MIM Portal: regular user access and unable to process your request

Getting the error „Unable to process your request“, is a common issue a lot of people are facing when accessing the FIM/MIM portal a regular user.

There are a lot of forums discussions and blog posts around that issue and how to solve it.

However, I think I found another reason why that issue can occur even if that will not be a common scenario for most people but still worth to write about it in my opinion.

Read more of this post

Advertisements

MIM Workflow Activity Library (MIMWAL) public available on GitHub

Just some days ago I saw this announcement in the FIM/MIM technet forum

The MIMWAL is a Workflow Activity Library (WAL) for building complex workflows in the Microsoft Identity Manager (MIM) 2016 and Forefront Identity Manager (FIM) 2010 R2 solution.

The WAL is a powerful solution accelerator for MIM / FIM that provides foundational activities which can be combined to create complex workflows to implement business processes within a MIM / FIM solution simply by configuration instead of coding for days and months.

MIMWAL Features

  • Building-block Workflow Activities
  • Conditional Execution Capability for Building-block Activities
  • Support for Iteration Over a Collection of Values in Building-block Activities
  • Deep Resolution Capability for FIM Lookup Grammar
  • Rich Library of Workflow Functions
  • UI Framework for Building Additional Custom Workflow Activities
  • Support for ETW Event Tracing
  • Optimization of Update Requests
    • Combining multiple updates into a single request per resource per activity
    • Issuing update request only when resource is actually modified.

More information

Please visit the MIMWAL site at http://aka.ms/MIMWAL for information on project source code, releases and documentation, and discussion forums.

 

This activity library was used by Microsoft Conculting Services (MCS) ind their projects, and is now public usable for all of us. So if you are not want to develop your own libraries this one could help you built your solution, so give it a try and if you find any issues please respond directly on github.

 

 

Hotfix (Build 4.1.3634.0) released correcting issues with PCNS in Server 2012 R2 Domains

A new hotfix for FIM 2010 R2 was relased, which mainly corrects the issue with Password Change Notification Service (PCNS) on Windows Server 2012 R2 Domain Controllers.

See: https://support.microsoft.com/en-us/kb/3048056/ for details and dont forget to check the “Known Issues” section if you have issues with custom MAs (ECMA) after applying the hotfix.

The release notes also showing the following hint:

Note In all supported cases, the FIM Synchronization Service must be installed only on a Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 member server. It must not be installed on a Windows Server 2012 R2 member server. Only the PCNS component can be installed on a Windows Server 2012 R2 domain controller.

You can download the hotfix here.

 

New FIM License Model as of 1. April 2015

I could not believe the news yesterday I read on Peter Geelens blog about the new License Model of FIM, thought of an April’s fool first 😉

But all information is still present, Microsoft gives a great surprise to us all.

In short:

  • FIM Server License is now included in the Windows Server License (Standard and Datacenter)
  • Only CALs are needed for users managed in portal.
  • External Connector License is switching to Windows Connector License.

So if you only plan to implement the Sync Engine you have already paid for FIM with your Windows Server License and can setup a scenario for “free” (nearly).

Take a look at the product use rights (PUR):

Main site: Volume Licensing

Or download the PUR document directly:

German: www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=PUR&lang=German

English: www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=PUR&lang=English

From my perspective this is the “News of the Year”.

/Peter

PowerShell Activity: Issues with GUIDs in Workflow Activities and Sync Rules

I recently faced a problem with GUIDs generated in a PowerShell Workflow Activity. As you can see in my previous blog posts I use the FIM PowerShell Workflow Activity a lot of times (nearly most the time).

Currently I’m working on provisioning of user accounts with exchange mailboxes, in addition I have to activate/create the Online Archive for users.

I’m following this blog article from Eihab Isaac for the correct attributes to set, except that I want to do all this with portal sync rules and declarative provisioning.
If you take a look at the article you can see that you have to provide a new GUID to the msExchArchiveGUID attribute in order to get the archive feature to work. Read more of this post

Remove leading zeros from attribute values with a portal sync rule custom expression

Note to Self.

Today I having the requirement of removing leading zeros from attribute employeeID.
Special situation is that employeeIDs can be range from 1 to 5 chars, like:

00002, 00013, 00204 and so on.

Looking at the possible function on sync rules first thought was that this would not be possible, but sometimes things can be easier than they look alike.

Simple replacing the 0 (zero) by spaces, then perform an LTrim and after that replacing the spaces back to 0 (zero) works very well.

So the portal sync rules custom expression goes like this:

ReplaceString(LTrim(ReplaceString(employeeID,"0"," "))," ","0")

 

FIM-Portal issues after installing IE11 update (KB3008923) for Win 8.1

Today at one of my customers we had trouble with FIM-Portal functionality after installing the latest update for Internet Explorer 11 (KB3008923) from December 9. 2014.

Since Windows 8.1 is still not supported by FIM it was working like charm until today.

After that update it was not possible to add member to a group for example. If you choose one or more people from the dialog and click OK, the member selection was not filled into the underlying (calling) dialog. You are still able to type the member name and click the verify button or pressing CTRL+k.

So this must be some kind of IE issue with interaction between windows dialogs.

Some investigation on the KB article leads me directly to the solution.

There is a hotfix to get rid of that issue, and it worked like charm.
So if you run into the same problem have a look at the following KB article:

https://support.microsoft.com/kb/3025390/en-us

Here is the description of the hotfix:

You install MS14-080: Cumulative security update for Internet Explorer: December 9, 2014 on a computer that’s running Internet Explorer 11 or the Internet Explorer 11 Web Browser control. However, after you do this, you may experience unexpected behavior when you interact with sites that use one or more web application modal dialog boxes. Any data or information that’s provided in the modal dialog box may not be returned to the application window or to the dialog box that created the data or information. Therefore, the application that created the dialog box may exhibit errors or lack specific functionality that was dependent on that dialog box data.

%d bloggers like this: