Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Interesting FIM2010 R2 webinars coming up

Mon 15 Apr 2013 Leave a comment

Title: FIM 2010 R2′s Attestation Module
Presented by: Randy Wiemer, Oxford Computer Group Principal Architect
Channel: Identity & Access Management
Live on: Apr 18 2013 8:00 pm


https://www.brighttalk.com/webcast/8503/71687
.

 

Title: FIM 2010 R2′s Analytics Module
Presented by: Rob de Jong, Microsoft Channel: Identity & Access Management
Live on: May 16 2013 8:00 pm


https://www.brighttalk.com/webcast/8503/71689
.

 

Check the Identity & Access Management channel on BrightTalk:
https://www.brighttalk.com/community/it-security/channel/8503

Categories: Security

ECMA 2.2, PowerShell, SharePoint User Profile and Generic LDAP Connector Beta available on Connect

Fri 29 Mar 2013 1 comment

Source:
https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=48615

The FIM Product group has has released a new version of ECMA2, one new Connector and an update to two Connectors to Connect for pre-release evaluation.

A new release of the Sync Engine is available on Connect and it has ECMA 2.2 in it. These are the new features:

-        An ECMA2 Connector can be initiated and can run outside the sync engine. It is now possible to do a test driven implementation where you create all unit tests for your Connector in Visual Studio and test your Connector without even having a Sync Engine. You can also debug the Connector without having a Sync Engine present.

-        A new capabilities page and calling the capabilities later in the flow. It is now possible to ask the user for information and connect to the target directory and use that information for the Connector’s capabilities.

-        Added support for dn as anchor for LDAP based directories and not providing the object type for update/delete operations in delta import.

 

There is also a new Connector:

-        PowerShell. This is the MCS Connector the PG took back and productized. Some of the features mentioned above for ECMA 2.2 were added to make this Connector easier to use.

 

The PG also refreshed some Connectors based on feedback from our previous pre-release:

-        SharePoint User Profile Connector will allow you to connect to the user profile store in SharePoint. This will simplify integrations for multi-forest and non-AD directories.

-        The Generic LDAP Connector is intended for connectivity with Open LDAP directories.

 

The PG team is also looking for customers who would be interested to test these Connectors in a production environment.
These customers will get access to the Volume License version of FIM.

(If interested, ping me an email on peter(at)fim2010.com)

Make sure you have signed up for the program “Forefront Identity Manager 2010” – “FIM Synchronization Service Connectors Pre-release” on Connect. Even if you had access to a previous FIM2010 connect program, you need to add yourself to the Connectors program.

You can then find the download here:
https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=48615

Categories: Security

Security Compliance Manager 3.0 now available for download!

Wed 6 Feb 2013 Leave a comment

From:
-
http://blogs.technet.com/b/secguide/archive/2013/02/05/secure-your-environment-with-scm-3-0.aspx

-
http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

The Solution Accelerators Security Team at Microsoft is pleased to announce that the latest version the Microsoft Security Compliance Manager (SCM) – Version 3.0 – is released and available for download!

In addition to key features from the previous version, SCM 3.0 offers new baselines for Windows Server 2012, Windows 8, and Internet Explorer 10! SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager.

SCM 3.0 provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

Download SCM 3.0 Now!

Thank you for your continued interest in:Security Compliance Manager.

For more information on Security Compliance Manager and to be involved in discussions, please use the following resources:

Categories: Security

Forefront Identity Manager (FIM) 2010 R2 SP1 officially announced

Fri 1 Feb 2013 Leave a comment

Yesterday Microsoft officially announced the release of Forefront Identity Manager (FIM) 2010 R2 SP1.

Want an overview of the media coverage?

As mentioned in the server & cloud blog

Links and Downloads

Categories: Security

New Wiki article: Troubleshooting FIM: GALSync stopped-server on ADMA export

Fri 25 Jan 2013 Leave a comment

Source:
http://social.technet.microsoft.com/wiki/contents/articles/15526.troubleshooting-fim-galsync-stopped-server-on-adma-export.aspx

As it’s a Wiki, feel free to contribute to this article!

