Opening AD Connector Crashes Console - SCSM 2012 R2 UR7

Hi

When trying to open (or create) a new AD connector the console crashes, not allowing any changes to be performed. I have noticed this on all 4 of the service manager servers.

Here is a screenshot of the error message

And here is the error message text:

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.EnterpriseManagement.ServiceManager.UI.Administration.SecureReference.SecureReferenceControl.AddSecureReferenceItem(IDataItem secureReferenceItem)
   at Microsoft.EnterpriseManagement.ServiceManager.UI.Administration.SecureReference.SecureReferenceControl.UserControl_Loaded(Object sender, RoutedEventArgs e)
   at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
   at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
   at MS.Internal.FrameworkObject.OnLoaded(RoutedEventArgs args)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root, RoutedEvent routedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object root)
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object resizedCompositionTarget)
   at System.Windows.Media.MediaContext.RenderMessageHandler(Object resizedCompositionTarget)
   at System.Windows.Media.MediaContext.Resize(ICompositionTarget resizedCompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr lparam)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
   at System.Windows.Threading.Dispatcher.InvokeImpl(DispatcherPriority priority, TimeSpan timeout, Delegate method, Object args, Boolean isSingleParameter)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam)

It seems that the error started after installing UR7. The servers are VM's hosted in Azure.

Any help would be appreciated

August 28th, 2015 1:30pm

Based on the stack trace, (AddSecureReferenceItem) it looks like the secure reference you're using for your AD connector may be missing or corrupted.

So, first step, let's verify if your secure reference is intact or not.

Take a look inside the ServiceManager.LinkingFramework.Configuration management pack. In there you'll find a rule with ID "LinkingFrameworkCmdbSyncRule". (in your SQL database, select mpname, convert(xml,mpxml) from managementpack with(nolock) where mpname = 'ServiceManager.LinkingFramework.Configuration')

Under that rule are <WriteAction> nodes, one for each of your AD connectors. The <DataSourceReaderDomain> will list a "SecureReference.<guid>" reference in a $RunAs$ token. Take note of the SecureReference Id. Hopefully you used the same AD connector runas account for each of your AD connectors? From here on, I'm assuming you did.

Near the top of the MP is a <SecureReferences> node..make sure one of the <SecureReference> node Ids matches that SecureReference id you noted.

Next, towards the bottom of the MP is an <Overrides> node that contains <SecureReferenceOveride> objects. Make sure one of those objects is pointing to your secure reference id in its "SecureReference" attribute.

So, here's an example of what you're looking for. Under the rule's writeaction:

<DataSourceReaderDomain>$RunAs[Name="SecureReference.<random string>"]/Domain$</DataSourceReaderDomain>

Note the "SecureReference.<random string>". This is what you'll be searching for elsewhere in the management pack.

Next, see if it exists in the following area:

<TypeDefinitions>
    <SecureReferences>
      <SecureReference ID="SecureReference.<random string>" Accessibility="Public" />
    </SecureReferences>
</TypeDefinitions>

If such a <SecureReference> exists, that's good.

Next, look for a <SecureReferenceOverride> that looks something like this:

<Overrides>
  <SecureReferenceOverride ID="SecureReferenceOverride.<a different random string>" Context="System!System.Entity" Enforced="false" SecureReference="SecureReference.<random string>">
    <Value>random text</Value>
  </SecureReferenceOverride>
</Overrides>

Note that the string you're looking for is in the "SecureReference" attribute of the <SecureReferenceOverride>.

If that exists, that's good, too..but unfortunately doesn't explain why you're getting the error.

HOWEVER, If either of those things _are_ missing, then you'll need to create a new secure reference and use it in your connector definitions. Let me know if that's the case and I'll walk you through how to create a new secure reference for your connectors.


Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 1:51pm

oh, and by the way, my suggestion may have nothing to do with the error..it's just the first thing I thought to check.

are you able to edit/create other connectors? (like sccm, scom, etc)

August 28th, 2015 1:56pm

Well that put me on the right lines. It turns out it was the same problem as with this thread here.

Thanks for the help!

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 2:56pm

Based on the stack trace, (AddSecureReferenceItem) it looks like the secure reference you're using for your AD connector may be missing or corrupted.

So, first step, let's verify if your secure reference is intact or not.

Take a look inside the ServiceManager.LinkingFramework.Configuration management pack. In there you'll find a rule with ID "LinkingFrameworkCmdbSyncRule". (in your SQL database, select mpname, convert(xml,mpxml) from managementpack with(nolock) where mpname = 'ServiceManager.LinkingFramework.Configuration')

Under that rule are <WriteAction> nodes, one for each of your AD connectors. The <DataSourceReaderDomain> will list a "SecureReference.<guid>" reference in a $RunAs$ token. Take note of the SecureReference Id. Hopefully you used the same AD connector runas account for each of your AD connectors? From here on, I'm assuming you did.

Near the top of the MP is a <SecureReferences> node..make sure one of the <SecureReference> node Ids matches that SecureReference id you noted.

Next, towards the bottom of the MP is an <Overrides> node that contains <SecureReferenceOveride> objects. Make sure one of those objects is pointing to your secure reference id in its "SecureReference" attribute.

So, here's an example of what you're looking for. Under the rule's writeaction:

<DataSourceReaderDomain>$RunAs[Name="SecureReference.<random string>"]/Domain$</DataSourceReaderDomain>

Note the "SecureReference.<random string>". This is what you'll be searching for elsewhere in the management pack.

Next, see if it exists in the following area:

<TypeDefinitions>
    <SecureReferences>
      <SecureReference ID="SecureReference.<random string>" Accessibility="Public" />
    </SecureReferences>
</TypeDefinitions>

If such a <SecureReference> exists, that's good.

Next, look for a <SecureReferenceOverride> that looks something like this:

<Overrides>
  <SecureReferenceOverride ID="SecureReferenceOverride.<a different random string>" Context="System!System.Entity" Enforced="false" SecureReference="SecureReference.<random string>">
    <Value>random text</Value>
  </SecureReferenceOverride>
</Overrides>

Note that the string you're looking for is in the "SecureReference" attribute of the <SecureReferenceOverride>.

If that exists, that's good, too..but unfortunately doesn't explain why you're getting the error.

HOWEVER, If either of those things _are_ missing, then you'll need to create a new secure reference and use it in your connector definitions. Let me know if that's the case and I'll walk you through how to create a new secure reference for your connectors.


August 28th, 2015 5:47pm

Based on the stack trace, (AddSecureReferenceItem) it looks like the secure reference you're using for your AD connector may be missing or corrupted.

So, first step, let's verify if your secure reference is intact or not.

Take a look inside the ServiceManager.LinkingFramework.Configuration management pack. In there you'll find a rule with ID "LinkingFrameworkCmdbSyncRule". (in your SQL database, select mpname, convert(xml,mpxml) from managementpack with(nolock) where mpname = 'ServiceManager.LinkingFramework.Configuration')

Under that rule are <WriteAction> nodes, one for each of your AD connectors. The <DataSourceReaderDomain> will list a "SecureReference.<guid>" reference in a $RunAs$ token. Take note of the SecureReference Id. Hopefully you used the same AD connector runas account for each of your AD connectors? From here on, I'm assuming you did.

Near the top of the MP is a <SecureReferences> node..make sure one of the <SecureReference> node Ids matches that SecureReference id you noted.

Next, towards the bottom of the MP is an <Overrides> node that contains <SecureReferenceOveride> objects. Make sure one of those objects is pointing to your secure reference id in its "SecureReference" attribute.

So, here's an example of what you're looking for. Under the rule's writeaction:

<DataSourceReaderDomain>$RunAs[Name="SecureReference.<random string>"]/Domain$</DataSourceReaderDomain>

Note the "SecureReference.<random string>". This is what you'll be searching for elsewhere in the management pack.

Next, see if it exists in the following area:

<TypeDefinitions>
    <SecureReferences>
      <SecureReference ID="SecureReference.<random string>" Accessibility="Public" />
    </SecureReferences>
</TypeDefinitions>

If such a <SecureReference> exists, that's good.

Next, look for a <SecureReferenceOverride> that looks something like this:

<Overrides>
  <SecureReferenceOverride ID="SecureReferenceOverride.<a different random string>" Context="System!System.Entity" Enforced="false" SecureReference="SecureReference.<random string>">
    <Value>random text</Value>
  </SecureReferenceOverride>
</Overrides>

Note that the string you're looking for is in the "SecureReference" attribute of the <SecureReferenceOverride>.

If that exists, that's good, too..but unfortunately doesn't explain why you're getting the error.

HOWEVER, If either of those things _are_ missing, then you'll need to create a new secure reference and use it in your connector definitions. Let me know if that's the case and I'll walk you through how to create a new secure reference for your connectors.


  • Proposed as answer by Morten Meisler Monday, August 31, 2015 7:13 AM
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 5:47pm

Based on the stack trace, (AddSecureReferenceItem) it looks like the secure reference you're using for your AD connector may be missing or corrupted.

So, first step, let's verify if your secure reference is intact or not.

Take a look inside the ServiceManager.LinkingFramework.Configuration management pack. In there you'll find a rule with ID "LinkingFrameworkCmdbSyncRule". (in your SQL database, select mpname, convert(xml,mpxml) from managementpack with(nolock) where mpname = 'ServiceManager.LinkingFramework.Configuration')

Under that rule are <WriteAction> nodes, one for each of your AD connectors. The <DataSourceReaderDomain> will list a "SecureReference.<guid>" reference in a $RunAs$ token. Take note of the SecureReference Id. Hopefully you used the same AD connector runas account for each of your AD connectors? From here on, I'm assuming you did.

