We had a FIM Portal with 6 Sync Rules working. The Sync Rules were using existing MAs.
We wanted to test a DR process, so we exported all the MAs, and deleted them.
We then reimported exactly the same MAs, and most of the Run Profiles were fine, except the FIM Portal ones which failed with: sync-rule-validation-parsing-error (6 errors, 1 per Sync Rule).
On closer inspection of the Sync Rules this is the error message we found in the Portal (next to the Sync Rule entry):
The referenced Management Agent has been deleted. Please delete this Synchronization Rule, update the external system field or re-import the deleted Management Agent.
Well, we did the last recommendation - we re-imported the deleted Management Agent - but the FIM Portal doesnt seem to be aware of this...how come?
PS. If this process doesnt work, how is one meant to migrate the FIM Portal and MAs from a lab environment to production?
- 已编辑 S.Kwan 2012年5月25日 8:19
The 'normal' scenario is that you first create (or import) the management agent in the sync engine. After that, you should import the synchronization rules in the FIM portal. As to my knowledge, there is no scenario for re-enabling the sync rule when it is in this state.
The scenario for migration from lab to production would be just that: create a back-up of your fim sync-engine configuration and create a backup of the policy rules. In production you should import the sync engine configuration first and then import the policy rules in the portal.
Does this answer your question?
Pieter de Loos - Consultant at Traxion (http://www.traxion.com) http://fimfacts.wordpress.com/
2012年5月25日 15:02You can also update the sync rule manually within the portal if i am not mistaken if the management agents is lost somewhere, not sure what went wrong in your scenario but the management agents are all linked to GUID's so somehow the GUID is different i think.
Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!
2012年5月25日 15:45Try re-entering the credentials of your FIM MA - this will recreate the ma-data and mv-data in your FIM portal to match the latest definitions, and if there's an inconsistency then your sync rule page should show this up clearly afterwards.
Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine
If I recall correctly it is a difference when exporting individual MA and when exporting server configuration.
Importing an individual MA will create a new GUID for it and the Sync Rule needs to be re-mapped.
Importing Server configuration the MA keep the original GUID, making the Sync Rule mapping continue to work.
I once did a PS script to re-map the sync rules but seems to have it in a very secure location ;-)
You might also see if those ma config items are in the FIM portal. I had a situation where no matter what we did, the sync config wouldn't come over. All the usual tricks failed and PSS had to go in and do some magic. It was a config migration from dev to a clean prod install. Never had the problem on any other system, just this once - and I move lots of configs around.
Frank C. Drewes III - Architect - Oxford Computer Group
Agreed, it is possible to import and re-import the same individual MA from its XML version again and again, and it will receive a new GUID every time, including the first time. I would absolutely expect this to break stuff in the FIM Service + Portal.
The official disaster recovery plan for FIM is to recover the FIMSynchronizationService and FIMService databases at a consistent point in time--mucking about with individual MAs is not going to get the right effect.
Thank you everyone.
The error message in the Portal next to the Sync Rule is:
(The referenced Management Agent has been deleted. Please delete this Synchronization Rule, update the external system field or re-import the deleted Management Agent)
Its just a little bit deceptive that's all. If you import one MA at a time, you get a new GUID, which leads to the problems above. Looks like we will need to 'Import Server Configuration' to resolve this issue.
- 已编辑 S.Kwan 2012年5月28日 3:32
2012年9月7日 12:38I've run into this issue once in a while when moving config between servers. I have created a powershell script that will update the invalid MA references on the sync rules, which seem to work. I have uploaded it to the FIM scriptbox, feel free to try it out.
FIM architect - Crayon AS - www.crayon.com
2012年9月26日 12:08Thank you everyone.