmployeeNumber = 123456</p><p>StartDate = 2-Jan-2020</p><p>LastUpdated = 20-Dec-2019</p><p>AccountStatus = <strong>Inactive</strong></p> </td> </tr></tbody></table><p>As per the requirement staff should be enabled on 27-Dec-2019. On 2-Jan-2020 following was the state.</p><div style="width: 358.8px; height: 39.8px; margin: 0px;"><div><div style="height: 1091px; width: 2280px;"><div></div><div></div></div></div></div><div style="width: 358.8px; height: 39.8px; margin: 0px;"><div><div><div></div><div><div><div><div title="Protected by Grammarly"> </div></div></div></div></div></div></div><div><div><div><div></div><div></div></div></div></div><div><div><div><div></div><div><div><div><div title="Protected by Grammarly"> </div></div></div></div></div></div></div><p></p><table> <tbody><tr> <td> <p><strong>Staff Connector</strong></p> </td> <td> <p><strong>Staff Adapter</strong></p> </td> </tr> <tr> <td> <p>EmployeeNumber = 123456</p><p>StartDate = 2-Jan-2020</p><p>LastUpdated = 20-Dec-2019</p> </td> <td> <p>EmployeeNumber = 123456</p><p>StartDate = 2-Jan-2020</p><p>LastUpdated = 20-Dec-2019</p><p>AccountStatus = <strong>Inactive</strong></p> </td> </tr></tbody></table><p>However, when we execute Advanced Operations --> Generate Changes manually AccountStatus was updated to ‘<strong>Active</strong>’.</p><p>It appears that if there is no change to the connector entity the adapter’s PowerShell transformation is not recalculated even on connector's full import. </p><p></p><p>Is there a workaround?<br><br></p><br/><br/> Matthew Davis replied:<br/><p>Powershell transformations now have the ability to register fields with change detection in the latest 5.3 release. </p><p>Information on the capability is available on this ticket, documentation will be updated in the future to include proper usage of this capability:</p><p><a href="https://unifyvoice.userecho.com/communities/6/topics/4238-time-offset-flag-didnt-re-evaluate-when-date-threshold-was-passed">https://unifyvoice.userecho.com/communities/6/topics/4238-time-offset-flag-didnt-re-evaluate-when-date-threshold-was-passed</a></p>Rizwan Ahmedhttps://voice.unifysolutions.net/users/305-rizwan-ahmed/topics/tag:voice.unifysolutions.net,2023-03-30:/communities/5/topics/4326-kb5004442manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414/2023-03-30T02:56:06+00:002023-03-30T02:56:06+00:00KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) [bugs] [not a bug]<p>Microsoft server hardening for DCOM and RPC is now underway with the stage 2 (June 14, 2022) of the <strong>timeline </strong>described in <a href="https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c">KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) (microsoft.com)</a> having just passed.</p><p>At least one customer has reported that the Microsoft Security Update has adversely impacted one or more MIM agents, and have sited the above article as how they have identified the root cause. This customer is now after a patch before stage 3 has elapsed and the stated registry key override setting will no longer work.</p><p>There is now a possibility other UNIFYNow customers who have also installed the same security update(s) are going to also run into similar problems in the coming weeks, and as a result there will need to be a patch developed for all such customers.</p><p>Between now and March 14 2023, the registry change described in the linked article above will allow business continuity for UNIFYNow customers, while advice on the availability of a patch is pending.</p><p>Thanks.</p><p></p><br/><br/> Matthew Davis replied:<br/><p>Closing as no further feedback was provided, and the above date has come and gone without any further reports of the issue.<br>Feel free to re-open the ticket if the issue presents and further details on the behaviour are available.</p>Bob Bradleyhttps://voice.unifysolutions.net/users/284-bob-bradley/topics/tag:voice.unifysolutions.net,2023-03-09:/communities/6/topics/5294-renaming-a-locker-field-results-in-an-item-with-the-same-key-has-already-been-added-ui-error/2023-03-09T05:09:35+00:002023-03-09T05:09:35+00:00Renaming a locker field results in "An item with the same key has already been added" UI error [questions] [answered]<p>I renamed a locker field "HRISEmailAddress" to "EmailAddress" in the UNIFYBroker UI, and this stack dump error appeared:</p><p>System.Exception: Swagger Exception could not be parsed. SE response code: 500; SE response text: {"Message":"An error has occurred.","ExceptionMessage":"'The field EmailAddress could not be added to the schema","ExceptionType":"Unify.Framework.Schema.SchemaException","StackTrace":" at Unify.Framework.Schema.Schema`6.Add(TKey key, TFieldDef value)\r\n at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)\r\n at Unify.Product.IdentityBroker.EntitySchemaFactory.CreateComponent(IEntitySchemaConfiguration factoryInformation)\r\n at Unify.Product.Plus.LockerEngine.GenerateLockerPair(ILockerInformation lockerConfiguration)\r\n at Unify.Product.Plus.LockerEngine.LockerConfigurationChanged(Guid lockerId, Action`1 lockerAction)\r\n at Unify.Product.Plus.LockerEngine.<>c__DisplayClass33_0.<UpdateLockerSchemaRow>b__0()\r\n at Unify.Product.Plus.LockerEngine.<>c__DisplayClass49_0.<ConfigurationChanged>b__0()\r\n at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)\r\n at Unify.Product.Plus.LockerEngineAuditingDecorator.UpdateLockerSchemaRow(Guid lockerId, IEntitySchemaFieldDefinitionConfiguration entitySchemaRowConfiguration)\r\n at Unify.Product.Plus.LockerEngineNotifierDecorator.<>c__DisplayClass25_0.<UpdateLockerSchemaRow>b__0()\r\n at Unify.Framework.Notification.NotifierDecoratorBase.Notify(ITaskNotificationFactory notificationFactory, Action action)\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClassc.<GetExecutor>b__6(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()","InnerException":{"Message":"An error has occurred.","ExceptionMessage":"An item with the same key has already been added.","ExceptionType":"System.ArgumentException","StackTrace":" at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)\r\n at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)\r\n at Unify.Framework.Schema.Schema`6.Add(TKey key, TFieldDef value)"}}; ---> Unify.Framework.Client.SwaggerException: The HTTP status code of the response was not expected (500).</p><p>When I tried to get back to the main locker UI page to select the affected locker and fix my mistake the following error now appears every time:</p><p>System.ArgumentException: An item with the same key has already been added.</p><p>Could you please review the config and fix it so the locker screen works again?</p><p><br></p><br/><br/> Beau Harrison replied:<br/><p>Hi Adrian</p><p>The config hasn't been changed; it's just the in-memory configuration that's in a a bad state. If you have access to the Broker API for that environment you can use the <code>Locker/UpdateLockerSchemaRowName</code> methods to manually change the problematic fields name. This method will need the row id, which can be retrieved using the <code>Locker/GetLockerConfiguration</code> method. Alternatively, restarting the service will reload the still-correct configuration from file.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-03-02:/communities/6/topics/5291-locker-change-not-synchronising-to-outgoing-adapter-entity/2023-03-02T07:24:20+00:002023-03-02T07:24:20+00:00Locker change not synchronising to outgoing adapter entity [bugs] [not a bug]<p>An update to a locker field value is not resulting in a pending outgoing change on to an adapter entity.</p><p>The adapter entity should be joined, but the Remove Joins screen shows a DataTables Error so I can't confirm that.</p><p>Locker Entity Id = c7e8a490-6cfb-4ec1-9067-42906411aed0<br>Adapter Entity Id = 0645e285-577e-4218-afb6-745f1ee08600</p><p>The issue is urgent since the customer's UAT is failing due to this error.</p><br/><br/> Matthew Davis replied:<br/><p>Closing as root cause has been found. </p><p>The locker uses information from the incoming and outgoing mappings and their sources to determine the entities that need syncing during a Changes Sync. </p><p>In this case, the Synchronisation powershell task was being used to read a value from the adapter and inserted into a locker schema field without being mapped in the link schema mappings. In this case, the locker doesn't know that the value has been changed. It was also then being mapped back out to another adapter in the same manner. </p><p>If there's an implementation need to map the items in powershell rather than using the normal mappings (while we would encourage considering why this is necessary), a possible workaround is to map the field through a normal mapping to the locker and back out the other side of the link. That allows the link processing to determine when the value has changed, and correctly queue an outgoing change for this item. </p><p>We've added an item to our backlog to see if there's anything we can add to the product to improve this process - such as being able to better calculate changes that may not have come in through a link mapping, or to allow sync tasks access to pre and post joined value sets so operations can be run on value changes without the script needing to also map the value.