none
no-start-ma when using MS connector for Web Services RRS feed

  • Question

  • Hello,

    We’ve installed the FIM 2010 R2 Synchronization Service (SP1) in Windows Server 2012 (64 bit) machine.

    We've successfully configured the AD MA and it runs successfully. But we have some problem to run the web service MA.

    First, we had problem with Web Services Configuration Tool, so we had to add Microsoft.MetadirectoryServicesEx.dll from earlier version.

    For this web service MA we use a simple custom web service. We've configured a very basic workflow in Web Services Configuration Tool.

    But whenever we run the web service MA, its status is "no-start-ma". The errors:

    The management agent controller encountered an unexpected error.

    "ERR_: MMS(2720): d:\bt\2172\private\source\miis\shared\utils\libutils.cpp(10018): Failed to start run because of undiagnosed MA error Forefront Identity Manager 4.1.3114.0"

    The management agent "myTestWebService" failed on run profile "Full Import" because of an unspecified management agent error.

    Additional Information

    %3

    What we've tried:

    -restart the server

    -restart the synch service (after stop it could not start up, so we had to restore the machine to it's earlier state)

    -schema refresh

    -run only one operation in Run Profile

    -remove logging

    -run in separate process

    Any help on this?


    • Edited by freadomfee Thursday, April 11, 2013 10:53 AM
    Thursday, April 11, 2013 10:51 AM

Answers

  • There is something wrong with the WSDL, where are you getting this from? or have you defined it yourself somewhere.

    I would suggest you create a .NET application and call the WebService from there the following code segment might help you out.

    Add the webservice in the Project and name it FIM_WEB_SERVICE

    and use the following code, if you get a similar error while doing this, there is definitely something wrong with your webservice.

     

    var binding = new BasicHttpBinding();
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
                binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
                binding.MaxReceivedMessageSize = int.MaxValue;
    
                binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
    
                var address = new EndpointAddress("http://<your_end_point_address>");
    
                System.ServiceModel.Channels.HttpsTransportBindingElement transport = new System.ServiceModel.Channels.HttpsTransportBindingElement();
                transport.AuthenticationScheme = AuthenticationSchemes.Basic;
                //transport.ProxyAuthenticationScheme = AuthenticationSchemes.Basic;
                transport.Realm = "<your REALM>"; you will get this in the exception of authentication you can skip it too
                transport.KeepAliveEnabled = false;
    
                FIM_WEB_SERVICE.SERVICE_Client client = new FIM_WEB_SERVICE.SERVICE_Client(binding, address);
    
                client.ClientCredentials.UserName.UserName = "<username>"; // The Username
                client.ClientCredentials.UserName.Password = "<password>"; // The Password

    Regards Furqan Asghar


    • Edited by Furqan Asghar Thursday, April 18, 2013 6:10 PM
    • Marked as answer by freadomfee Thursday, May 2, 2013 7:49 AM
    Thursday, April 18, 2013 6:09 PM

All replies

  • Longshot, but I've had this fix weirdness with the web services ma when working with Oracle EBS.

    I made a change to the miiserver.exe.config file.

    I added after the <runtime> tag the following:

    < disableStackOverflowProbing enabled="true"/>

    No idea if that's going to help you at all, but thought I'd share.

    Thursday, April 11, 2013 5:17 PM
  • Thanx for sharing this suggestion, but unfortunately it did not have any affect.

    Any other possible solutions to this problem?

    Friday, April 12, 2013 7:31 AM
  • You need the latest version of FIM Connector for WebServices 5.0.601.0

    You can download from the following link

    http://www.microsoft.com/en-us/download/details.aspx?id=29944

    Then open your MA Properties and type in the password again in the Global Parameters section, click on every sections one by one just to Load the Settings.

    Then do a refresh schema, that should solve the problem.



