none
Problems driving FIM cmdlets invoked from powershell which is called by a Custom Activity RRS feed

  • Question

  • We have a Custom Activity which basically unpacks the request and invokes a powershell script.

    So far we have had few problems, the PS script invoked runs well. Capturing the output is crude but basically it does the job.

    However, when we try to run the export-fimconfig and import-fimconfig cmdlets I get hit by an immediate problem on the export-fimconfig call.

    An error is thrown and all I can really make out of it is "This operation is not supported for a relative URI"

    huh?

    I am running on FIM server. it fails whether I use http://localhost:5725/ResourceManagementService or http://fqn:5725/ResourceManagementService

    All is fine from within a Powershell shell so I believe my script is OK.

    What gives?

    HH

    Thursday, September 13, 2012 5:58 PM

Answers

  • You have to change resourceManagementServiceBaseAddress in Microsoft.ResourceManagement.Service.exe.config to a full URL, not only "localhost" but https://localhost:5725 or whatever hostname is specified there from the beginning.

    See last answer here: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/295fc491-ffc8-4e02-b923-43af1c3aef1d

    //Henrik


    Henrik Nilsson, Forefront Identity Manager MVP Blog Twitter

    Thursday, September 13, 2012 8:08 PM
  • On Fri, 14 Sep 2012 06:32:18 +0000, HaroldHare wrote:

    Well..I saw that reply and I couldnt believe my eyes.


    We are using FIM2010 R2 RTM - the latest version with all hotfixes applied.

    Now let's get this straight. I follow the install FIM software instructions and it installs and configures itself OK. We use FIM no problems until we need to use the FIM cmdlets inside an activity.

    But, to be allowed to do this we have to... RECONFIGURE FIM!

    Now either the installation configuration of FIM is not OK or what is suggested is a kludge. What worries me greatly is what may break after I hack this Microsoft.ResourceManagement.Service.exe config file, wherever it is. Surely other processes care what URL is defined there.

    This is neither a kludge nor a hack, and considering that the solution in
    question was posted by a member of the product group, and marked as the
    correct answer by another member of the product group, you can assume that
    it will work, and won't break anything else.

    There are any number of products that require registry modifications and/or
    configuration file changes to support specific scenarios. Just because a
    default install does not handle all possible scenarios does not mean that
    there is a problem with the install. There's a reason that the registry and
    .config files are exposed.

    The bottom line here is that if you want to do what you're attempting to
    do, then you're going to have to make the configuration change that the
    product team is telling you to make.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    If God had intended Man to program, we would be born with serial I/O
    ports.

    Saturday, September 15, 2012 10:27 AM

All replies

  • You have to change resourceManagementServiceBaseAddress in Microsoft.ResourceManagement.Service.exe.config to a full URL, not only "localhost" but https://localhost:5725 or whatever hostname is specified there from the beginning.

    See last answer here: http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/295fc491-ffc8-4e02-b923-43af1c3aef1d

    //Henrik


    Henrik Nilsson, Forefront Identity Manager MVP Blog Twitter

    Thursday, September 13, 2012 8:08 PM
  • Well..I saw that reply and I couldnt believe my eyes.

    We are using FIM2010 R2 RTM - the latest version with all hotfixes applied.

    Now let's get this straight. I follow the install FIM software instructions and it installs and configures itself OK. We use FIM no problems until we need to use the FIM cmdlets inside an activity.

    But, to be allowed to do this we have to... RECONFIGURE FIM!

    Now either the installation configuration of FIM is not OK or what is suggested is a kludge. What worries me greatly is what may break after I hack this Microsoft.ResourceManagement.Service.exe config file, wherever it is. Surely other processes care what URL is defined there.

    Friday, September 14, 2012 6:32 AM
  • HH,

    To start with there's no OOB workflow activity for running Powershell cmdlets, that is something you've downloaded and configured, right!? Secondly, I've been running with this configuration without problems and since the solution is given by Billy Kwan, a member of the FIM development team it's probably supported and safe to use but you should of course try it out in your dev/test environments before using it in production as always!

    //Henrik

     

    Henrik Nilsson, Forefront Identity Manager MVP Blog Twitter

    Friday, September 14, 2012 5:43 PM
  • On Fri, 14 Sep 2012 06:32:18 +0000, HaroldHare wrote:

    Well..I saw that reply and I couldnt believe my eyes.


    We are using FIM2010 R2 RTM - the latest version with all hotfixes applied.

    Now let's get this straight. I follow the install FIM software instructions and it installs and configures itself OK. We use FIM no problems until we need to use the FIM cmdlets inside an activity.

    But, to be allowed to do this we have to... RECONFIGURE FIM!

    Now either the installation configuration of FIM is not OK or what is suggested is a kludge. What worries me greatly is what may break after I hack this Microsoft.ResourceManagement.Service.exe config file, wherever it is. Surely other processes care what URL is defined there.

    This is neither a kludge nor a hack, and considering that the solution in
    question was posted by a member of the product group, and marked as the
    correct answer by another member of the product group, you can assume that
    it will work, and won't break anything else.

    There are any number of products that require registry modifications and/or
    configuration file changes to support specific scenarios. Just because a
    default install does not handle all possible scenarios does not mean that
    there is a problem with the install. There's a reason that the registry and
    .config files are exposed.

    The bottom line here is that if you want to do what you're attempting to
    do, then you're going to have to make the configuration change that the
    product team is telling you to make.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    If God had intended Man to program, we would be born with serial I/O
    ports.

    Saturday, September 15, 2012 10:27 AM
  • I admit that if I have to run the FIM cmdlets: export-fimconfig and import-fimconfig from within a custom activity then I have to reconfigure my system to suit them. That is the bottom line. I stand corrected if I thought that changing the set up may interfere with other FIM processes, obviously that isnt so.

    These FIM cmdlets are too useful not to be able to be called from an Action Workflow. The only way I can see of making an Action Workflow behave like a "work" "flow" and support conditional branching etc.. is to replace the series of dumb activities one falling through onto the next by a single intelligent PS script.

    Sunday, September 16, 2012 5:32 PM
  • You're right there's a limitation to create a workflow in FIM's Workflow Designer with conditional branching but you could use Visual Studio to create your workflows with a lot of nice activities that allows for that and with with better performance than calling a PS script. You can even create the workflow without using code (unless you have reasons to fall back on .Net code) in the more advanced designer available in Visual Studio. When done just copy and paste the resulting Xoml/Xaml (xml) into your FIM Workflow.

    //Henrik


    Henrik Nilsson, Forefront Identity Manager MVP Blog Twitter

    Sunday, September 16, 2012 8:31 PM