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-03-02:/knowledge-bases/7/articles/3423-unifybrokerplus-downloads/2023-03-02T04:53:10+00:002023-03-02T04:53:10+00:00UNIFYBroker/Plus Downloads [news] <p>This page contains all UNIFYBroker/Plus downloads.</p><h3>v5.3</h3><h4>Release</h4><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released</th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBPLUS/son1ipktuiugg4ej2uaxq">UNIFYBroker Plus v5.3.2 RTM.msi</a></td><td>5.3.2.0</td><td>Release</td><td>2023-03-02</td></tr></tbody></table><h3>v5.1</h3><h4>Release</h4><table><thead><tr><th>Download</th><th>Version</th><th>Stage</th><th>Date Released<br></th></tr></thead><tbody><tr><td><a href="https://downloads.unifysolutions.net/D/IDBPLUS/lrsb6out9kcwdpvlbtlt1w">UNIFY Identity Broker Plus v5.1.1 RTM.msi</a></td><td>5.1.1.1</td><td>Release</td><td>2017-11-20</td></tr></tbody></table><br/><br/>suggested by: Adam van VlietAdam van Vliethttps://voice.unifysolutions.net/users/287-adam-van-vliet/topics/tag:voice.unifysolutions.net,2023-03-02:/communities/6/topics/5293-how-to-achieve-continuous-compliance-target-system-value-reversion-at-the-same-time-as-responding/2023-03-02T03:51:42+00:002023-03-02T03:51:42+00:00How to achieve continuous compliance (target system value reversion) at the same time as responding quickly to urgent data updates (e.g. user suspension) [questions] <p>I have a solution with ~7000 managed AD user accounts. To ensure any unauthorised changes to those accounts are reverted (continuous compliance) I run regular Baseline Sync operations on the outgoing link.</p><p>These Baseline Syncs take approximately 25 minutes to run, and during that time no other link synchonisations run. This means urgent updates (such as SPOL user suspension functionality) is delayed.</p><p>What can I do to ensure fast response for urgent operations, while also having continuous compliance with a reasonable turn-around time (i.e. checked every hour or so - keeping in mind that an import all for my AD users only takes around 50 seconds to run).</p><br/><br/>suggested by: Adrian CorstonAdrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-03-02:/communities/6/topics/5292-unifyconnect-ui-shows-datatables-error-for-remove-joins/2023-03-02T03:36:28+00:002023-03-02T03:36:28+00:00UNIFYConnect UI shows DataTables error for Remove Joins [bugs] [duplicate]<p>The Remove Joines screen shows an error when invoked, in all dev/test UNIFYConnect environments.</p><p><img src="/s/attachments/17376/6/396/bf5f3057ca9e1b45dd2e4280fb2abcf6.png"></p><br/><br/> Matthew Davis replied:<br/><p>Already fixed here: </p><p><a href="https://unifyvoice.userecho.com/communities/6/topics/4180-using-remove-joins-to-view-existing-joins-generates-datatables-error-socketexception-the-target">https://unifyvoice.userecho.com/communities/6/topics/4180-using-remove-joins-to-view-existing-joins-generates-datatables-error-socketexception-the-target</a></p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-28:/communities/6/topics/5289-ui-error-adding-a-multivalue-group-transform-in-unifyconnect/2023-02-28T00:07:50+00:002023-02-28T00:07:50+00:00UI error adding a Multivalue Group transform in UNIFYConnect [bugs] [fixed]<p>When I attempt to add a Multivalue Group transform in UNIFYConnect MWIDemo instance the following error appears:</p><p><img src="/s/attachments/17376/6/396/884f42590732f79b02ebc70c9acea178.png"></p><p></p><p>This appears after selecting the connector (AD User).</p><br/><br/> Adrian Corston replied:<br/><p>UI is working correctly now, thanks.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-23:/communities/6/topics/5279-priority-selection-is-disabled-for-relevant-sliding-date-window-on-join-transform/2023-02-23T22:48:34+00:002023-02-23T22:48:34+00:00Priority Selection is disabled for Relevant Sliding Date Window on Join transform [bugs] [not a bug]<p>When the 'Relevant' Sliding Date Window option is chosen the option for Priority Selection is no longer offered. I need to use Relevant to select the best set of Aurion employee placements (i.e. current, else future, else past) but then within the selected set I need to be able to pick an acting position (ActualPlacementType=NONSUBS) in preference to any substantive positions (ActualPlacementType=SUBS). This is crucial for correctly determining the correct current position (and therefore org structure and manager) for a person.