Hi EveryoneIve been testing FIM 2010 RC 1 following the http://technet.microsoft.com/en-us/library/ee534902(WS.10).aspxguide, but I have this error when I ran the export profile from the FIMMA agent.I have the follow enviroment- 1 Win 2008 Server Enterprise SP2, FIM RC1 Synchronization Service Installed, Exchange Management Tools 2007, Oracle client for win2008 64bits, SQL Client Conectivity Tools, Visual Studio 2008.- 1 Win 2008 Server Enterprise SP2, Sharepoint Services 3.0, FIM RC1 ServicePortal and Exchange 2007 SP1- 1 win 2003 Server Enterprise SP2, SQL 2008 SP1 CU7 (Database Services, Full-Text Search, SQL Client Conectivity andSQL Management Console Full).- 1 Win 2003 Server Enterprise SP2, Oracle 10g.Everything was installed with the same user account (administrator)to avoid permission troubles.Management AgentsAD MAFIMMA Oracle MAFile MAAll of them with the configuration from the guide oracle and file both have the same configuration.I tried to provisioning AD from Oracle and from the text file that is mentioned in the guide.The errors are the followsThere is an error executing a web service object modification request. Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException Message: Access to the requested resource(s) is denied Stack Trace: at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate() at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Update() at MIIS.ManagementAgent.RavenMA.ExportObjectModification(DataSourceObject dsObject, SchemaManager schemaManager) at MIIS.ManagementAgent.RavenMA.Export(DataSourceObject dsObject) Inner Exception: this happen after ran the Export run profile in FIMMAI dont know what else should i post here.thnks for your replies.

Run this script and post the result if you get an error.the script helps you to deretmine whether the issue is related to the FIM MA account.If you don't get an error, run this script.The script will tell you whether you have an issue with your MPR configuration.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hi Markus thnks for the script, Can youlet meknow, How can I run the script please, is a .vbs script?

These are PowerShell scripts.Are you familiar with PowerShell?Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hello ...I have a question. Did Youcreate some attribute in the schema of the FIM or attribute in the metaverse? Because if you created, there are policies that should be changed on the portal. You must add the attributes created in some policies, one of them is "Synchronization: Synchronization account users it controls Synchronize" on Target Resources to add the attributes that you created.

Hi Markus I post the result of the first script, as you can see it was successfull.Microsoft Windows [Version 6.1.7600]Copyright (c) 2009 Microsoft Corporation. All rights reserved. Retrieving object definitions... Total base objects: 1 0% complete C:\Users\Administrator.tes>powershell.exe c:\Prueba FIM MA Account Test==================== -Reading registry configuration -FIM MA account name: tes\lolo -FIM MA account SID : S-1-5-21-3654219005-1170202066-2025062520-1125 -Reading MA configuration -FIM MA account name: tes\lolo Enter the password for tes\lolo:Attempting to start cmd /c as user "tes\lolo" ... Command completed successfullySecond ScriptFIM MPR Configuration For Synchronization Check=============================================== Missing Resource Attributes on MPR Security groups: Users can add and remove members to open groups -MemberC:\>powershell.exe c:\PruebaCaution: Your current MPR configuration requires your attention!FIM MA Account Test Command completed successfullyAttribute creationI already create the Member Attribute and added it to the Security group, but I get the same error again if I run the script.Administration -> Schema Management -> All Attributes -> NewSystem Name: MemberDisplay Name: MemberData Type: Indexed StringNew Error on FIMMA after ran Export profilefailed-modification-via-web-servicesThere is an error executing a web service object modification request. Type: System.ServiceModel.Security.MessageSecurityException Message: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. Stack Trace: Server stack trace: at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate() at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Update() at MIIS.ManagementAgent.RavenMA.ExportObjectModification(DataSourceObject dsObject, SchemaManager schemaManager) at MIIS.ManagementAgent.RavenMA.Export(DataSourceObject dsObject) Inner Exception: An error occurred when verifying security for the message.

Hi EveryoneIf somebody is interested on this issue, I already fixed it,I dont know why but is a clock synchronization issue, I just synchronized the time on my FIM service server and the Portal server and it works.

Hi Markus,We have the same error as mentioned by Kichitan, when we execute FIMMA Export profiles. We got the following message:***There is an error executing a web service object creation request. Type: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException Message: Access to the requested resource(s) is denied Stack Trace: at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource() at MIIS.ManagementAgent.RavenMA.ExportObjectCreation(DataSourceObject dsObject, SchemaManager schemaManager) at MIIS.ManagementAgent.RavenMA.Export(DataSourceObject dsObject) Inner Exception: ***We executed the script you mentioned above and got the following:***PS C:\> Get-ExecutionPolicyUnrestrictedPS C:\> .\Script_FIM_Account-Check.ps1 FIM MA Account Test==================== -Reading registry configuration -FIM MA account name: CDHU\fim_ma -FIM MA account SID : S-1-5-21-717229978-1245646637-2206649778-1126 -Reading MA configuration Error: A parameter cannot be found that matches parameter name 'onlyBaseResources'.***Any idea about this error? Thank you.Regards,

You are not running the latest version of FIM.'onlyBaseResources' was introduced in Update 2 - and Update 3 is out.You should update your environment.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I am trying to download Update 3 from Connect but am getting "Page not Found". Is there another location I can get it from, like download center? I checked but just found updates 1 and 2 there.

That's odd - I have just tried it and it worked...Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

It's not a private download is it? The error I get is: Page Not Found The content that you requested cannot be found or you do not have permission to view it. Just signing into Connect with my Live login...Tried a few Browsers just to be sure. Rob

Hi There Ricacom7That error is 'cause you dont have permissions to execute PowerShell Script, but you can check if this works for you as it work for me: Open registry Browse to key HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell If “ExecutionPolicy” does not exist, create it as REG_SZ with value “Unrestricted” Open PowerShell and use the command “Get-ExecutionPolicy” to see it is done correctly And try to run again you script.Regards

Hi There Ricacom7 That error is 'cause you dont have permissions to execute PowerShell Script, but you can check if this works for you as it work for me: Open registry Browse to key HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell If ExecutionPolicy does not exist, create it as REG_SZ with value Unrestricted Open PowerShell and use the command Get-ExecutionPolicy to see it is done correctly Now we can change that value to 5 different settings: Restricted: no scripts will be executed Unrestricted: all scripts will be executed RemoteSigned: all scripts you created yourself will be run, all scripts downloaded from the internet will need to be signed by a trusted publisher AllSigned: all scripts, including your own, will need to be signed by a trusted publisher Default: = Restricted (unless you change the default value to something else) And try to run again your script. Regards

Hi master kichitan, tks for your help. I'm still a nestling in that subject, but I've had done what did you say and the results was: -----------------------PS C:\> get-executionpolicy Unrestricted PS C:\> .\Script_FIM_Account-Check.ps1FIM MA Account Test ==================== -Reading registry configuration -FIM MA account name: CDHU\fim_ma -FIM MA accountSID : S-1-5-21-717229978-1245646637-2206649778-1126 -Reading MA configuration Error: A parameter cannot be found that matches parameter name 'onlyBaseResources'. PS C:\> --------------------------------- I'm going to do like "Markus" said, Update my FIM 2010RC1 to V2 and make again the tests. Thanks for your time, and your help. With kind regards

You don't have a problem with the execution-policy.If so, you wouldt get directly an error message from PowerShell.Not sure, if this really helps you to make progress; however, you can remove the 'onlyBaseResources' line from the script.In this case, you will probably see a lot of yellow warnings from the script - but you can ignore them since they are just warnings.You could also just talk a look at what the script does and do the checks manually.The script verifies whether the configured FIMMA account is the same as the one you have specified during the installation of FIM.If this is not an issue in your scenario, you are most likley running into a MPR that is blocking you.Again, the objective of the second script is to verify this.However, the scripts are targeted for Update 2.Your best bet is to update your system - to Update 3 :o) Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus,Can I update FIM Rc1 to Update 3 directly? jumping the Update 2 ?What do you think? can I ? Thanks for your time, and your help. With kind regards