    Regards Furqan Asghar

    Friday, April 12, 2013 6:25 PM
  • Hello,

    thanx for another suggestion. But as we analized the log file under "C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions" we found that the problem may be related to the workflow itself. The WSDL of our web service is as following:

    <?xml version="1.0" encoding="UTF-8"?>
    <wsdl:definitions xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" 
    				  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" 
    				  xmlns:tns="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:s="http://www.w3.org/2001/XMLSchema" 
    				  xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" 
    				  targetNamespace="http://tempuri.org/">
    	<wsdl:types>
    		<s:schema targetNamespace="http://tempuri.org/" elementFormDefault="qualified">
    			<s:element name="GetList">
    				<s:complexType>
    					<s:sequence>
    						<s:element name="prefixText" type="s:string" minOccurs="0" maxOccurs="1"/>
    					</s:sequence>
    				</s:complexType>
    			</s:element> 
    			<s:element name="GetListResponse">
    				<s:complexType>
    					<s:sequence>
    						<s:element name="User" type="tns:UserType" minOccurs="0" maxOccurs="1"/>
    					</s:sequence>
    				</s:complexType>
    			</s:element> 
    			<s:complexType name="UserType">
    				<s:sequence>
    					<s:element name="No" type="s:string" minOccurs="0" maxOccurs="unbounded" nillable="true"/>
    					<s:element name="Name" type="s:string" minOccurs="0" maxOccurs="unbounded" nillable="true"/>
    					<s:element name="Surname" type="s:string" minOccurs="0" maxOccurs="unbounded" nillable="true"/>
    					<s:element name="Position" type="s:string" minOccurs="0" maxOccurs="unbounded" nillable="true"/>
    				</s:sequence>
    			</s:complexType> 
    		</s:schema>
    	</wsdl:types> 
    	<wsdl:message name="GetListSoapOut">
    		<wsdl:part name="parameters" element="tns:GetListResponse"> </wsdl:part>
    	</wsdl:message> 
    	<wsdl:message name="GetListSoapIn">
    		<wsdl:part name="parameters" element="tns:GetList"> </wsdl:part>
    	</wsdl:message> 
    	<wsdl:portType name="TestSoap">
    		<wsdl:operation name="GetList">
    			<wsdl:input message="tns:GetListSoapIn"> </wsdl:input>
    			<wsdl:output message="tns:GetListSoapOut"> </wsdl:output>
    		</wsdl:operation> 
    	</wsdl:portType> 
    	<wsdl:binding name="TestSoap" type="tns:TestSoap">
    		<soap:binding transport="http://schemas.xmlsoap.org/soap/http"/> 
    		<wsdl:operation name="GetList">
    			<soap:operation style="document" soapAction="http://tempuri.org/GetList"/> -<wsdl:input>
    				<soap:body use="literal"/>
    			</wsdl:input> 
    			<wsdl:output>
    				<soap:body use="literal"/>
    			</wsdl:output>
    		</wsdl:operation> 
    	</wsdl:binding> 
    	<wsdl:service name="Test">
    		<wsdl:port name="TestSoap" binding="tns:TestSoap">
    			<soap:address location="http://servername:port/mockTestSoap"/>
    		</wsdl:port>
    	</wsdl:service>
    </wsdl:definitions>

    A fragment of our workflow:

    The foreach element has an expression: if(result.item, Enumerable.Empty(Of UserType)()).ToArray()

    But it shows an error in workflow designer: Type 'UserType' is not defined.

    In log file we get such error:

    2013-04-18T10:32:25 [3456:1352] Error   - "onlyUserObWebService" - Failed to open import connection.
    --------- Outer Exception Data ---------
    Message: Workflow type FullImport for object type User is invalid , the validation error is : The private implementation of activity '1: DynamicActivity' has the following validation error:   Value should be of type String 
    Exception root Exception type: Microsoft.MetadirectoryServices.EntryPointNotImplementedException
    Source: Microsoft.IdentityManagement.MA.WebServices
    Stack Trace:    at Microsoft.IdentityManagement.MA.WebServices.ImportStrategy.CreateImportEntryPoint(Schema types, OperationType operationType)
       at Microsoft.IdentityManagement.MA.WebServices.ImportStrategy.OpenImportConnection(KeyedCollection`2 configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
       at Microsoft.IdentityManagement.MA.WebServices.WSMA.OpenImportConnection(KeyedCollection`2 configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
    Target Site: CreateImportEntryPoint

    How should we iterate over elements in vb expression?