<br></p><br/><br/> Matthew Davis replied:<br/>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-23:/communities/6/topics/5281-exclusion-group-not-stopping-connector-importexport-operations-from-running-in-parallel/2023-02-23T22:48:14+00:002023-02-23T22:48:14+00:00Exclusion group not stopping connector import/export operations from running in parallel [bugs] [not a bug]<p>I have three connectors in an exclusion group, and yet imports on one connector in the group can run at the same time as exports on another connector in the group. Exclusion groups should stop this from happening, to avoid two operations (Aurion API calls in this case) from both taking place at the same time.</p><br/><br/> Matthew Davis replied:<br/><p>Hi Adrian,</p><p>Exclusion groups are only capable of blocking for import operations (see <a href="https://voice.unifysolutions.net/knowledge-bases/7/articles/2867-connector-overview">Connector Overview / UNIFYBroker knowledge / UNIFY Solutions</a> for more details). </p><p>Connectors don't control the invocation of the export capability, as this is triggered by external processes (generally an identity management system through a Gateway, or more recently through UNIFYBroker/Plus Link operations). </p><p>Export operations are designed to provide immediate communication with the external system, due to the way Gateways are required to communicate the operation status rather than queuing it for a later execution. </p><p>If you'd like, we can have some discussions about the role an export exclusion capability would play in the UNIFYBroker/Plus ecosystem? It would require careful consideration to ensure we don't impact the correct function of gateways. In an ideal scenario you would line your import and link schedules up so they don't overlap, but I understand this can be difficult in complex configuration scenarios.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-21:/communities/6/topics/5284-adapter-data-not-mapping-to-locker-during-baseline-sync/2023-02-21T21:34:09+00:002023-02-21T21:34:09+00:00Adapter data not mapping to locker during baseline sync [bugs] [under review]<p>Some adapter field data isn't being updated in their locker entity when a baseline sync is run.</p><p>Screen snaps will be in a follow-up comment.</p><br/><br/> Adrian Corston replied:<br/><p>The new code runs in DEV and I validated correct data for a number of test users, but I don't have data in this environment which was showing the problem. I've requested deployment of the patch to PROD so it can be tested (there is no TEST environment for this customer).</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-21:/communities/6/topics/5285-configuration-guidance-required/2023-02-21T06:53:58+00:002023-02-21T06:53:58+00:00Configuration guidance required [questions] [answered]<p>In a UNIFYConnect ABAC solution we use appointment information (i.e. a user's Employee ID, Position, Department, Team, Location and Start Date) along with customer-managed rules in order to determine which access packages the user should be automatically assign to.</p><p>My customer has two sources of appointment information: one is directly on the employee, and the other is via a separate feed of secondary appointments. Each employee has one primary appointment and zero or more secondary appointments.</p><p>In order to combine the appointments into one data source, I use the following paths into the Appointment locker:</p><p>Employee connector/adapter -> link -> Appointment locker<br>Secondary appointment connector/adapter -> link -> Appointment locker</p><p>The employee connector is keyed solely on Employee ID, but the Secondary appointment connector is keyed on Employee ID, Position, Department, Team, Location and Start Date, to guarantee uniqueness.</p><p>On the outgoing side the following path writes the combined Appointments to a CSV file for processing outside of UNIFYBroker:</p><p>Appointment locker -> link -> Appointments CSV connector/adapter</p><p>The Appointments CSV connector is keyed on Employee ID, Position, Department, Team, Location and Start Date, to guarantee uniqueness.</p><p>All links use connection-oriented join resolution.<br></p><p>When an existing Employee connector entity changes Department, Team (etc) the existing Appointment locker record is updated with new values for those fields. For the export to the Appointments CSV connector, this causes a problem because that update is processed as an anchor modification, which is not supported for CSV connector types.<br></p><p>This problem doesn't occur on the Secondary appointments connector, because the multi-part key ensures that changes to any key field results in a delete/add operation instead of an update.</p><p>How can I configure UNIFYBroker to make this scenario work correctly?</p><br/><br/> Beau Harrison replied:<br/><p>Hi Adrian</p><p>Creating a derived key generated from adapter transformations might help.