Near the top of the MP is a <SecureReferences> node..make sure one of the <SecureReference> node Ids matches that SecureReference id you noted.

Next, towards the bottom of the MP is an <Overrides> node that contains <SecureReferenceOveride> objects. Make sure one of those objects is pointing to your secure reference id in its "SecureReference" attribute.

So, here's an example of what you're looking for. Under the rule's writeaction:

<DataSourceReaderDomain>$RunAs[Name="SecureReference.<random string>"]/Domain$</DataSourceReaderDomain>

Note the "SecureReference.<random string>". This is what you'll be searching for elsewhere in the management pack.

Next, see if it exists in the following area:

<TypeDefinitions>
    <SecureReferences>
      <SecureReference ID="SecureReference.<random string>" Accessibility="Public" />
    </SecureReferences>
</TypeDefinitions>

If such a <SecureReference> exists, that's good.

Next, look for a <SecureReferenceOverride> that looks something like this:

<Overrides>
  <SecureReferenceOverride ID="SecureReferenceOverride.<a different random string>" Context="System!System.Entity" Enforced="false" SecureReference="SecureReference.<random string>">
    <Value>random text</Value>
  </SecureReferenceOverride>
</Overrides>

Note that the string you're looking for is in the "SecureReference" attribute of the <SecureReferenceOverride>.

If that exists, that's good, too..but unfortunately doesn't explain why you're getting the error.

HOWEVER, If either of those things _are_ missing, then you'll need to create a new secure reference and use it in your connector definitions. Let me know if that's the case and I'll walk you through how to create a new secure reference for your connectors.


  • Proposed as answer by Morten Meisler Monday, August 31, 2015 7:13 AM
August 28th, 2015 5:47pm

Based on the stack trace, (AddSecureReferenceItem) it looks like the secure reference you're using for your AD connector may be missing or corrupted.

So, first step, let's verify if your secure reference is intact or not.

Take a look inside the ServiceManager.LinkingFramework.Configuration management pack. In there you'll find a rule with ID "LinkingFrameworkCmdbSyncRule". (in your SQL database, select mpname, convert(xml,mpxml) from managementpack with(nolock) where mpname = 'ServiceManager.LinkingFramework.Configuration')

Under that rule are <WriteAction> nodes, one for each of your AD connectors. The <DataSourceReaderDomain> will list a "SecureReference.<guid>" reference in a $RunAs$ token. Take note of the SecureReference Id. Hopefully you used the same AD connector runas account for each of your AD connectors? From here on, I'm assuming you did.

Near the top of the MP is a <SecureReferences> node..make sure one of the <SecureReference> node Ids matches that SecureReference id you noted.

Next, towards the bottom of the MP is an <Overrides> node that contains <SecureReferenceOveride> objects. Make sure one of those objects is pointing to your secure reference id in its "SecureReference" attribute.

So, here's an example of what you're looking for. Under the rule's writeaction:

<DataSourceReaderDomain>$RunAs[Name="SecureReference.<random string>"]/Domain$</DataSourceReaderDomain>

Note the "SecureReference.<random string>". This is what you'll be searching for elsewhere in the management pack.

Next, see if it exists in the following area:

<TypeDefinitions>
    <SecureReferences>
      <SecureReference ID="SecureReference.<random string>" Accessibility="Public" />
    </SecureReferences>
</TypeDefinitions>

If such a <SecureReference> exists, that's good.

Next, look for a <SecureReferenceOverride> that looks something like this:

<Overrides>
  <SecureReferenceOverride ID="SecureReferenceOverride.<a different random string>" Context="System!System.Entity" Enforced="false" SecureReference="SecureReference.<random string>">
    <Value>random text</Value>
  </SecureReferenceOverride>
</Overrides>

Note that the string you're looking for is in the "SecureReference" attribute of the <SecureReferenceOverride>.

If that exists, that's good, too..but unfortunately doesn't explain why you're getting the error.

HOWEVER, If either of those things _are_ missing, then you'll need to create a new secure reference and use it in your connector definitions. Let me know if that's the case and I'll walk you through how to create a new secure reference for your connectors.


  • Proposed as answer by Morten Meisler Monday, August 31, 2015 7:13 AM
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 5:47pm

Well that put me on the right lines. It turns out it was the same problem as with this thread here.

Thanks for the help!

August 28th, 2015 6:53pm

Well that put me on the right lines. It turns out it was the same problem as with this thread here.

Thanks for the help!

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 6:53pm

Well that put me on the right lines. It turns out it was the same problem as with this thread here.

Thanks for the help!

August 28th, 2015 6:53pm

Well that put me on the right lines. It turns out it was the same problem as with this thread here.

Thanks for the help!

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 6:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics