All 5 entries tagged Fim
No other Warwick Blogs use the tag Fim on entries | View entries tagged Fim at Technorati | There are no images tagged Fim on this blog
June 17, 2014
Writing about web page http://www.wapshere.com/missmiis/getting-something-back-from-the-enumerateresourcesactivity
After adding workflow elements to enumerate an object, the ResorceType that gets returned is "nothing", however TotalResultsCount is 1 or more.
What's going on?
I'd added three separate enumerations to a workflow, and they worked fine. I added a fourth (enumerating a /Person resource) it was returning blank, despite the xpath being correct.
My standard set of workflow modules for doing an enumerate is normally this;
- Code: prepareToEnumerate
- EnumerateResource: enumerate
- Hidden: Iteration handler
- Code: Deug logging
There are two sets of code associated with a workflow;
- MyWorkflow.vb - contains the code executed by the workflow objects entered into the designer
- MyWorkflow.design.vb - is the saffolding for the designer, and holds metadata about your code
The modules I'd created in the designer previously seem to have been added just fine to the designer.vb file. However the last one wasn't - there was no reference to my hidden iteration handler, so I added it manually using the excelent guide at missmiis's blog.
The process she describes adds-in a reference to your hidden iterator code, and manually adds your iterator code as a handler to the EnumerateResource code. The design.vb code contains comments warning about making changes - seems like they can be safely ignored.
There's lots of stuff on the web that implies all enumerateResource code that requires an iterator needs to be manually added to the design.vb code. I'm still convinced that the first few enumerates I added worked automatically, and that maybe some other aspect (like the enumerate object was added to an if-else block) prevented it being added. I'll post an update once Ive experimented a little more.
March 28, 2014
It is straightforward to sync objects to and from an untrusted domain with FIM.
When I tried it, it didn’t work at first and I found a bunch of misinformation about whether it’s even possible to have a FIM system in one domain/forest sync objects to an untrusted domain. Some blogs insist there needs to be a forest trust in place, and in one Microsoft example they assume that a trust has been set up. Not so; no trust is needed.
The key is to ensure that both the domain hosting FIM and untrusted domains can resolve each other’s names in DNS - here's how I did it.
Before you configure the AD MA:
1. On the untrusted domain, set up a DNS forwarder to point to the domain that hosts FIM
2. In the domain that hosts FIM, in DNS, set-up a Conditional Forwarder pointing to the untrusted domain. A conditional forwarder tells your domain ‘if you get DNS requests for untrusteddomain, send them to this ip address to be resolved’
TIP: if you want the conditional forwarder to be replicated throughout your AD (seriously, you do) tick the 'Store this...' box. Also, don't worry about the Big Rex X - it goes away once DNS has resolved the netbios name of your untrusted domain.
3. Test your DNS config by pinging the untrusted domain (ping untrusteddomain.myorg.co.uk -4) from the domain that's hosting FIM. Now check that the untrusted domain server can ping the domain that's hosting FIM (ping domain.myorg.co.uk -4). When you can, you’re good to go.
4. Create a new AD MA in the FIM Synchronization manager
5. Configure the connection parameters like this;
6. Click OK, and you should be presented with a list of partitions in the untrusted domain.
October 04, 2013
The FIM Service needs an internet connection to complete installation. If you use a FIM development or sandbox environment that is isolated from your main network and the Internet, you may find the FIM Service will not start at the end of the installation process, and fails with a timeout error.
The issue is caused because the default timout for a service to start-up is 30seconds. The FIM Service uses the .NET 3 framework, and at FIM Service startup the .NET CLR attempts to validate the .NET authenticode signature by connecting to a microsoft web-site. If you have no connection to the Internet the authenticode certificate revocation check will wait for several minutes before timing out, by which time the FIM service-startup has timed-out.
I resolved the problem by configuring an additional temporary network interface to my VM which natted to my real network. Once the VM could 'see' the Internet to do the signature check, the FIM Service started normally. Then I removed my temporary network interface.
You could also:
- increase the timeout delay for starting services
- reconfigure your Microsoft.ResourceManagement.Service.exe.config file to remove the revocation check altogether
(FIM service fails to start. Fim service does not start. Fim installation fails)
September 10, 2013
If you're struggling to configure the Oracle MA in FIM, there's an excellent guide to installing the Oracle client on a Windows server here.
I struggled even with this guide; I downloaded and merged both sets of driver files, created environment variables, and ran the ODBC_install app which flashed-up a dos box breifly, but gave no indication whether it had worked. When I ran the Windows Data Sources (ODBC) tool and tried to add a new User DSN, no Oracle driver was listed.
Turns out that the Oracle Drivers are 32-bit drivers; there's no 64-but version. And on a 64Bit Windows server, the Windows Data Sources (ODBC) tool lists only 64 bit drivers. You have to open a command prompt and specifically run the 32bit version of the Windows Data Sources tool:
The Oracle driver will be listed; select it and set-up your odbc connection as usual.
August 13, 2013
I've been evaluating Groovy/Grails vs .NET as a method of making a better FIM Portal and struggled to find clear documentationon on the right address to use to connect to the FIM web service from a development environment.
First check that the FIM web service is actually running on your FIM Service server.
Connect to the server, open a command window, and type netstat -a You should see entries for 0.0.0.0.5725 and 0.0.0.0.5726 indicating that the FIM Service is listening on these ports. [If you changed the default ports during install, you should see the FIM service listening on your custom ports.] If these ports aren't listed, then the FIM Web Service isn't listening and you need to get it running before you go any further.
To access the FIM Web Service, use the address:
If you have Visual Studio handy, a quick way to check FIM Web Service is working is to create a new ASP.net web project, add a Service Reference, paste in the address above with your server name (or localhost), and click the Go button. Click to expand the Service node and you will see the service types and operations available: