none
Can FIM send provisioning errors in email to administrator? RRS feed

  • Question

  • Wondering if FIM can send email notifications of provisioning errors? Does an admin really have to log in daily to check the FIM Synch Service Manager for errors? I see that it throws an error into the event log, but just states how many records had errors, not the specific records or details on those errors. Is there any way to do this so emails could go out to our Helpdesk or FIM Administrators for certain MA provisioning errors?

    Thanks!

    Wednesday, August 24, 2016 3:58 PM

All replies

  • Hello,

    FIM Sync is not able to send emails on its own - emails are being sent by FIMService. And FIMService don't know about the errors in FIMSync. So FIM itself won't be able to do so.

    But you can have any "maintenance" software like System Center suite to fetch logs from Event Logs and based on that - send the email.

    You can also use powershell to check event log and send you an email if it would find specific items in event log. (there is Get-EventLog cmdlet). And you can schedule such powershell script to be run daily...


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Thursday, August 25, 2016 6:48 AM
  • To add to Dominick's comment.

    If you are using classical rules provisioning (Which I like), then you can. You can add a try/catch and email the failure, something like this.

     

     #region exception
                catch (Exception e)
                {
                     if (!Utils.InPreviewMode)
                    {
                        if (ADMIN_EMAIL_FLAG.ToUpper().Equals("ON"))
                        {
                           
          //Your code      
                sendMail(FROM_EMAIL,  FIM_ADMIN_EMAIL_ARRY, "Provisioning Failed ", " Provisioning to AD Failed for user :"+user+ ", First Name:"+FirstName+", Last Name: "+LastName +" Error :"+e.toString());
                        }

                    }

                }
                 #endregion exception
            }
            #endregion PROV_USER_TO_AD

    Email function

    #region email
            //Method used to send SMTP emails
            public static bool sendMail(string fromEmail, string[] toEmail, string subject, string body)
            {
                bool emailStatus = true;
                try
                {
                    SmtpClient client = new SmtpClient(SMTP_SERVER, SMTP_PORT);  //Set SMRP and PORT

                    //Set User ID and Password. A user ID and password of someone with permissions to the AD\Exchange
                    client.Credentials = new NetworkCredential(SMTP_USER, SMTP_USER_PASS);

                    using (MailMessage msg = new MailMessage())  //initiate new mail
                    {
                        msg.From = new MailAddress(fromEmail);  //set the email address of the sender
                        msg.Subject = subject;                  //set the subject of the email
                        msg.Body = body;                        //set the body of the email

                        for (int i = 0; i < toEmail.Length; i++)
                        {
                            msg.To.Add(new MailAddress(toEmail[i])); //set recipients email
                        }

                        //send mail
                        client.Send(msg);  //send
                    }
                }
                catch (Exception exSMTP)
                {
                    emailStatus = false;
                    LogMessage(DateTime.Now.ToString(), " - An Error occured while sending email to [" + toEmail + "]  with subject [ " + subject + "] " + exSMTP.ToString(), LOG_FILE_NAME);

                }
                return emailStatus;
            }

            #endregion email


    Nosh Mernacaj, Identity Management Specialist




    Thursday, August 25, 2016 3:47 PM
  • Note that this won't necessarily catch every error that you see in the Sync Service Manager. There are a good number of possibilities that would happen outside of a rules extension.

    Another option is to have your scheduling script unwind the results from an MA run and then put that in to either an Event Log event for a monitoring tool to pickup, or email those more detailed results to you.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Thursday, August 25, 2016 10:45 PM
    Moderator
  • Dominik - 

    Thank you for the reply.  Do you know if there is a way to get more detailed messaging into the Event log? For example, it currently only states something like 'There were 9 provisioning errors for Management Agent X'.... Is there a way to get the details of each error into the logs? Or is there any advanced logging in FIM Sync that I could possibly write something to read from?

    Wednesday, August 31, 2016 4:27 PM
  • Thank you Nosh - I will look into this.
    Wednesday, August 31, 2016 4:28 PM
  • Dominik - 

    Thank you for the reply.  Do you know if there is a way to get more detailed messaging into the Event log? For example, it currently only states something like 'There were 9 provisioning errors for Management Agent X'.... Is there a way to get the details of each error into the logs? Or is there any advanced logging in FIM Sync that I could possibly write something to read from?

    You can also use WMI to get the results of a management agent run.

    Thanks,

    Paul

    Wednesday, September 7, 2016 12:50 PM