none
WBEMTEST Returns no results with domain and account but three results with mvguid RRS feed

  • Question

  • Hi,

    In our development environment, password resets have stopped working.

    The log file says that the "Password Reset Activity could not find Mv record for user."

    Searching based on that error, I checked all the WMI configurations and ran WBEMTEST wit the FIM Service account.

    The query returns no results with I search with this:

    "SELECT * FROM MIIS_CSObject WHERE (Domain='Dev' and Account='JonesD')"

    But I get three results when I search with this:

    "SELECT * FROM MIIS_CSObject WHERE mvguid='{1DA04649-18AA-BD1B-005056A30072}'"

    The account his the account name and domain populated in the metaverse.

    If anyone has any guidance on this, I'd appreciate any help.

    Many thanks,

    Sami

    EDIT: I should mention that I also checked for the following:

    - the ADMA account name is not more than 16 characters

    - I've refreshed the schema on the ADMA

    - when I do a query with the mvguid, the ADMA connector has the domain and account attributes

    • Edited by SamiVV Friday, March 14, 2014 1:24 PM
    Thursday, March 13, 2014 3:20 PM

Answers

  • OK Sami - I hadn't looked at WMI for ages, but found that when I tried all of the sample queries listed here: MIIS_CSObject Class I too could only get the query returning any results when I searched by the guid OR by the DN/MAGuid combo (Select * from MIIS_CSObject where DN='...' and MaGuid='...').  I can't explain why though - perhaps queries by Domain and Account are no longer supported?  Either way it seems that either the doco is out of date or there is now a broken part of the WMI ...

    P.S. not having read the WMI reference for a while I was obviously completely wrong with my comments about querying the MV ... these 2 properties (account and domain) are special properties of the CS of an AD MA only.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Marked as answer by SamiVV Monday, March 17, 2014 1:17 PM
    Monday, March 17, 2014 3:33 AM

All replies

  • Search for this object in Metaverse and check if it has a AD and FIM connector present for it.

    Regards


    shakti

    Friday, March 14, 2014 10:33 AM
  • Hi Shakti,

    Thank you for your reply.

    It does have the FIM and AD connectors. And it has the domain and account name attributes.

    Thanks,

    Sami

    Friday, March 14, 2014 1:01 PM
  • Sami - the reason your query doesn't work is that it is trying to query the connector space filtering on metaverse attributes.

    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    Friday, March 14, 2014 1:19 PM
  • Hi Bob,

    The first query is one I got from the log file when the password reset failed. The long version is:

    SELECT * FROM MIIS_CSObject WHERE (Domain='FIMDEV' AND Account='JonesD') or (FullyQualifiedDomain='FIMDEV' AND Account='JonesD') or (Domain='FIMDEV' AND UserPrincipalName='JonesD') or (FullyQualifiedDomain='FIMDEV' AND UserPrincipalName='JonesD')

    Is that not the expected syntax?

    Thank you for your help!

    Sami

    Friday, March 14, 2014 4:50 PM
  • OK Sami - I hadn't looked at WMI for ages, but found that when I tried all of the sample queries listed here: MIIS_CSObject Class I too could only get the query returning any results when I searched by the guid OR by the DN/MAGuid combo (Select * from MIIS_CSObject where DN='...' and MaGuid='...').  I can't explain why though - perhaps queries by Domain and Account are no longer supported?  Either way it seems that either the doco is out of date or there is now a broken part of the WMI ...

    P.S. not having read the WMI reference for a while I was obviously completely wrong with my comments about querying the MV ... these 2 properties (account and domain) are special properties of the CS of an AD MA only.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Marked as answer by SamiVV Monday, March 17, 2014 1:17 PM
    Monday, March 17, 2014 3:33 AM
  • Thank you, Bob! That lets me know that I can try looking in another place to figure out what is up.

    I appreciate it.

    Thanks,

    Sami

    Monday, March 17, 2014 12:24 PM
  • I know this is old, but I thought I would share if others suffer the same pain I had this evening.  This same error (Password Reset Activity could not find Mv record for user.) also occurs when the AD MA account is locked out.

    Keith

    Tuesday, January 24, 2017 3:41 AM