IIFP to FIM2010 extension-dll-exception ObjectAlreadyExistsException
New FIM2010 user here.
I had IIFP running with a custom dll that searched particular OUs in another AD forest for new accounts and then recreated those accounts as enabled in my AD with Exchange mailboxes. The last bit broke when we upgraded to Exchange 2007 but the
solution in general has worked for a couple of years.
I used the built in options to export the IIFP server which contains just two MAs, one for each domain. I then imported this into the Sychronization Service Manager in FIM2010. I used a new SQL database. With only a few tweaks I am now creating matching
accounts in my domain with Exchange 2007 mailboxes.
The problem is with all the existing accounts. When the MA runs it reports an extension-dll-exception for every account in our AD that was previously created by IIFP. Examining the Call Stack Information indicates the failure is caused by an object already
exisiting in our AD.
Is there a way to bring all of this in sync so that existing object to not cause the error and new accounts are still provisioned?
September 15th, 2010 9:37pm
Sounds like you have the classic initial load problem where an existing DLL is causing you a bit of havoc.
In these cases, usually what you need to do is:
1. Turn off the provisioning in the "Tools->Options" menu. Make sure you turn off the classic provisioning as that is where it sounds your problem is coming from (however, you could turn off both just to be safe).
2. Load all the data into the different connector spaces then project in the data from the primary MA's that the MV objects were created.
3. Join the data in the other MA's (such as the AD ones) so that the existing connector is rejoined to the object. (This may reguire slight adjustments in your existing configuration if no join rules already existed or don't work well within the initial
load scenarios just don't forget to change them back to the previous settings after you're done loading and joining all the data).
4. Turn on the provisioning again.
5. Run syncs as normal.
Thanks
B
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2010 12:03am
Under the "Tools->Options" menu I only see one place where I can disable provisioning. There is tick box next to these words, "Enable Provisioning Rules Extension". Are you referring to the "Enable metaverse rules extension" option. My rules extension
is name MVExtension.dll
I have only two MAs, one for each Forest's AD. We have Forest Level Trust between domains.
As I said, I'm not very experienced with this. I'm a little unclear what you mean by: " Join the data in the other MA's (such as the AD ones) so that the existing connector is rejoined to the object."
September 16th, 2010 5:02pm
The FIM Synchronization Service manager should have two provisioning options. Assuming you haven't used any "declarative rules" with the "create object in remote system", the "disable MV Extension" option will disable your provisioning code. (And this will
also disable the object deletion rules as well if any are defined in code). This should hopefully remove the "duplicate errors" that the code is trying to provision.
Check each MA to validate whether or not there are any "join" rules defined so that we're able to match up the existing objects in the Management Agents with the appropriate object in the metaverse. This will prevent the provisioning code (if its set up
correctly) from trying to recreate a new object.
If there are join rules, synchronize one system to the metaverse and then synchronize the other. Look over the data to make sure that the entries have connected correctly. If yes, turn provisioning back on and run a synchronization again to see if your errors
have cleared.
Thanks!
B
Free Windows Admin Tool Kit Click here and download it now
September 16th, 2010 5:31pm
Hello,
Do you have any advise on this issue? I am experiencing this exact issue. I changed an anchor on my SQL MA and got some errors which I corrected. But now i get the same error your are getting! How exactly did you complete section 2 and 3 from Mr.
Checkley's process? I did successfully stop provisioning and SYNC with no error. Turn provisioning back on and I get errors.
TLight
Newbie (5 weeks) Never used any previous versions.( ILM or MIIS)
I am full production mode for three days. Students arrived today and We have had a few glitches! :)
August 1st, 2011 4:24pm
Hi There,
If you've changed the anchors, do step 1 and disable all the provisioning components.
Run a full import/full synchronization on the SQL MA. This should hopefully delete and readd all the objects you have anchors with. (The ones deleted will be disconnected and the new ones connected if you have proper join rules created).
Turn provisioning back on and continue on happily.