<br></p><p>For the secondary appointment entities, use a PowerShell transformation to generate a unique value based on the Position, Department, Team, Location and Start Date fields that persists their uniqueness quality, but reduces them to a single field. A hash of some kind of their combined values should be sufficient. I'd also add a static prefix for a further uniqueness guarantee. The resulting value may look something like like <code>sec_c9uQNFGLgC</code>.</p><p>On the primary adapter, use a constant value transformation to add a derived key field to differentiate primary appointments from secondary ones. The value set can by anything, but shouldn't be anything that could be generated by the transformation on the secondary appointment adapter, ie: <code>primary_appointment</code>.</p><p>Use the derived key in conjunction with the <em>EmployeeId </em>field for link joins and as key fields on the Appointments CSV connector. This should provide a stable, two-field anchor based on the immutable secondary appointment properties, but not the mutable properties of the primary appointment. <br> </p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-16:/communities/6/topics/5282-unifyconnect-duplicate-account-stops-sync/2023-02-16T05:53:06+00:002023-02-16T05:53:06+00:00UNIFYConnect - Duplicate Account - Stops Sync [bugs] [not a bug]<p>When a manual account creation occurs in AD, Broker's sync stops, and all other changes do not flow. </p><p><strong>Why would this occur: </strong></p><ul><li>A user maybe needed quickly and hence the manual intervention occurs. </li></ul><p>This is causing issues for multiple customers, who are performing this activity and unknowingly breaking the sync and causing an outage on the system. </p><p>Can this be configured so that all changes are not halted? </p><p>Thanks</p><p></p><br/><br/> Matthew Davis replied:<br/><p>If multiple entries were created, then the solution is performing as expected based on the configuration. Broker expects that the defined unique key stays unique according to the data source output. If this key stops being unique, processing will stop to ensure unintended behaviour doesn't happen against the data. </p><p>If supporting duplicates is needed, the solution configuration may need to be modified to support this scenario. Otherwise, some education exercises with the customer may be necessary to assist in this area to avoid the problem reoccurring. </p><p>We've got a backlog item to review some better resiliency around joins and handling duplicates, however this is a large item that involves a significant number of edge cases and is therefore scheduled for investigation before our next major product version release.</p>Dimitra Atkinshttps://voice.unifysolutions.net/users/433-dimitra-atkins/topics/tag:voice.unifysolutions.net,2023-02-15:/communities/6/topics/3825-provide-more-information-in-the-log-file-for-provisioning-task-failures/2023-02-15T07:33:08+00:002023-02-15T07:33:08+00:00Provide more information in the log file for Provisioning Task failures [ideas] [planned]<p>When a provisioning task fails in a Broker Plus Link due to a PowerShell error, the information written doesn't indicate which provisioning task failed, which line the error occurred on, or which entity was being processed.</p><p><img src="/s/attachments/17376/6/348/59f21d16dba232c39b28910850134935.png"></p><p></p><p>It would be <em>extremely </em>helpful for debugging to know which provisioning task is the source of the error and which line is executing when the error occurs.</p><p>It would also be helpful to know which entity is being processed, but given that the PowerShell script loops over objects internally this information is not automatically available to the calling engine. In order to help with this I suggest adding a function which allows the PowerShell script to (optionally) indicate when it starts and finishes processing an entity, in order to allow Broker to include that information in the log entry.<br><br>i.e.<br></p><pre>foreach ($joinedEntity in $joinedEntities)<br>{<br> # Tell Broker which entity we're working on $personNumber = $SourceEntity["PersonNumber"].Value<br> $username = $SourceEntity["sAMUsername"].Value<br> $logger.setIdentifier("Person $personNumber ($username)")<br><br> # Process the entity $isTerminated = $joinedEntity.SourceEntity["Terminated"].Value<br> $joinedEntity.TargetEntity["isTerminated"] = $isTerminated -eq "True"<br> # Tell Broker we're finished processing the entity<br> $logger.resetIdentifier()<br>} </pre><br/><br/> Beau Harrison replied:<br/><p>Provisioning tasks certainly <strong>can</strong> iterate over entities, however my point was that script writers are not limited to just that. An action may be performed as part of a provisioning task script that isn't directly related to specific entities, or related to a group of the entities, or not related to the entities at all.</p><p>When I said "limited number of scenarios" I was referring to the range of what is possible, which the logger component is designed to facilitate, rather than how common a scenario is. <br></p><p></p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-13:/communities/6/topics/4198-changes-register-item-process-on-failed-failed-with-reason-value-cannot-be-null-error-after/2023-02-13T06:16:25+00:002023-02-13T06:16:25+00:00"Changes register item process on failed / failed with reason Value cannot be null." error after [bugs] [fixed]<p>UNIFYBroker/Plus importing AD Users into a locker. The 'member' field is locker-to-adapter mapped. When I change the member field value in AD and run an Import All on the AD users connector, the following error is logged:</p><p>20210118,04:24:11,UNIFYBroker,Change detection engine,Error,"Changes register item processing on failed.<br>Parameter name: collection. Duration: 00:00:00.0139980<br>Error details:<br>Parameter name: collection. Duration: 00:00:00.0139980<br>Error details:<br>System.ArgumentNullException: Value cannot be null.<br>Parameter name: collection<br> at System.Collections.Generic.HashSet`1..ctor(IEnumerable`1 collection, IEqualityComparer`1 comparer)<br> at Unify.Product.IdentityBroker.MultiRelationalTransformationContribution.GetChangedMultiValues(IEntityPair entityPair, Boolean relevantFieldsChanged)<br> at System.Linq.Enumerable.d__23`3.MoveNext()<br> at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()<br> at System.Linq.Buffer`1..ctor(IEnumerable`1 source)<br> at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)<br> at Unify.Product.IdentityBroker.EntityPartitionPostgreSqlContextBase`3.GetEntitiesByFieldValues(TEntityKey field, IEnumerable`1 values)<br> at Unify.Product.IdentityBroker.MultiRelationalTransformationContribution.d__25.MoveNext()<br> at System.Linq.Enumerable.d__17`2.MoveNext()<br> at System.Linq.Enumerable.d__17`2.MoveNext()<br> at System.Linq.Enumerable.d__64`1.MoveNext()<br> at System.Linq.Buffer`1..ctor(IEnumerable`1 source)<br> at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)<br> at Unify.Product.IdentityBroker.ChainedTransformationChangeProcessor.PublishChange(IEntityPair[] changedEntityPairs, DateTime changeProcessTime, ICollection`1 changeRecords)<br> at Unify.Product.IdentityBroker.ChainedTransformationChangeProcessor.ProcessChangeReport(IDictionaryTwoPassDifferenceReport`4 changesReport, DateTime changeProcessTime)<br> at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)<br> at Unify.Product.IdentityBroker.ChangeReportProcessor.ProcessCurrentReport(IEnumerable`1 adapterTransformationProcessors, IDictionaryTwoPassDifferenceReport`4 differenceReport, DateTime changeTime)<br> at Unify.Product.IdentityBroker.ChangeReportProcessor.CreateAndProcessReport[T](ITransformationChangeProcessor[] adapterTransformationProcessors, ICollection`1 sourceEnumerable, DateTime changeTime, HashSet`1 invalidEntities, Action`2 addAction, Func`3 addCheck)<br> at Unify.Product.IdentityBroker.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request)",Normal</p><p>This is not urgent, just noting it here for completeness. I don't believe it will impact the solution I'm currently working on.</p><p>See also: <a href="https://voice.unifysolutions.net/en/communities/6/topics/57-import-all-entitiesfrom-connector-workday-employee-failed-with-reason-value-cannot-be-null">https://voice.unifysolutions.net/en/communities/6/topics/57-import-all-entitiesfrom-connector-workday-employee-failed-with-reason-value-cannot-be-null</a> for the same error message - ticket closed but it may be that the underlying issue was not identified or fixed.</p><br/><br/> Matthew Davis replied:<br/><p>The fix for this has been included in the latest UNIFYBroker 5.3 release.</p>Adrian Corstonhttps://voice.unifysolutions.net/users/396-adrian-corston/topics/tag:voice.unifysolutions.net,2023-02-13:/communities/6/topics/4353-error-when-creating-or-editing-multivalued-group-transformation-on-adapter/2023-02-13T06:12:15+00:002023-02-13T06:12:15+00:00Error When Creating or Editing Multivalued Group Transformation on Adapter [bugs] [fixed]<p>I get the following error either when creating a new multivalued group transform or when editing one that already exists. It occurs after you hit save on the Pick Connector screen. </p><p><img src="/s/attachments/17376/6/296/320587425453c5106ceba32e48289502.png"></p><br/><br/> Matthew Davis replied:<br/>Tom Parkerhttps://voice.unifysolutions.net/users/296-tom-parker/topics/