Hi,

Running FIM 2010 R2 SP1 (4.1.3613.0) and have a very simple Outbound System Scoped Sync Rule, setting the following attributes:

• initial password
• initial DN

The sync rule works, as users are provisioned in the target system. However the FIM MA generates the "Sync-rule-validation-parsing-error". Even if we remove all the attributes from the sync rule, the error continues to exists. We have also recreated the rule.

Any ideas why we're getting the error message (and the rule is working)?

Here is the extract of the Sync Rule:

<?xml version="1.0" encoding="utf-8"?>
<Results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <ExportObject>
    <Source>http://localhost:5725/ResourceManagementService</Source>
    <ResourceManagementObject>
      <ObjectIdentifier>urn:uuid:9d587de2-5ed2-46a6-9354-e7a12865a55f</ObjectIdentifier>
      <ObjectType>SynchronizationRule</ObjectType>
      <IsPlaceholder>false</IsPlaceholder>
      <ResourceManagementAttributes>
        <ResourceManagementAttribute>
          <AttributeName>ObjectID</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>urn:uuid:9d587de2-5ed2-46a6-9354-e7a12865a55f</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>ConnectedObjectType</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>businessperson</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>ConnectedSystem</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>{57C9FB04-B024-4E6C-BBED-CEBF930EBD1B}</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>CreateConnectedSystemObject</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>True</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>CreatedTime</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>17/05/2015 12:05:35 a.m.</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>CreateILMObject</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>False</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>Creator</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>urn:uuid:6f478f0e-9205-4082-870e-9616f96ccf45</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>DisconnectConnectedSystemObject</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>False</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>DisplayName</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>LDAP Sync Rule</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>FlowType</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>1</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>ILMObjectType</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>person</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>InitialFlow</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>true</IsMultiValue>
          <Values>
            <string>&lt;export-flow allows-null="false"&gt;&lt;src&gt;Password1&lt;/src&gt;&lt;dest&gt;userpassword&lt;/dest&gt;&lt;scoping&gt;&lt;/scoping&gt;&lt;/export-flow&gt;</string>
            <string>&lt;export-flow allows-null="false"&gt;&lt;src&gt;&lt;attr&gt;uid&lt;/attr&gt;&lt;attr&gt;ldapOu&lt;/attr&gt;&lt;/src&gt;&lt;dest&gt;entrydn&lt;/dest&gt;&lt;scoping&gt;&lt;/scoping&gt;&lt;fn id="+" isCustomExpression="false"&gt;&lt;arg&gt;"uid="&lt;/arg&gt;&lt;arg&gt;uid&lt;/arg&gt;&lt;arg&gt;",ou="&lt;/arg&gt;&lt;arg&gt;ldapOu&lt;/arg&gt;&lt;arg&gt;",o=company.org"&lt;/arg&gt;&lt;/fn&gt;&lt;/export-flow&gt;</string>
          </Values>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>ObjectType</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>SynchronizationRule</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>Precedence</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>1</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>RelationshipCriteria</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>&lt;conditions/&gt;</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>ManagementAgentID</AttributeName>
          <HasReference>true</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>urn:uuid:8a6b60b0-b286-4cc8-9b0f-cdf043cd41ec</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>msidmOutboundIsFilterBased</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>True</Value>
        </ResourceManagementAttribute>
        <ResourceManagementAttribute>
          <AttributeName>msidmOutboundScopingFilters</AttributeName>
          <HasReference>false</HasReference>
          <IsMultiValue>false</IsMultiValue>
          <Value>&lt;scoping&gt;&lt;scope&gt;&lt;csAttribute&gt;company&lt;/csAttribute&gt;&lt;csOperator&gt;EQUAL&lt;/csOperator&gt;&lt;csValue&gt;LDAP&lt;/csValue&gt;&lt;/scope&gt;&lt;/scoping&gt;</Value>
        </ResourceManagementAttribute>
      </ResourceManagementAttributes>
      <LocalizedResourceManagementAttributes />
    </ResourceManagementObject>
  </ExportObject>
</Results>

• Edited by Shim Kwan Monday, May 18, 2015 11:22 PM

Hi,

We have now created a traditional sync rule with the same attribute export flows as above, that uses MPR, Workflow, Set transition...and FIM now displays 2 sync-rule-validation-parsing-error messages.

Any ideas?

• Edited by Shim Kwan Tuesday, May 19, 2015 4:08 AM

Hi Kwan,

Sometimes i see this error when previewing and commiting the Sync rules when Other MAs are running as well.

A restart and running FIM MA DIDS profile would sort this out.

Or deleting and recreating the Sync rule will solve the problem as well.

From your statement i am guessing that the old sync rule is not removed from the sync engine.

Regards

Dhaya

Hi, I am afraid none of the above suggestions have worked, as we're still getting the error.

I think Dhayanandh's thinking is right ... you have to find a way of resetting the FIM MA.  I normally do this with a full import/full sync run profile of the FIM MA, but I would also first close the Identity Manager console and restart the FIM Sync service before trying this.  Also make sure that you have no task scheduler running syncs (over WMI) while you are trying to do this.

Another thing I would try if this is still unsuccessful is re-enter the credentials of the FIM MA - this will recreate ma-data and mv-data objects in the FIM Service, which may have somehow become corrupted.  Similarly, running a refresh of the FIM MA schema woudn't hurt either - to bring the latest FIM Service schema into the FIM Sync service (kind of the reverse process of the above).

Failing that, check the event logs - you may find a clue there too.

If you are still having trouble, I suggest you post screenshots of your sync rule configuration since the XML is hard to translate in your head :).

one more thing - should I see the Scoped Outbound Sync Rule in the MV? As I see nothing. And yet it is provisioning new users.

• Edited by Shim Kwan Monday, June 08, 2015 2:03 AM

We have tried some more things:

• Removed all the attribute flows - same error.
• Recreated the sync rule from scratch - same error.
• Since it is an 'Outbound' rule, we changed it to both "Inbound and Outbound" as per this article (running out of ideas) (https://identityminded.wordpress.com/2011/01/26/fim2010troubleshooting-sync-rule-inbound-flow-rules-invalid-error-messages/) - same error.
• Recreated FIM and Oracle system in a totally new virtual environment - same error.

So the only conclusion we are deriving is that Declarative Rules do not work with the "Oracle (previously Sun) directory servers" Management Agent?

• Edited by Shim Kwan 7 hours 33 minutes ago

We have tried some more things:

• Removed all the attribute flows - same error.
• Recreated the sync rule from scratch - same error.
• Since it is an 'Outbound' rule, we changed it to both "Inbound and Outbound" as per this article (running out of ideas) (https://identityminded.wordpress.com/2011/01/26/fim2010troubleshooting-sync-rule-inbound-flow-rules-invalid-error-messages/) - same error.
• Recreated FIM and Oracle system in a totally new virtual environment - same error.

So the only conclusion we are deriving is that Declarative Rules do not work with the "Oracle (previously Sun) directory servers" Management Agent?

• Edited by Shim Kwan Monday, June 29, 2015 11:48 PM