none
AD stopped-server caused by permission-issue ... need help RRS feed

  • Question

  • Dear all, I have an AD problem after upgrading to FIM 2010 R2 SP1 and patching the product to 4.1.3599.0. Currently we cannot export to AD because we got stopped-server with following error message in EventLog:

    "BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(8254): 0x80230404 (The operation failed because the attribute cannot be found)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\shared\entry\tower.cpp(3989): 0x80004005 (Unspecified error)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\shared\entry\tower.cpp(12133): 0x80004005 (Unspecified error)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sqlstore\csobj.cpp(1833): 0x80004005 (Unspecified error)
    BAIL: MMS(10216): d:\bt\37281\private\source\miis\server\sync\expcall.cpp(905): 0x80004005 (Unspecified error)
    ERR_: MMS(10216): d:\bt\37281\private\source\miis\server\sync\expbase.cpp(2957): PutAnchorWithDnInternal failed on CS object {249C6AC4-5DCB-4A7C-8AC8-D7F3CF7C437C} with 0x80004005 (pass 1 of 5)
    Forefront Identity Manager 4.1.3599.0"

    The second error found in EventLog directly after the first one is:
    The management agent controller encountered an unexpected error.

     "BAIL: MMS(8628): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(10408): 0x8007007a (The data area passed to a system call is too small.)
    BAIL: MMS(8628): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(5032): 0x8007007a (The data area passed to a system call is too small.)
    BAIL: MMS(8628): d:\bt\37281\private\source\miis\cntrler\cntrler.cpp(3722): 0x8007007a (The data area passed to a system call is too small.)
    ERR_: MMS(8628): d:\bt\37281\private\source\miis\shared\utils\libutils.cpp(10613): Unusual error code reported 0x8007007a
    Forefront Identity Manager 4.1.3599.0"

    After searching in the FIM DB we have found the mentioned object_id and this is a group. There is permission issue, so the error message.
    But the user have all permissions in AD, so it could not be the problem.
    After DIDS and one more Export there is no more stopped-server and the error message is now "dn-attributes-failure".
    It is also very strange, that we cannot see import updates by doing FI!
    We also found that the problem occurs when adding/removing user in an AD security group(add or remove member in the group object).

    Does anybody had same/similar problems and knows any solution?
    Thanks a lot!

    Kind regards
    Stoyan

    Wednesday, April 22, 2015 12:20 PM

All replies

  • Seen this issue with my step up.

    Was done in any other environment ? like test ? or this is test ?

    For me , test was fine but issues were in prod and AD was major impact. so comparing all Dlls versions (should be updated to latest).

    Found that on prod some of the DLL were not updated to latest FIM version. Replace them with test or install source resolved the issue.


    AdiKumar

    Thursday, April 23, 2015 12:19 PM