Group join with user approval doesn't work
I have my distribution groups synced with ad. When i login to the portal from a user and then try to join a group which has owner approval somethings going wrong. It seems the join request is made succesfully. If i login to the portal the owner see's a new aproval request, after approving the user is stll not a member of the group. If i set the group to no approval needed, the user is straight a member of the group. Also the owner doesnot receive a e-mail to approve, i can only approve in the portal which isn't working
November 15th, 2010 5:46am
As an administrator, if you go into the Search Requests page can you find any requests with a Failed or otherwise odd looking status?http://www.wapshere.com/missmiis
November 15th, 2010 8:18am
The only odd thing I see is Authorizing status.. but that's because it's waiting for an approval right?
November 15th, 2010 8:40am
I just made a screenshot of the Requests. Maybe someone can see something strange in there, i have no idea what the problem is. it also said the workflows are applied but i don't any mail though. Also the user is not added as a member after approval
November 16th, 2010 8:09am
Yes that does sound like it's waiting for the approval to come back. You said the owner doesn't receive the email - do you have emails working? Try and test with a simple notification workflow.http://www.wapshere.com/missmiis
November 19th, 2010 6:00am
E-mail is working at the moment, I made a stupid mistake on the receive connections on the hub transport server. Cause this is a test environment I didn't make any changes to it. I'm now testing if i can join a group with owner approval
November 19th, 2010 8:12am
I tested this with a workflow but also that one is not working. I will get service requests with a status Postprocessing
November 19th, 2010 8:12am
On Fri, 19 Nov 2010 13:34:54 +0000, JoWillems wrote: This error i get at the moment in my event viewer, how can i make the user authenticated to send mail through fim? You should be asking that question of whomever admins that SMTP server. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca
November 19th, 2010 9:49am
On Fri, 19 Nov 2010 13:34:54 +0000, JoWillems wrote: This error i get at the moment in my event viewer, how can i make the user authenticated to send mail through fim? You should be asking that question of whomever admins that SMTP server. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Yeah, I deleted the message already cause it was an easy sollution, my fault
November 19th, 2010 10:20am
At the moment I get an e-mail for approval. However, i don't have any approve button on that message. If I login into the FIM portal and click approve on the request, the requester will be a member of the group, so from the FIM portal it's working.
November 19th, 2010 10:25am
At the moment I get an e-mail for approval when trying to join using the FIM portal. I don't get any e-mail if i try to join using outlook Also if I reseive a message I don't have any approve button on that message. If I login into the FIM portal and click approve on the request, the requester will be a member of the group, so from the FIM portal it's working.
November 19th, 2010 10:25am
I just checked if the used e-mailaddresses are both in the GAL and in the FIM portal and thats the case for all the users which im using. Still however I only join a group using the portal. There will be one e-mail to the owner but that e-mail doesn't contain any approve button.
November 22nd, 2010 2:11am
When you use the Outlook add-on to add people to groups it does it by sending emails to the fim service mail address (the one you specified when installing outlook add-on). So the first thing you can do is monitor that mailbox to see if the request emails are actually arriving. Next, the fim portal service uses the Exchange web services to acess the mailbox and retrieve the request. So you need to make sure it can actually do this. If the email arrives but then just sits there that would imply to me that the fim service is failing to access Exchange via the web services. Check the exchange server address configured in the web.config file. It can also be good to enable trace logging. The service tries to poll it's mailbox on a regular basis, so if it's failing to do that you'll see lots of errors. http://www.wapshere.com/missmiis
November 22nd, 2010 1:37pm
I added the following to the "C:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config" Is the correct way to do this? < appSettings> < add key="synchronizationEngineAccountName" value="maadmin"/> < add key="mailServer" value="https://exchsrv01.fim.sogeti.local/ews/exchange.asmx"/> < add key="sendAsAddress" value="firstname.lastname@example.org" /> < add key="synchronizationServerName" value="FIMSRV01" /> < add key="isExchange" value="1"/> </ appSettings>
November 23rd, 2010 9:04am
Sorry, best way to do what? If you're trying to enable tracing then here's the ref: http://msdn.microsoft.com/en-us/library/ff357801.aspx http://www.wapshere.com/missmiis
November 23rd, 2010 12:04pm
Just enabled tracing like explained in the reference, After I did that i still didn't see errors coming and I was wondering if FIM is really checking the fimservice account's mailbox, it wasn't ofcourse. I was able to find the solution simple by checking the windows registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FIMService the PollExchangeEnabled was set to false (which I think is strange, cause my previous test environment i haven't changed this value at all) After setting the value to true the e-mail approval starts to work Carol, thanks for your help investigating this problem!
November 24th, 2010 4:46am