Please take a look at the FAQ for more details.Cheers,Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hi, Master Markushttps://connect.microsoft.com/site433/Downloads============ Your post ==================== The RC1 Update 3 release of Forefront Identity Manager 2010 (FIM) is available today here on Connect. This is our final pre-release of the product before RTM. Please continue to provide feedback through Connect. ============================= After I click on link and made a logon my browser said: Página Não Encontrada (page not found)O conteúdo que você solicitou não foi encontrado ou você não tem permissão para exibi-lo. Se você acreditar que chegou a esta página por um erro, clique no link de Ajuda na parte superior da página para relatar o problema e inclua esta identificação em seu email: 29615e41-b0a9-4951-8d15-4afb30246127 Página de boas-vindas ao Microsoft Connect. Man, is so hard work with FIM2010 If you can help me I'll grateful With kind regards

Important: I stand corrected!If you have never installed RC1, you can start with Update 3.However, if you have installed RC1 or one of the updates, you must upgrade to Update 2 before you can install Update 3.I will update the FAQ soon.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Right, MasterThrough Windows Update I can get FIM V2 and afterthe instalation. I run the script.----------------your rich tip--------------------------------------------------------------------Run this script and post the result if you get an error.the script helps you to deretmine whether the issue is related to the FIM MA account.If you don't get an error, run this script.The script will tell you whether you have an issue with your MPR configuration.-------------------------------------------------------------------------------------------------- PS C:\> .\Script_FIM_Account-Check.ps1 FIM MA Account Test ==================== -Reading registry configuration -FIM MA account name: CDHU\fim_ma -FIM MA account SID : S-1-5-21-717229978-1245646637-2206649778-1126 -Reading MA configuration Error: Registry configuration and FIM MA configuration for MA account don't match! What the Error means, what I need to do to fix it?

https://connect.microsoft.com/site433/Downloads============ Your post ==================== The RC1 Update 3 release of Forefront Identity Manager 2010 (FIM) is available today here on Connect. This is our final pre-release of the product before RTM. Please continue to provide feedback through Connect. ============================= After I click on link and made a logon my browser said: Página Não Encontrada (page not found) Have you actually signed up for the FIM beta program?If you are not registered, you can't download the file...Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

FIM MA Account Test ==================== -Reading registry configuration -FIM MA account name: CDHU\fim_ma -FIM MA account SID : S-1-5-21-717229978-1245646637-2206649778-1126 -Reading MA configuration Error: Registry configuration and FIM MA configuration for MA account don't match! What the Error means, what I need to do to fix it? It means that the current FIM MA account is not the same as the account you have specified duing the installation.You can find more details on this in "How can I manage my FIM MA account?"Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Hi master Markus After I set that parameters at "Synchronization: Synchronization account controls users it synchronizes" I can run FIMMA free erros, but the Users appear on Portal like "(No display name)" and doesn't appear on ActiveDirectory on OU 'FIMObjects'. please see at: http://189.47.133.142/FIM.html and if possible help me.With kind regards.

Please take a look at this - it might help to make things easier.This might also be helpful.It is possible that you have an attribute flow precedence related issue.Make sure that your HR MA attribute flow is not blocked by it.You can find instructions here.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

I was following this article to sync AD accounts to FIM... http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/defcc6a5-30f0-4b9d-82a0-faa9438cd98e And some errors brought me to this article... I followed this article to help resolve multiple problems... With the recommendations I was able to get them resolved... Following the article I linked, I was able to complete the testing of my configuration... Now I am having another problem... But I am a little confused... I created a sample user in a container called FIM that I setup to sync to and I am attempting to Synchronize the AD user into FIM It says after the delta import AD DS, the synchronization statistics report should show a new object... But mine does not... Which immediately got me to thinking I must not have the right container in the ADMA agent setup... Went back to that setting and see my container "FIM" checked as the only sync... Any ideas on what I am doing wrong?