FIM 2010 R2: sync-rule-invalid-xml-attribute-flow and unable to update FIM Service ma/mv data


I spend several hours on a dev stage FIM 2010 R2 Server at a customer which was throwing the following error on synchronizations mainly of the FIM MA:

<sync-rule-invalid-xml-attribute-flow>

SyncError1

Not really usefull, right?
Also there where no further information in eventlog or anything else.

That error shows up on all objects I sync regardless which MA I’m running.

I tried the things that I found when searching the internet, like this:

  • Just do a reboot of the FIM Server (should resolv the issue sometimes on FIM R2)
  • Re-Apply the latest hotfix again
  • Try to revert some of the latest modifications on sync rules
  • Try multiple Full Imports and Full Syncs
  • Try to update Schema on FIM Service and other MAs
  • Try to force re-create of ma/mv data in Portal by re-entering password of FIMMA account (should trigger re-create of that data)

But when doing the last step I got the following error in eventlog:

A update on the configuration of a MA or MV failed to replicate to a target connector directory that is capable  of storing MA/MV configurations.  As a result, the MA/MV configuration data in this connector directory is not up to date.  Please correct the condition that causes the error, and triggers a resync by updating the password information of the target MA.

Additional information:
Error Code: 0x80230020
Error Message: (Management agent encountered an error exporting to the connected directory.)
Operation: Clean up MAs
Name of the MA to replicate:
Guid of the MA to replicate:
Name of the target MA: FIMPortal
Guid of the target MA: {86082421-96B4-4888-8F21-C37F8CAA9CBE}

Searching for that error on the internet I tried so follwing solution:

  • Switch .NET Framework Versions in miiserver.exe.config (an old resolving of that issue)

But that did not resolve the issue.

So my FIM deployment seems to completly broken, since this is only a dev where no regular sync are running, I decided to revert to an old backup. (Yes I even backup dev stage 😉 )

So I start with one day earlier but that did not help and go back further until I find only one of those “sync-rule-invalid-xml-attribute-flow” error on only one object. Looking at it I find out that there is some mismatch on the datatype of an attribute with existing attribute flow.

I flowed a Boolean to an MA but when checking the MA the attribute is a String there.
I remember that I refreshed the Schema on that file-based MA some days before, and for any reason the attribute switched from Boolean to String.
But only on that MA,  on the same MAs in Test and Prod everything went fine.

So I switched back to my original backup and correct that issue in the file MA by switching the attribute from String to Boolean, and FIM starts to working smoothly.

If you ever get that issue, try to identify if there is any mismatch in attribute flow, which could be a hard work since the error message is not helping you on that.

Advertisements

About Peter Stapf
Senior Consultant Identity and Access MVP (Enterprise Mobility)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: