Next major release of FIM in the first half of calendar year 2015

The next full release of FIM will be delivered as part of Microsoft’s identity and access management product roadmap, which includes both on-premises investments and those we are making in Windows Azure Active Directory and related cloud services.

The investment areas for this next major release of FIM will include:

  • Hybrid scenarios with Windows Azure AD
  • User & Access Management
  • Audit & Compliance

Microsoft remains committed to delivering the identity and access capabilities offered in FIM (identity and access management).

We will share more details on specific features and functionality as we get closer to the release date.

 

SOURCE : Technet

 

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

fim synchronization service event id 6313

This error took me some time to solve because the default solution didn’t work. The error tells us that performance counters are unable to load. The event logs in my FIM2010R2 synchronization server were filling up quickly. The errors were appearing while running any of my management agents.

Event ID:      6313
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      syncserver.
Description:

The server encountered an unexpected error creating performance counters for management agent “Active Directory MA”. Performance counters will not be available for this management agent

Continue reading

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

Free user provisioning tool at the technet gallery

(Contributed by Denny from zohno.com)

New User Provisioning App for AD, Lync, Exchange and Office 365

When an administrator is in the final stages of a Lync deployment, he must enable the entire organization for Lync. Presumably, he will bulk enable current Lync users by piping get-CSaduser PowerShell command into the enable-CSuser command. But what about the new hires? Currently, there are only two ways he would approach this: either manually enable Lync users from the Lync control panel or enable Lync users via PowerShell. The problem with these two methods is the likeliness of inconsistency in accounts created. For example, in an organization with several administrators, if Admin X chooses to enable voice chat for users, while Admin Y does not, the lack of a standard can cause maintenance or troubleshooting nightmares when user problems occur and an administrator discovers that each user has varying enabled features.

Consistent users

It is essential that an organization conform to standards to ensure that each and every account is consistent. With many attributes available for different aspect of IT systems, this section can be easily overlooked during the process of creating new accounts. At the very least, an administrator should keep the following consistent: Conferencing policy, External access policy, and Registrar pool.

Continue reading

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

LDIFDE : Failed on line 1. The last token starts with ‘ï’.

When running an ldif import you see the error message :

Connecting to “localhost”
Logging in as current user using SSPI
Importing directory from file “TestUser.ldif”
Loading entries.
There is a syntax error in the input file
Failed on line 1. The last token starts with ‘ï’.
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please specify the log file path via the -j option.

The file was saved in the UNICODE format, and ldifde likes UTF-8 more. What you have to do is open the file in notepad in save it in the UTF-8 format or use the parameter -u to tell ldifde to use unicode. You can do this by clicking the encoding drop-down-box. Run ldifde again, and see if it run’s correctly.

utf8

 

 

 

 

 

 

 

 

 

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

FIM 2010 R2 – A timeout was reached (30000 milliseconds) while waiting for the Forefront Identity Manager Service service to connect.

After installing windows updates the forefront identity manager service didn’t start anymore. In the eventviewer this error was seen :

Log Name:      System
Source:        Service Control Manager
Event ID:      7009
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      fim2010r2srv.exchangedude.com Description:
A timeout was reached (30000 milliseconds) while waiting for the Forefront Identity Manager Service service to connect.

It is a timeout issue. If you raise the service time-out of the ServicesPipeTimeout value to 60000 seconds, the service will start. (example in this topic )But offcourse this will solve the symptom, and is not a real solution. The real problem is the .net framework. The framework wants to check the CLR list on internet, but the server is not connected to the internet. The solution is disabling the CLR check in the Microsoft.ResourceManagement.Service.exe.config file.

Disable the .NET CLR Authenticode check for the FIM service :

  1. Go to C:\Program Files\Microsoft Forefront Identity Manager\2010\Service
  2. Make a backup copy of the existing Microsoft.ResourceManagement.Service.exe.config file.
  3. Using a text editor open Microsoft.ResourceManagement.Service.exe.config
  4. Right after the <runtime> section in the file add the following entry. <generatePublisherEvidence enabled=”false”/>
  5. Save the Microsoft.ResourceManagement.Service.exe.config file.
  6. Start the FIM Service.

More information about troubleshooting FIM service startup issues can be found in this nice technet article FIM Troubleshooting: FIM Service Start-up Timeout

 

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

WSUS: Unexpected error when choosing “All Updates” view

Ive got a strange and annoying problem with WSUS.

All the views I have created work fine, but the “All Updates” view which is a standard part of WSUS desn’t work, MMC crashes and reports:

Error: Unexpected error

An unexpected error occured. Please contact your system administrator if the problem persists.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

This is the error :

System.ArgumentOutOfRangeException — Value of ‘-4,29159’ is not valid for ‘FillWeight’. ‘FillWeight’ must be greater than 0.

Parameter name: FillWeight

Source

System.Windows.Forms

Stack Trace:

   at System.Windows.Forms.DataGridViewColumn.set_FillWeight(Single value)

   at Microsoft.UpdateServices.UI.SnapIn.Pages.BaseListPage.GetColumnHeader(Column column)

   at Microsoft.UpdateServices.UI.SnapIn.Pages.BaseListPage.PopulateColumnHeaders(List`1 columns)

   at Microsoft.UpdateServices.UI.SnapIn.Pages.BaseListPage.PopulateColumns()

   at Microsoft.UpdateServices.UI.SnapIn.Pages.BaseListPage.RefreshScope()

   at Microsoft.UpdateServices.UI.SnapIn.Pages.BaseListPage.Initialize(FormView thisScope)

The solution is :

  • Open the IIS console
  • Expand Web Sites and right-clicked on Default Web Site and selected properties
  • Click on the ASP.NET tab and change the version from 1.1.4322 to 2.0.50727 and clicked OK
  • Open a cmd prompt and cd’d to: %windir%\Microsoft.net\framework\v2.0.50727
  • Run aspnet_regiis –I
  • Run iisreset /restart
  • Important! : Navigate to %appdata%\microsoft\mmc, and delete the wsus file

 

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.

Error 0x80070520 “A specified logon session does not exist” when binding a certifate in IIS 7

I had a problem when using a certificate ( for ADFS) on IIS 7. This certificate once been used on IIS 6 and TMG 2010 server and it works fine. This means there is no problem with the certificate itself.

To reproduce the steps :

  • Open the IIS MMC
  • open the Site Bindings
  • add a HTTPS binding
  • Select this certificate from the certificates drop down list, and click OK. Then you get the follow error:

A specified logon session does not exist. It may already have been terminated.

(Exception from HRESULT: 0x80070520)

In my case, the solution is :

  • remove the certificate from IIS
  • Import the certificate using the Certificates MMC snap-in
  • Choose the correct certificate in IIS manager

 

Disclaimer : The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided.