Thursday, April 29, 2010

TEC 2010 – Annual Wook Lee Memorial Challenge for Identity Results

So on Tuesday afternoon just before the Birds of a Feather session each of the teams presented their responses to Gil's challenge. Here was what we ended up with:

Inline with the TEC 2010 team of Hollywood and LA, we envisioned our Sync Engine scenario as a turnstile (animated by Ehab Isaac) guarding access to an exclusive nightclub. We added the FIM Web Service pipeline as a gateway guarded by our bouncer (Craig Martin).

Design & Build

We kicked around several ideas but Carol Wapshere brought it home with the nightclub theme. Issam and Ehab handled the construction and Craig hammered out our skits with the team while David Lundell rehearsed his MC lines.

Lights, Camera, Chicken!

No time for dress rehearsals or fancy dressing rooms, the team waited while David set the stage for our little production. 

Our cast members waiting patiently, Carol, Laura Hunter, and Brian Komar. Our Certificate (Brian) was never enrolled and sat dejected in the corner.

 

And now, our fancy 64-bit sync engine springs into action, but wait, two management agents are running at the same time!

SQL Deadlock! A quick rock-paper-scissors (no time for rock-paper-scissors-lizard-spock)…

…and our little HR attribute flow is on its way through the FIM Service after paying the doorman the customary $18/head, she is ushered right through to get some Action workflow. What's this, a name change for Jeremy Kirkpatrick? We have a notification for a name change!

Along comes our first Password Reset request – silly request object, you don't go through the sync engine!

After answering her questions three, she proceeds through the queue into our exclusive nightclub for a reset.

Up next, what do we have here? Why it's a request to join the "Birds of a Feather" group. Are you a member of the Chickens with Grain Addiction Set?

Sorry Chicken, request denied!

 

Here we have a another group request, here comes a bunch of members now joining the TEC 2010 Attendees group, through the queue now…

…and back through the sync engine with you and on to Active Directory!

And yes, we were sober. Thanks to everyone for pitching in and for Sean Deuby for being our talented paparazzo.

Committed to BlogTerm memory by Brad Turner at 8:09 PM
1 comments backlinks to this post
Labels: The Experts Conference

FIM 2010 – Update 1 Released to Windows Update

There are two patches available on Windows Update which were published on April 27th:

  • Forefront Identity Manager 2010 Service and Portal Update (KB978864)
  • Forefront Identity Manager 2010 Synchronization Service Update (KB978864)

As of the publication of this blarticle, the aforementioned KB article was not published online.

Service and Portal Update

This one starts out with and throws an error almost immediately because your FIMService is still running. You need to stop the FIMService to start the installation.

If you are running the Synchronization Service on the same box it will return the following dialog and allow you to stop the service – why it doesn't also do this for the FIMService is slightly odd:

I ran this one first on my server running FIMService and FIMSynchronizationService (but no portal) and it updated those components properly.  Running it against one of your web frontends will retract the WSP solutions and republish.

I was very happy to see that the update did not remove any of my additions to the service configuration file that we add for custom workflow.

Synchronization Service Update

This update applies after the FIMService update (if they are collocated) and will need access to you original installation files (Synchronization Service.msi). Before attempting this update you should backup your database and you are warned:

On one upgrade I did not have to reboot, on a subsequent on I did:

Changes

Object RTM Version Update 1 Version
miiserver.exe 4.0.2592.0 4.0.3531.2
Microsoft.ResourceManagement.Service.exe 4.0.2592.0 4.0.3531.2

It is unknown as to exactly which bugs are fixed in this release as there are no release notes.

Committed to BlogTerm memory by Brad Turner at 3:03 PM
2 comments backlinks to this post
Labels: FIM, FIM Update 1

Monday, April 26, 2010

TEC 2010 – Annual Wook Lee Memorial Challenge for Identity

This morning I accepted, on behalf of the ILM/FIM contingent here at TEC, the task to organize the response to the challenge that lies before us which is loosely:

Build a working model of the FIM Synchronization engine with cardboard, duct tape and string.

If you are at TEC this year and would like to participate, we don't have a lot of time, so track down the guy with the ugly orange Ogio backpack and share some ideas, as well as your crafting skills!

Committed to BlogTerm memory by Brad Turner at 10:33 AM
0 comments backlinks to this post
Labels: The Experts Conference

Tuesday, April 20, 2010

Troubleshooting for FIM Group Management Outlook 2007 add-in - TechNet Articles - Home - TechNet Wiki

After having much difficulty with this myself, I thought I'd post some of the gotchas around making the Outlook add-in work for FIM 2010 Group Management scenarios.

Troubleshooting for FIM Group Management Outlook 2007 add-in - TechNet Articles - Home - TechNet Wiki

Committed to BlogTerm memory by Brad Turner at 2:50 PM
0 comments backlinks to this post
Labels: FIM, FIM Add-ins

Thursday, April 08, 2010

FIM 2010 Technical Overview

So it's finally out – David Lundell and I spent over a year writing and re-writing this thing as ILM "2" became FIM 2010. This is aimed at Technical decision makers and serves as a technical overview of the FIM 2010 product. This is still my favorite picture:

FIM 2010 Technical Overview

Committed to BlogTerm memory by Brad Turner at 9:11 PM
0 comments backlinks to this post
Labels: FIM

Thursday, April 01, 2010

FIMService: "The dependency service does not exist or has been marked for deletion"

David Lundell and I have both encountered this now across two customers and I've never gotten around to blogging it or reporting it as a bug. In situations I'm not entirely clear on yet, an installation of the FIM Service results in an improper registration of a service dependency for SQL Server. You will not run into this problem until you've rebooted the servers running FIMService as that is when it seems to manifest. To see if you are potentially affected, run this SC command against each of your FIMService instances:

sc.exe \\server qc FIMService

A proper configuration for a server *not* running SQL Server would be:

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: FIMService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START  (DELAYED)
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Forefront Identity Manager Service
        DEPENDENCIES       :
        SERVICE_START_NAME : TEST\svc_fimws

If you have SQL loaded or are running your FIMService on the same box as your SQL Server, then you should see an entry under the DEPENDENCIES area for MSSQL. If you see a dependency listed for MSSQL or MSSQL$ and it's on one of your web frontend boxes without SQL or the Windows Internal Database then you will see the "marked for deletion" error after you reboot and you will not be able to start the service. Attempting to start it from SC will return:

[SC] StartService FAILED 1075:

The dependency service does not exist or has been marked for deletion.

 

Repro

I seem to have this situation on my web frontend servers, but only on the subsequent nodes in the WSS Farm, not the initial node that I've installed the portal components in. So, fresh install of RTM bits into a WSS Farm. Node 1 should get the all of the components while the second node should just get the service – this is the node I'm seeing the issue on at the moment but I seem to recall seeing this on both nodes in the past.

Resolution

You have two ways to resolve this:

1) You can manually hack the dependency out of the registry and reboot (not recommended), or

2) Use SC to fix it safely and avoid the reboot

sc.exe \\server config FIMService depend= /

NOTE: There is a space after the equal sign.

Here are my steps and results running from a PowerShell prompt:

PS G:\FIMTasks> sc.exe \\tstapp02 config FIMService depend= /
[SC] ChangeServiceConfig SUCCESS
PS G:\FIMTasks> sc.exe \\tstapp02 qc FIMService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: FIMService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START  (DELAYED)
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Forefront Identity Manager Service
        DEPENDENCIES       :
        SERVICE_START_NAME : TEST\svc_fimws
PS G:\FIMTasks> sc.exe \\tstapp02 start FIMService

SERVICE_NAME: FIMService
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 2  START_PENDING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 3016
        FLAGS              :



Using this approach removes the need for a reboot.
Committed to BlogTerm memory by Brad Turner at 1:08 PM
2 comments backlinks to this post
Labels: FIM
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)