Error Creating Criteria-based security group in FIM 2010 R2 SP1 RRS feed

  • Question

  • I have a security group I created in AD. It flows all the way into the portal just fine, just like my other security groups. This one group I want to make criteria-based. I go to the portal and change the member selection to Criteria-Based. I change the members to be based on the OfficeLocation attribute. I click OK then submit and immediately  I get an error message, so I doubt it's a time out, the other thing I noticed If I go and "Search Requests" and All From Today, the requested change to the group does not exist

    Here is the error in the portal after clicking submit:
    Error processing your request: The server was unwilling to perform the requested operation.
    Reason: Unspecified.
    Correlation Id: 01acb001-99f4-4bd6-9579-de42b6562b7b
    Request Id:
    Details: Request could not be dispatched.

    The error in the Windows Application Event log at the same time is:

    The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly.

    The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.

    Ensure the portal configuration is present and points to the resource management service.

    Which makes no sense since the portal is working, I can make a change to a random user or change another attribute of a group and it flows back just fine.

    Any ideas on what may be causing this?

    Thanks in advance!


    • Edited by jmanley WI Friday, June 21, 2013 6:15 PM
    Friday, June 21, 2013 6:12 PM

All replies

  • Hi Jonathan

    Go to advance view of security groups and remove all the members from member test box and then try to add the criteria.



    Saturday, June 22, 2013 8:12 AM
  • I tried this using the following steps:

    1) In the portal I click on Security Groups, search, find my group, click on the display name to edit, Advanced View button, extended attributes tab, cleared the Manually-Managed Members text box, Clicked the Normal View button, changed member selection to Criteria-Based, clicked on members tab, added officelocation clicked OK then Submit.  ** Didn't work **

    2) I followed this one twice, the first time I added my OfficeLocation for the criteria, the second time I cleared the criteria so it would add All User objects to the security group, neither one worked. Here are the steps I took:

    Searched for and brought my group up, advanced view button, extended attributes ->cleared the manually managed membership, clicked ok and submit, This did clear the membership. Went back into the group, Normal Mode, changed Member Selection to Criteria the first time I did my OfficeLocation criteria, the second time I just cleared the criteria so it would add all of the user objects to the group, neither one worked.

    All 3 attempts gave me the same error message in the portal

    I turned on tracing for the FIM Service and looked at the service trace logs and found:

    Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

    The message 2 before that error had this XPATH query:

    XPathDialectParser.ParseXPathExpression.Exit(/Group[ObjectID = '9fb44e6b-0da0-48bb-8b94-ed43bcf1f3f3'])

    I checked the group in a MetaVerse Search in the FIM Client and that ObjectID does match the CSObjectID attribute from the FIM MA however it does not match the Uniquie Identifier at the top of the screen. See screen shot:

    Which one is it supposed to match to?

    Any one have a guess on what I've done wrong? I would guess it's a configuration setting that I've messed up some where.

    • Edited by jmanley WI Saturday, June 22, 2013 5:19 PM Found more information
    Saturday, June 22, 2013 5:08 PM