Hi,

 I have 3 fim servers:

fimportal - has fim service & portal running (uses account service.fim & service.sharepoint)
fimsync - has synchronisation service & synchronisation DB (uses account service.fimsync)
fimsql - holds portal DB for server fimportal

 I've created an AD MA, FIM MA and an inbound AD sync rule. On my FIM MA I've used account svc-fim (i.e. the account I've used to install FIM). This is not the same account that runs the synchronisation service on fimsync (account svc-fimsync is used for this).

 I've ran a FIM MA import and full sync without issue (I can see my built in, admin account and the sync rule brought into the metaverse). When I do an export I receive an error as shown below.

What I'm not sure about is if it's because I'm using the wrong account for the FIM MA. If so, which account should I use and what's the best way to change my config (without a total reinstall)?

I've selected domain (as a text value), accountname and objectsid in my attribute flow, but I may have configured something wrong here.

Thanks

Fault Reason: The endpoint could not dispatch the request.\r\n\r\nFault Details: <DispatchRequestFailures xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DispatchRequestAdministratorDetails><FailureMessage>Exception: Other 
Stack Trace: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---&gt; System.Data.SqlClient.SqlException: Procedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException, TransactionAndConnectionScope scope)
   at Microsoft.ResourceManagement.Data.DataAccess.GetDomainConfigurationIdentifiersFromDomain(String domainName)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.AddDomainConfigurationFromDomain(CreateRequestParameter domainNameParameter, RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.DomainConfigurationActionProcessor.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.DoRequestCreationPreProcessByAttribute(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier, Boolean maintenanceMode)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
   --- End of inner exception stack trace ---</FailureMessage><DispatchRequestFailureSource>Other</DispatchRequestFailureSource><AdditionalTextDetails>Request could not be dispatched.</AdditionalTextDetails></DispatchRequestAdministratorDetails><CorrelationId>0c7141ca-63a2-42ae-92c3-a0c95de0d940</CorrelationId></DispatchRequestFailures>

Below shows separate MA account and separate FIM Sync Account

(...) rocedure or function 'GetDomainConfigurationIdentifiersFromDomain' expects parameter '@domainName', which was not supplied. (...)

Set Domain attribute value for objects exported to FIM Service and you will be fine.

It is better to filter the account used to install FIM see best practices for the fim portal administrator account

Create a separate account for the FIM MA (e.g. svc_fimma), this should be specified during install.

This account should also be filtered to avoid problems with applied sync rules or even object deletions.

Tomasz,

 I'm already flowing domain (see pic). Do I need to flow objectsid in my AD inbound sync rule to get users in the portal and the flow to work?

Fer, I've already installed FIM, what's the easiest way to get around this? I'd rather avoid a total re-install...

Thanks

OK - this is configuration. Can you check actual pending export for this user if it contains domain name? 

Hi Tomek,

 Apologies for the delay, been a busy festive period :-)

The account in question with the export flow error is my admin account that I used during installation (where prompted I did enter service account credentials).

Searching the FIM CS on the source object details show all attributes present (including domain), but looking at the export attribute flow shows a final value of deleted! See below.

 I'm following the TechNet guide: http://technet.microsoft.com/en-us/library/ff686264(v=ws.10).aspx and hit the error with the FIM MA export run profile when I run the below steps:

FIM MA - Full import
FIM MA - Full synchronization
FIM MA - Export
FIM MA - Delta import

AD MA - Fullll import
AD MA - Full synchronization

Initially my admin account was not in the selected containers as configured in the AD MA, however I've now ran that and re-ran the sync, which resulted in my test user being provisioned in the portal. My admin account is still not provisioned - I now get 2 export errors, 1 as before complaining of missing domain and another which complains of my admin account being a duplicate entry.

Please let me know if anything comes to mind.

Thanks

From what I've read this could be to do with the installation account I've used. Here's how I did the installer:

1. ran the installer as "admin.mike" for FIM 2010 R2
2. Used "service.fim" as the dedicated fim service account
    Used service.fimma as the dedicated AD MA account
   User service.fimsync on the fim sync service

 My admin.mike account is in AD as well as the MV and FIM portal. When installing FIM should the installation be done under a separate account that is not imported with an AD import?