none
MIM 2016 Synchronization troubleshooting RRS feed

  • Question

  • Hi!

    I’m asking help to troubleshoot problems with MIM Synchronization.

    I have created MIM MA and AD MA agents and Synchronization inbound/outbound rule for users on portal.

    After running MA I can’t see my users on MIM portal.

    Can anybody say how to troubleshoot such issues?

    Thanks!


    1

    Friday, June 3, 2016 10:30 AM

Answers

  • You need to fix the DN. There should be a comma before the "DC".

    Nosh Mernacaj, Identity Management Specialist

    • Marked as answer by alexiszp Thursday, June 9, 2016 9:35 AM
    Tuesday, June 7, 2016 1:46 PM

All replies

  • Provided you have don't everything right, You need to run the following,

    Full Import on AD MA

    Full Sync on AD MA

    Export on FIM MA


    Nosh Mernacaj, Identity Management Specialist

    Friday, June 3, 2016 1:12 PM
  • Yes, i did it.

    When I made a search in Metaverse users are in, but I can't see them on portal.


    1

    Friday, June 3, 2016 1:42 PM
  • So look at the run history tab under the export to FIM MA, I bet you, you have some errors.  I am suspecting the Synchronization Account does not have the rights to create objects in FIM Portal. So, you need to follow the instructions to grant access in FIM Portal.

    Nosh Mernacaj, Identity Management Specialist

    Friday, June 3, 2016 1:53 PM
  • I have made installation and configuration with using this guides:

    https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/install-mim-sync-ad-service

    https://technet.microsoft.com/en-us/library/jj150428%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396#create_AD

    After starting run profiles I can't see any errors.

    And, of course, checkbox at MIM Portal to create objects is ticked.


    1


    • Edited by alexiszp Monday, June 6, 2016 2:49 PM
    Monday, June 6, 2016 2:48 PM
  • Did you do as I said?

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 6, 2016 2:51 PM
  • I checked and see a error:

    MIM MA Agent:

    Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD User Inbound/Outbound Sync'. Details: Object reference not set to an instance of an object.
       at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)


    1

    Monday, June 6, 2016 3:09 PM
  • No this is not what I asked you. This is from FIM Portal.  I want you to go to FIM Synchronization Service (Green Client) and Look under Operations Tab.  There are the all the jobs that ran.  I need you to look for Export to FIM MA.  There will be errors. Paste one of them.

    Nosh Mernacaj, Identity Management Specialist

    Monday, June 6, 2016 3:11 PM
  • This message was from "Green Client" :)

    I deleted and created again MA, now I can see users in MIM Portal, but Synchronization Service shows two errors at FIM MA Full Sync Run profile job.

    Screenshots are attached.


    1




    • Edited by alexiszp Tuesday, June 7, 2016 10:54 AM
    Tuesday, June 7, 2016 10:48 AM
  • That is the built in account which you should filter it in FIM MA so it is not managed.

    Nosh Mernacaj, Identity Management Specialist

    Tuesday, June 7, 2016 11:22 AM
  • ILM Sync was filtered and error was gone, but how to be with Administration account?

    I have 1 Administrator in AD and also 1 Administrator in MIM Portal.

    It's a test enviroment, but I'm interesting what to do if this problem will be in production?

    Thanks for help!


    1

    Tuesday, June 7, 2016 11:31 AM
  • Also I can see a problem with provisioning users from MIM to AD:


    1

    Tuesday, June 7, 2016 12:18 PM
  • You need to fix the DN. There should be a comma before the "DC".

    Nosh Mernacaj, Identity Management Specialist

    • Marked as answer by alexiszp Thursday, June 9, 2016 9:35 AM
    Tuesday, June 7, 2016 1:46 PM
  • Very big thanks!

    That works.

    Now will try to deal with another features. :)


    1

    Thursday, June 9, 2016 9:36 AM
  • You are very welcome!

    Nosh Mernacaj, Identity Management Specialist

    Thursday, June 9, 2016 10:07 AM