none
Approval workflow error when creating a new custom entity in FIM 2010 R2 RRS feed

  • Question

  • Hello,

    i'm hoping somebody here can help, me i've been struggling with this for some time now. On a fresh FIM installation i create a custom entity named "Role" and add a few custom attributes.

    I then create an approval workflow and MPR for normal users to create entities of type Role, but another user must approve this request. The other user has a working mailbox - i've tried firing an action workflow that sends a mail notification when someone creates a new role and it is working fine. But, when i enable my approval workflow (the only field i changed from default is the approver) on the MPR, the workflow always failes with the message:

    Error processing your request: The operation was rejected because of access control policies.
    Reason: The server workflow rejected the operation.
    Attributes:
    Correlation Id: 750a558a-d3e4-4216-b16a-e76d79f011ec
    Request Id: feaabbc9-dea4-49a3-8b29-65b77de6f8fd
    Details: The Workflow Instance '04202cc0-14a3-410c-a3fc-2d6e5d25ebe6' encountered an internal error during processing. Contact your system administrator for more information.

     I enabled tracing and this is what i found:

    Microsoft.ResourceManagement Verbose: 0 : Creating WorkflowServiceHost for XOML Definition:\n<ns0:SequentialWorkflow ActorId="00000000-0000-0000-0000-000000000000" RequestId="00000000-0000-0000-0000-000000000000" x:Name="SequentialWorkflow" TargetId="00000000-0000-0000-0000-000000000000" WorkflowDefinitionId="00000000-0000-0000-0000-000000000000" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/workflow" xmlns:ns1="clr-namespace:System.Workflow.Activities;Assembly=System.WorkflowServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856
        ThreadId=8
        DateTime=2013-09-04T15:17:10.0496188Z
    Microsoft.ResourceManagement Information: 1 : 1 :  : Invalid Element 'ReceiveActivity.WorkflowServiceAttributes' found while deserializing an object of type 'Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity'.
        ThreadId=8
        DateTime=2013-09-04T15:17:10.1277486Z
    Microsoft.ResourceManagement Information: 1 : 1 :  : Invalid data found while deserializing an object of type 'Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity'.
        ThreadId=8
        DateTime=2013-09-04T15:17:10.1277486Z
    Microsoft.ResourceManagement Verbose: 0 : A WorkflowRuntime is not available for this WorkflowDefinitionVersionKey '20'.
        ThreadId=8
        DateTime=2013-09-04T15:17:10.1277486Z
    Microsoft.ResourceManagement Error: 3 : Workflow host activation failed for workflow definition id : 231457c6-d044-4cc7-839f-98e5cf88f514, version key: 20. Exception: Object reference not set to an instance of an object.   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition, Boolean suspendWorkflowStartupAndTimerOperations)
       at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()
        ThreadId=8
        DateTime=2013-09-04T15:17:10.1277486Z
    Microsoft.ResourceManagement Information: 1 : The service has updated the list of active hosted workflow definitions to sequence number '1'.

    This happened on two separate FIM deployments, but both of them were set up in the same way. What am i missing here?

    Thank you,

    Martin

    Wednesday, September 4, 2013 4:31 PM

All replies

  • I would also look at the FIM Request details, you can usually find good troubleshooting detail on the WorkflowInstance object's RequestStatusDetail attribute.  You can find it from the failed request:

    From the Request in the FIM Portal, click Advanced then Extended Attributes.  Scroll down to the AuthorizationWorkflowInstances and click on the link (it will bring up another object, the WorkflowInstance object).  On that object, check the RequestStatusDetail attribute, it should have a stack trace from the offending workflow.

    (typed most of those details from memory, I should follow-up later with a script version)


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    Thursday, September 5, 2013 4:26 AM
  • Hi I have similar error.

    In my requestStatusDetail there is something like that:

    EXCEPTION DATA\r\n\r\nMESSAGE: Object reference not set to an instance of an object.\r\n\r\n**METHOD:Microsoft.ResourceManagement.Workflow.Hosting.ResourceManagementWorkflowServiceHost ActivateHost(Microsoft.ResourceManagement.Data.ResourceManagementWorkflowDefinition, Boolean)\r\n\r\n**METHOD:Void StartWorkflowInstance(System.Guid, System.Collections.Generic.KeyValuePair`2[System.String,System.Object][])\r\n\r\n


    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    Saturday, January 4, 2014 9:59 PM
  • (...) What am i missing here? (...) - Sharepoint 2013 and probable bug in FIM related to it. Check this thread for workaround and resolution:

    http://social.technet.microsoft.com/Forums/en-US/1b76672d-1276-4c71-b9fc-5bb1fcb36877/event-id-3-with-approval-activity?forum=ilm2



    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Proposed as answer by Borys Majewski Sunday, January 5, 2014 3:50 PM
    Sunday, January 5, 2014 12:01 AM
  • Borys, check this thread: http://social.technet.microsoft.com/Forums/en-US/1b76672d-1276-4c71-b9fc-5bb1fcb36877/event-id-3-with-approval-activity?forum=ilm2

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Proposed as answer by Borys Majewski Sunday, January 5, 2014 3:50 PM
    Sunday, January 5, 2014 12:02 AM
  • I'm using Sharepoint 2013 :-). FIM build 4.1.3479. And most probably it is the same bug.

    I was testing it on standard workflow for groups (Owner Approval). It was working, then I added next approval step to it and it stopped working, then I removed that step but it didn't start to work again.

    Your workaround worked :-)

    Did you managed to submit it as a bug?

    Thanks

    Borys

    p.s. Now where I can re-claim 2 lost days on this :)?


    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    Sunday, January 5, 2014 3:49 PM
  • (...) p.s. Now where I can re-claim 2 lost days on this :)? (...)

    Will send you and invoice for saved time ;)


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Sunday, January 5, 2014 9:55 PM
  • Good point. We can use saved time for some beer ;-)

    If you count all the time you saved - you could save sombody life already ...

    Thanks

    Borys


    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    Sunday, January 5, 2014 11:48 PM