    Thursday, April 18, 2013 8:48 AM
  • There is something wrong with the WSDL, where are you getting this from? or have you defined it yourself somewhere.

    I would suggest you create a .NET application and call the WebService from there the following code segment might help you out.

    Add the webservice in the Project and name it FIM_WEB_SERVICE

    and use the following code, if you get a similar error while doing this, there is definitely something wrong with your webservice.

     

    var binding = new BasicHttpBinding();
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
                binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
                binding.MaxReceivedMessageSize = int.MaxValue;
    
                binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
    
                var address = new EndpointAddress("http://<your_end_point_address>");
    
                System.ServiceModel.Channels.HttpsTransportBindingElement transport = new System.ServiceModel.Channels.HttpsTransportBindingElement();
                transport.AuthenticationScheme = AuthenticationSchemes.Basic;
                //transport.ProxyAuthenticationScheme = AuthenticationSchemes.Basic;
                transport.Realm = "<your REALM>"; you will get this in the exception of authentication you can skip it too
                transport.KeepAliveEnabled = false;
    
                FIM_WEB_SERVICE.SERVICE_Client client = new FIM_WEB_SERVICE.SERVICE_Client(binding, address);
    
                client.ClientCredentials.UserName.UserName = "<username>"; // The Username
                client.ClientCredentials.UserName.Password = "<password>"; // The Password

    Regards Furqan Asghar


    • Edited by Furqan Asghar Thursday, April 18, 2013 6:10 PM
    • Marked as answer by freadomfee Thursday, May 2, 2013 7:49 AM
    Thursday, April 18, 2013 6:09 PM
  • Thanks for the direction.

    We've corrected the WSDL and tested the web service in Visual Studio. It returns what we want.

    We've also adapted the changes to the workflow in Web Service Configuration Tool, the designer still shows some errors but the same ones exist in MS SAP project, so I guess I shouldn’t bother about them:

    Type 'UserType' is not defined. (In ForEach and other subsequent elements)

    Operation is not valid due to the current state of the object (In WebServiceCall element Parameters section when a variable is defined for the parameter)

    In log file I see the same error as before and I have no clue where does it point to:

    2013-04-23T15:53:42 [3524:3848] Error - "onlyUserObWebService" - Failed to open import connection.
    --------- Outer Exception Data ---------
    Message: Workflow type FullImport for object type User is invalid , the validation error is : The private implementation of activity '1: DynamicActivity' has the following validation error: Value should be of type String
    Exception root Exception type: Microsoft.MetadirectoryServices.EntryPointNotImplementedException
    Source: Microsoft.IdentityManagement.MA.WebServices
    Stack Trace: at Microsoft.IdentityManagement.MA.WebServices.ImportStrategy.CreateImportEntryPoint(Schema types, OperationType operationType)
    at Microsoft.IdentityManagement.MA.WebServices.ImportStrategy.OpenImportConnection(KeyedCollection`2 configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
    at Microsoft.IdentityManagement.MA.WebServices.WSMA.OpenImportConnection(KeyedCollection`2 configParameters, Schema types, OpenImportConnectionRunStep importRunStep)
    Target Site: CreateImportEntryPoint

    In Synchronization Service Manager I see the same error: “no-start-ma”

    What is more, the Web Service Configuration Tool is crashing from time to time, even though we've changed the required Microsoft.MetadirectoryServicesEx.dll.

    Any help on this issue would be greatly appreciated.



    • Edited by freadomfee Friday, April 26, 2013 9:32 AM
    Tuesday, April 23, 2013 1:23 PM
  • I finally managed to run the workflow successfully. Only after opening the *.wsconfig project couple of times it showed me where it wants a string value (even though the web service returns all string values somehow it still needed the AnchorValue to have a .ToString() conversion).

     
    Thursday, May 2, 2013 7:49 AM