Thanks
B
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2011 4:35pm
OK per your in structions... and I get back to the SQL MA full sync before my export to provision and I get Stopped-Error-Limit and in the flow errors it stops at 5000 Errors.
from Extension-DLL-exception errors.
If i select one of the objects it say it is a duplicate object in the DS MA " Failed: Duplicate Object"
I assume from all of this, I need to Sync the data from both systems and them export? But the sync will not happen due to the amount of errors.
Maybe I need to delete the connector spaces first?
thanks
tlight
August 1st, 2011 5:09pm
Hi There,
You need to look at the data in the metaverse to find out where the DLL exception is coming from. It sounds as though it is a provisioning error however, if there is something occuring in your rules extension code, the settings under tools->options will
not do anything to fix that as the code isn't disabled.
If you disable the rules extension on an individual MA that is throwing the error, that may be a start however, without really looking at the system directly this is pure speculation.
So, that said:
1. Look at the error code that is being thrown. Is it part of the provisioning code that is throwing the error or a rules extension itself.
2. If it is the MVExtension.dll (or whatever other DLL you used in the "Tools"->"Options" menu) then you should be able to get away from the errors by turning off the provisioning there as noted above.
3. If it is in the rules extension dll (look at the MA configuration itself) then you will probably have to take a look at the code itself to try to troubleshoot. You can't actively disabling a rules extension as it is "enabled" whenever you select a rules
extension for any of the many options in the MA itself.
Don't forget to use the "preview" mode as well. It may help you isolate things further.
Thanks.
B
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2011 5:16pm
Blain,
You have been a great help. Our MVExtension.dll was for basic provisioning(we customized it for our AD structure). I don't think it does anything else. Maybe that is all it is supposed to do?? Yes the mvextension is where the error is coming from. Basically
right or wrong we have a FIM system from a POC that works for provisioning and sync at live at EDU. I created another FIM2 server and muddled my way through connecting to a SQL MA( I'm Not a data guy) and an DSMA. I was able to get the all the data
in the metaverse so I could see it. I then tried to walk through the step by steps on technet and found my portal did not have data to create Synchronization Rules(dropdowns were empty) I called support. After talking to him for two weeks and playing on my
own I found out (Not ever seeing ILM or MIIS) there is an old school "Coding way of doing everything and the "Portal". This I still don't grasp yet. With all that said, and after days of previewing, testing and retesting, I changed the container in the DSMA.
I was able to import, sync, and provision to AD for approximately 40K students. We found some data we really wanted to move. I changed the Attribute flow... no problems. Then the boss said maybe giving a kindergarden student an email address is
not appropriate at this time. So we proceeded to have the SQL data view elemninate the email address for 5th grade and under. I got those Anchor errors from SQL MA... I remove the part of the anchor causing the error resynced, that error went away. However
now I have the current error and i need to provision all the new stuents and the changes from yesterdays enrollments. The idea is SQLMA is live student data... we provision to AD for login and then we get the other FIM server to provision or sync with
Live@EDU. The exact error is the "DN= USER....." is a duplicate in the DSMA and it will not provision. I think this would have to do with that anchor I changed and I need to clear all the metaverse data for DSMA
and start over with the sync but how does that effect all the student I already created that are now using there logins. Thanks for all your comments I keep learning and getting a little further each day! :)
God definitely loves me!
tlight
August 2nd, 2011 8:06am
Just found some additional in formation... I am digging and the "New or Newly enrolled students" preview has no errors... just all the previously imported and provisioned ones have errors!! Don't know if that helps.
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 8:42am
Just found some additional in formation... I am digging and the "New or Newly enrolled students" preview has no errors... just all the previously imported and provisioned ones have errors!! Don't know if that helps.
August 2nd, 2011 8:42am
Blain i am going to create a new post I think this is going in a different direction!!!
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 10:21am
Okay.. Moved over to the new posting...
August 2nd, 2011 12:19pm
Okay.. Moved over to the new posting...
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 12:19pm