management agent
hi all, can y please help me to solve this issue when i create a management agent: 1. In FIM 2010, open Synchronization Service Manager and select Management Agent from the Tools menu. 2. To open the Create Management Agent wizard, select Create from the Actions menu. 3. On the Create Management Agent page, provide the following settings, and then click Next : Management agent for : FIM Service Management Agent Name : Woodgrove Bank FIMMA 4. On the Connect to Database page, provide the following settings, and then click Next : Server : localhost Database : FIMService FIM Service base address : http:// localhost :5725 Authentication mode : Windows integrated authentication User name : fimma this user i have create previously in Active Directory Password : P@ssw0rd Domain : WoodgroveBank i have receive the following error: failed to connect the specified database failed to connect to the specified database or forefront identity management service. please check the specified database location service host address, and account information any help please
October 22nd, 2010 10:15am

Is the FIM service, sql server and Sync engineinstalled on the same server? /Søren
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 10:54am

Hi Basically you cannoct to Database of FIMService, their is several reason to this, so check: You have specify FIMService for database name during the installation of FIM Service and Portal You have specified the correct account (fimma in your case) when configuring the FIM Management Agent Account during the installation of FIM Service and Portal The SQL Server is Up and Running The account used is not disable nor configured to change password at next logon (I recommand you to set User cannot change password and Password never expires for this account) Last point In your description I can see a space between localhost and :5725 in the FIM Service base address, check if it's only in this thread or also in your configuration Fabrice
October 22nd, 2010 11:10am

Regarding the FIM Service base address : http:// localhost :5725 What did you use for the FIM Service address during the setup? http://localhost is not really a good idea. I would use an FQDN or an alias specifically created for the FIM Service. This makes Kerberos happy. An I love happy Kerberos ;) What value do you have in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Portal\ServiceAddress (on your FIM Portal server), this would be your FIM Service addresshttp://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 11:46am

Hello hichomicro, If you are sure you provided all the correct info while trying to connect to the databse and you're still getting "failed to connect to the specified database", you need to add FIMMA account to "Domain Admins" group in the AD. Log off and Log on, and you should be fine. Regards, John Atick
October 22nd, 2010 3:01pm

hello the problem is solved but i have another problem wen i create an inbound synchronization rule: On the Scope tab, provide the following information, and then click Next : § Metaverse Resource Type: person § External System: Woodgrove Bank HRMA § External System Resource Type: person (Note: the External System Scoping filter is not configured in this tab) but all this option on scope tab is disable how can i choose person woodgrove bank HRMA. i am using the steps of microsoft forefront identity manager evaluation guide. any help please
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 3:10pm

the problem is to select an item to metaverse ressource type, external system and external system resource type but i didn't have any value to add. help me please
October 22nd, 2010 3:12pm

In page 44 in the evaluation guide, did you build up "Configure Object Type Mappings" and "Configure Attribute Flow" correctly?Regards, John Atick
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 3:49pm

yes, i have build the configure type mappings and configure attribute flow: 1. On the Configure Object Type Mappings , add the following mapping, and then click Next : a. From the Data Source Object Type column, select Person b. To open the Mapping dialog, click Add Mapping . c. From the Metaverse object type list, select person . d. To close the Mapping dialog, click OK . e. From the Data Source Object Type column, select Group f. To open the Mapping dialog, click Add Mapping . g. From the Metaverse object type list, select group . h. To close the Mapping dialog, click OK . On the Configure Attribute Flow page apply the following attribute flow mappings, and then click Next : a. Select Person as Data source object type . b. Select person as Metaverse object type . c. Select Direct as Mapping Type . d. For each row in the following table complete the following steps: Flow Direction Data source attribute Metaverse attribute Import AccountName accountName Import Department department Import DisplayName displayName Import EmployeeID employeeID Import EmployeeType employeeType Import ExpectedRulesList expectedRulesList Import FirstName firstName Import Manager manager Import LastName lastName Export AccountName accountName Export DisplayName displayName Export Domain domain Export EmployeeID employeeID Export EmployeeType employeeType Export FirstName firstName Export LastName lastName Export ObjectSID objectSid a. Select the Flow Direction shown for that row in the table. b. Select the Data source attribute shown for that row in the table. c. Select the Metaverse attribute shown for that row in the table. d. To apply the flow mapping, click New a. Select Group as Data source object type . b. Select Group as Metaverse object type . c. Select Direct as Mapping Type . For each row in the following table complete the following steps: Flow Direction Data source attribute Metaverse attribute Import AccountName accountName Import DisplayName displayName Import ExpectedRulesList expectedRulesList Import Member member Export AccountName accountName Export DisplayName displayName Export Member member a. Select the Flow Direction shown for that row in the table. b. Select the Data source attribute shown for that row in the table. c. Select the Metaverse attribute shown for that row in the table. d. To apply the flow mapping, click New On the Configure Deprovisioning page, click Next . To create the management agent, on the Configure Extensions page, click Finish . 1.3.3. Creating the Woodgrove Bank ADMA The Woodgrove Bank ADMA is a management agent for Active Directory Domain Service . To create this management agent, you use the Create Management Agent wizard.
October 22nd, 2010 3:59pm

Please remove all those "Font Definitions" in your earlier posts. And as far as I understood of what you're trying to say, you're unable to select the values from the drop down list in Metaverse Resource Type, External System and External System Resource Type, right? And provide a screenshot too!Regards, John Atick
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 4:17pm

yes it is right, i haven't any value to select from Metaverse Resource Type, External System and External System Resource Type. and i have check configure object type mapping and configure attribute flow. it is properly configure.
October 22nd, 2010 4:19pm

Did you add FIMMA account to "Domain Admins" group as I told you in the AD? If you didn't, do that (+Log off and Log on), and try again with the scope. Regards, John Atick
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 4:35pm

thank you for yr help john, but the FIMMA is on domain admin, i have added. but when i logon to fimma account and i install the service doesn't start but my work is focus on administrator account and not fimma
October 22nd, 2010 4:51pm

if i login with user fimma and i start the synchronization service i obtain the following message: 1- service is not started 2- yr account is not a menber of a required security group
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 5:13pm

@John I am very curious to know why you want to give Domain Admin rights to FIMMA acount There is absolutely no need to do this, and honestly give Admin privilege to a generic accounts is really bad. The only privileges this account needs are on the FIMService database, that's why during installation you must give the name of the FIMMA account you will use. @Hichomicro You dont have to logon with FIMMA account, this account is only useful for FIM Synchronization Service to read and write into the FIM Service database and use FIM WS Concerning the fact you cannot choose person object for your sync rule is certainly linked to the account used for your HRMA I'm sorry to cannot help you more but it's a bit confuse for me what is exactly the problem you are facing Fabrice
October 22nd, 2010 5:27pm

hi fabrice, thank y, but as y know there is a microsoft forefront identity manager 2010 evaluation guide, this document describe how to create management agent ... my problem is after follow te steps of the document and when i try to create a synchronization rule on the scope tab, there no option is select on metaverse resource type, external system ans external system ressource type. y can check the following link: http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBYQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F2%2F2%2F9%2F22962B83-5795-4006-9BD8-09C943C8D613%2FFIM2010_EvaluationGuide.docx&rct=j&q=forefront%20evaluation%20guide&ei=6KHBTNmzC5yW4gaPtd3_Cw&usg=AFQjCNHRHCOwj6hO04rynHNFxTB6xqWcQA&cad=rja my problem is on page 52
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 5:39pm

any help concerning this problem
October 22nd, 2010 5:52pm

Ok, Understood Do you create the HRMA text file connector in FIM Sync Service ? Are you able to import data in CS ? I see two reason for your problem: First, the FIM Managment Agent account is not properly configured and so when you configure Sync Rule you are not able to see the schema of the different Connector Spaces Second, your HRMA is missconfigured and there is no schema created in the FIMSynchronization Service database for it When you create the Sync rule are you able to choose the metaverse object type ? and after that the MA ? and after that you obtain nothing in the datasource object type ? Or do you have nothing at all in the first select box ?
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 5:53pm

no i didn't have any option in the first select box how can i verify if there is a schema created in the FIMSynchronization service database.
October 22nd, 2010 5:59pm

yes i have create HRMA text filein c partition in FIM Sync Serice. i need yr help please !!!!!!!!!!!!
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 8:42pm

@Fabrice Viguier Permissions issue, as you might get the message of "the user has not been granted the requested logon type at this machine" and you won't be able to create the MA. I am saying that from a previous experience. @hichomicro Through my search, I found out that several people had encoutered this problem, as it might be a bug. The best solution you have for the moment is to reinstall FIM. Regards, John Atick
October 23rd, 2010 2:19am

hi john, thank y for yr support, but when i copy and paste the text file HRData.txt from C: to c:/program file/forefront identity manager.... after that the problem is solved and i can see on scope tab values person (on metaverseresource), woodgrove bank HRMA (external system) and person (external system resource type). but only the external system woodgrove bank HRMA appeared and not the others woodgrove bank ADMA. so i have another problem i can't create the AD user synchronization rule because when i choose person on metareserve resource, i have only woodgrove bank HRMA. i have create many manage agent FIMMA and ADMA but the same problem. any help please
Free Windows Admin Tool Kit Click here and download it now
October 23rd, 2010 9:15pm

Try this: Create a Test User in the AD in FIMObjects OU, then Synchronize the User to FIM portal using Woodgrove Bank ADMA. Then check Whether the User was Successfully added to the Portal or not and Report Back.Regards, John Atick
October 24th, 2010 5:03am

john i didn't create the synchronization woodgrove bank ADMA yet, the problem is here. when i try to create the synchronization i didn't have the option woodgrove bank ADMA on scope tab, i only see woodgrove bankl HRMA... how can we resolve this problem!!!!! what modification will be done to add the woodgrove bank ADMA to the external system tab like woodgrove bank HRMA. thank y for yr help again.
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2010 6:26pm

I am new to FIM just like you, but learning as I go. I crashed my system just now deliberately so as to look into your problem deeper than than just giving verbal advice. I never faced this problem before really. So anyway, when I wanted to create a new sync rule, guess what? I didn't find the new MA I created in external system, just like what you're facing now. So I started to troubleshoot the issue and came up with a solution. The problem was caused by the FIMMA account. You need to make sure that the account is placed in FIMObjects OU. And It has to be enabled, not disabled, not locked, password didn't expire or changed. If FIMMA account is disabled, you won't see any MA you create in the sync rule scope. Also if you didn't select "Password Never Expire" while creating the FIMMA account, you will get that problem too. The password must be the same and hasn't changed since the first time you created the account. Make sure you have all what I mentioned above and your problem should be solved. PS: You need to (re)create the ADMA after you fix the FIMMA account. If you created the ADMA then fixed the FIMMA account, you won't be able to see it in sync rule scope. Regards, John Atick
October 24th, 2010 10:17pm

The FIM MA account you are using to configure your FIM MA must be the same as the one you have specified during the setup of FIM(!). See How can I manage my FIM MA account for more details on this. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 12:17am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics