none
BHOLD provisioning question - Users/Accounts are not showing RRS feed

  • Question

  • Hi,

    I created MAs for BHOLD Core DB fimOrgunit, FIMEmployee and tblObjects tables. I exported bunch of records but they are not appearing in BHOLD core website users / Accounts Link. The Technet documentation says it will take few minutes to sync the records from the staging tables to BHOLD Core internal tables via the Provisioning services. but even after a day, i couldn't see the records. I verified thh services [BFPC and BFSS] and they are up and running.

    Please advise what would i need to check?

    Appreciate your help.

    Thursday, January 3, 2013 6:32 PM

Answers

  • I re-installed the FIM Provisioning and integration module, and given the BHOLD root user for the FIM and BHOLD connectivity. this user has admin rights on BHOLD core, FIM Sync and FIM portal. Because the technet document is not clearly saying about the FIM account permissions [what level of permissions on FIMSync and FIM portal]. so i gave this user with FIM Sync and FIM Portal admin rights.And, This time it worked. all my org units and users were moved to BHOLD core DB and visible in the portal. 

    Also, i ensured the SPN (HTTP) is added for that root account on the hostname. some how, the SPN on CNAME didn't work for me.

    in my scenario, I have FIM portal and bhold core on the same machine.

    • Edited by Prakaaz Monday, January 7, 2013 8:36 PM
    • Marked as answer by Prakaaz Monday, January 7, 2013 8:36 PM
    Monday, January 7, 2013 8:33 PM

All replies

  • As far as I know you need at least one ROOT Organizational Unit to be created manually in BHOLD, the users will only be created under an organizational unit.

    Thursday, January 3, 2013 8:38 PM
  • Hi, I have already created the parent root Org unit manually before initiating the export. i exported few org units with the parentID orgunit. the exported org units also not appearing under organizational units. 

    I installed BHOLD core on the FIM portal server. And as per the MS technet, i have different CNAMEs from the host name and SPN is setup for the BHOLD Core service account. so i believe there should'nt be any authentication issues between BFPC and Bhold core website. not sure what else needs to be verified.

    Thursday, January 3, 2013 10:09 PM
  • Did you install FIM Integration module? Installing this will create a few registry keys that BFSS and BFPC depends on. You should be able to change a registry key to enable logging under HKLM\SOFTWARE\Wow6432Node\bhold\b1Core. I'm not sure that changing these is supported but by setting LogLevel to Verbose it should give you a little more insight to what is going on (logs are in C:\Temp per default)

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt


    Friday, January 4, 2013 7:40 AM
  • As Soren says, check out the BHOLD logs - especially BFSS.log. Post the results here and we'll take a look. If you haven't done already check out the step-by-step guide on my blog: http://www.davenesbitt.com/dim

    You could try manually adding Org Units to FIMOrgUnit - if this doesn't work then the issue is with BFSS or the data.

    My org unit table looks like this. Try manually creating yours to be the same and see if BFSS works


    Dave Nesbitt | Architect | Oxford Computer Group

    Friday, January 4, 2013 10:51 AM
  • Hi,

    I'm getting the below error. I have SPN on target service HTTP/CNAME for the BHOLD core account. but not on the hostname as it is being used by FIMService account. will this create any issue? Please advise.

    12:27:54 PM : <functions><function name='AttributeTypeSetAdd' Description='User Attributes' return='@ID@' /><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='4' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='1' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='2' Description='User Attributes' /><function name='ObjectTypeAddAttributeTypeSet' ObjectTypeID='3' AttributeTypeSetID='@ID@' Order='10' Visible='0' /></functions>

    12:27:57 PM : error while executing script:<functions><function name='AttributeTypeSetAdd' Description='User Attributes' return='@ID@' /><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='4' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='1' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='2' Description='User Attributes' /><function name='ObjectTypeAddAttributeTypeSet' ObjectTypeID='3' AttributeTypeSetID='@ID@' Order='10' Visible='0' /></functions>
    12:27:57 PM : error:The request failed with HTTP status 401: Unauthorized.
    12:27:57 PM : stack trace:   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at BholdSvrProxy.BHOLDsvc.B1ScriptService.Execute(String script)
       at BholdSvrProxy.BHOLDproxy.Execute(String script)
       at BFSS.BFSS.DoScript(String sScript)
    12:27:57 PM : 0 - The request failed with HTTP status 401: Unauthorized.

    I removed the HTTP/hostname for fimservice SPN, and added for BHOLD core account,[for testing],  now am getting the below error

    1:49:37 PM : <functions><function name='AttributeTypeSetAdd' Description='User Attributes' return='@ID@' /><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='4' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='1' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='2' Description='User Attributes' /><function name='ObjectTypeAddAttributeTypeSet' ObjectTypeID='3' AttributeTypeSetID='@ID@' Order='10' Visible='0' /></functions>
    1:49:39 PM : <error number="-1" description="msg_username_unknown" source="ScriptProcessor:InitializeByAlias" target="Void RaiseError(System.Exception)" user="AMAT\FIMADManager"><stackTrace>   at bscript.bholdCommon.RaiseError(Exception ex) in D:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\Core\include\bholdCommon.vb:line 251
       at bscript.bholdCommon.RaiseError(Int32&amp; vlErrorNumber, String&amp; vsSource, String&amp; vsErrorText) in D:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\Core\include\bholdCommon.vb:line 236
       at bscript.ScriptProcessor.InitializeByAlias(String vsAlias, String vsApplicationID) in D:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\Core\bscript.NET\ScriptProcessor.vb:line 155
       at B1.B1ScriptService.Execute(String script)</stackTrace></error>
    1:49:39 PM : error while executing script:<functions><function name='AttributeTypeSetAdd' Description='User Attributes' return='@ID@' /><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='4' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='1' Description='User Attributes'/><function name='AttributeTypeSetTranslation' AttributeTypeSetID='@ID@' LanguageID='2' Description='User Attributes' /><function name='ObjectTypeAddAttributeTypeSet' ObjectTypeID='3' AttributeTypeSetID='@ID@' Order='10' Visible='0' /></functions>
    1:49:39 PM : error:Application-defined or object-defined error.
    1:49:39 PM : stack trace:   at Microsoft.VisualBasic.ErrObject.Raise(Int32 Number, Object Source, Object Description, Object HelpFile, Object HelpContext)
       at BFSS.BFSS.DoScript(String sScript)
    1:49:39 PM : 0 - Application-defined or object-defined error.

    • Edited by Prakaaz Friday, January 4, 2013 7:53 PM
    Friday, January 4, 2013 7:28 PM
  • I re-installed the FIM Provisioning and integration module, and given the BHOLD root user for the FIM and BHOLD connectivity. this user has admin rights on BHOLD core, FIM Sync and FIM portal. Because the technet document is not clearly saying about the FIM account permissions [what level of permissions on FIMSync and FIM portal]. so i gave this user with FIM Sync and FIM Portal admin rights.And, This time it worked. all my org units and users were moved to BHOLD core DB and visible in the portal. 

    Also, i ensured the SPN (HTTP) is added for that root account on the hostname. some how, the SPN on CNAME didn't work for me.

    in my scenario, I have FIM portal and bhold core on the same machine.

    • Edited by Prakaaz Monday, January 7, 2013 8:36 PM
    • Marked as answer by Prakaaz Monday, January 7, 2013 8:36 PM
    Monday, January 7, 2013 8:33 PM