none
Unable to create criteria-based membership sets in FIM 2010 RRS feed

  • Question

  • Hello,

    I am trying to create a new set that should contain the objects of a new resource type. I need this set in order to configure the MPR to allow the administrators to create, modify etc the objects of this type. I follow the normal steps of creating a criteria-based membership set, but in the end I get the message: "Failed to process the request: Unknown Error". This is happening every time I try to create criteria-based membership sets. I have created before this kind of set but now I don't know why I am unable.

    Thank You

    Wednesday, August 15, 2012 3:23 PM

Answers

  • Thank you for the updates. We were unable to resolve the problem so we had to re-install two components: FIM Synchronization Service and FIM Portal. Now we can create criteria-based sets and security groups but we lost all the configurations in FIM portal and Sync Service :( 

    Monday, August 20, 2012 9:58 AM

All replies

  • Have you added any new attributes you are trying to use in your criteria as members of the necessary admin/non-admin filter attribute collection?  I presume you created your "All xxx objects" set OK for your grants-rights MPR ... you may also want to restart IIS and your FIM service.

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using Event Broker 3.0 for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Wednesday, August 15, 2012 11:12 PM
  • Thank You Bob,

    I am not using any attribute in the criteria. The configuration is just: "Select object type that match all the following conditions:" and there is no condition. After I click submit, I get the message "Failed to process the request: Unknown error". The same happens with the creation of security group with criteria-based membership. I tried also to apply in the criteria an attribute of the new object type (this attribute is in the admin filter attribute collection) but the problem is the same. I have noticed that I am also unable to add a new condition to existing criteria-based sets and security groups. I guess that smth is not working with the FIM database. I read this post http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/aaab8020-3587-4268-81d0-b287611bc912/ which seems to have the same problem, I added the Select permission to the fim_service_write database role for all the tables and views of FIMService, but nothing, the same message, the same problem. Any idea for this?

     

    Thursday, August 16, 2012 7:53 AM
  • Have you checked the Event Viewer (there's a separate log for FIM)? Might be some information there.
    Thursday, August 16, 2012 12:28 PM
  • Thank you for the updates. We were unable to resolve the problem so we had to re-install two components: FIM Synchronization Service and FIM Portal. Now we can create criteria-based sets and security groups but we lost all the configurations in FIM portal and Sync Service :( 

    Monday, August 20, 2012 9:58 AM
  • I the future, you can export the configurations before re-installing. The synchronization server contains an "Export Configuration" option and there are PowerShell scripts to export the FIM Service configuration.

    http://technet.microsoft.com/en-us/library/ff400275(v=ws.10)

    Thanks,

    Sami

    Monday, August 20, 2012 11:58 AM