Here’s what I started with…

Problem statement

GALSync configuration halts on execution of the export on the AD MA.
FIM throws an error “stopped-server” on export.

Symptoms

Eventviewer

Log Name:      Application
Source:        Application Error
Date:          1/17/2013 9:38:58 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FIMServer.domain.local
Description:
Faulting application name: mmsscrpt.exe, version: 4.1.3114.0, time stamp: 0x50ad5a10
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000053fcc
Faulting process id: 0×568
Faulting application start time: 0x01cdf4ea0fdebb1d
Faulting application path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\mmsscrpt.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 88bd4904-60dd-11e2-b03f-005056910162
Event Xml:
<Event xmlns=
http://schemas.microsoft.com/win/2004/08/events/event
>
<System>
<Provider Name=“Application Error”/>
<EventIDQualifiers=“0″>1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0×80000000000000</Keywords>
<TimeCreated SystemTime=“2013-01-01T00:00:00.000000000Z”/>
<EventRecordID>1531</EventRecordID>
<Channel>Application</Channel>
<Computer>FIMServer.domain.local</Computer>
<Security/>
</System>
<EventData>
<Data></Data>
<Data>4.1.3114.0</Data>
<Data>50ad5a10</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000005</Data>
<Data>0000000000053fcc</Data>
<Data>568</Data>
<Data>01cdf4ea0fdebb1d</Data>
<Data>C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\mmsscrpt.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>88bd4904-60dd-11e2-b03f-005056910162</Data>
</EventData>
</Event>

Troubleshooting Steps

Uncheck Exchange provisioning on the ADMA and see if it works out.
Then try to test RPS URI from the FIM server in powershell.
If it doesn’t work there is an issue with the RPS URI.

Resolution

  1. Check the RPS URI configuration, use the FQDN instead of simple server name.Eg. replace
    http://exchsvr/powershell
     with

    http://exchsvr.mycompany.com/powershell
    .
  2. Check the RPS URI can be reached

See Also

Categories: Security

New book about Unified Remote Access 2012 is out!

Thu 3 Jan 2013 Leave a comment

My MS Colleague Erez Ben-Ari has published a new book on Unified Remote Access with Windows server 2012.
A must have!

Source:
http://blogs.technet.com/b/ben/archive/2012/12/27/the-new-book-about-unified-remote-access-2012-is-finally-out.aspx

Book available at: http://www.packtpub.com/windows-server-2012-unified-remote-access-planning-and-deployment/book&#8221;>
http://www.packtpub.com/windows-server-2012-unified-remote-access-planning-and-deployment/book

 

Categories: Security

Packt Publishing: Seasonal eBook Offer – Buy 2 or more $5 each (Offer Extended to 4th/jan!!)

Thu 3 Jan 2013 Leave a comment

To celebrate the festive season, Packt announced a special eBook offer.

As the offer has been extended to Friday 4th Jan 2013 (tomorrow)  Quickly surf to :
http://tinyurl.com/7fe7946

“All [yes, ALL] Packt eBooks are on offer now for $5 | €4 | £3 |  AUS$5 each when you buy 2 or more.
Just add the eBooks into your cart and when you have chosen 2 or more eBooks, you’ll  get each for $5 per copy when you checkout.

This offer is available until Friday 4th Jan 2013.

Packt eBooks are flexible and easy to use on any reader:     -

  • Download any version, any time, from your account on www.packtpub.com
  •  Available PDF, ePub [Android, Kobo], Mobi [Kindle]  -          You can email it right onto your Kindle from your account
  •  No DRM, meaning you can copy to any device, as often as you like
  •  You can print, and copy and paste from the eBook directly.”

My suggestions to get started in 2013:

1. Microsoft Forefront Identity Manager 2010 R2 Handbook :

http://www.packtpub.com/microsoft-forefront-identity-manager-2010-r2-handbook/book

2.  Freshly published: Windows Server 2012 Unified Remote Access Planning and Deployment

http://www.packtpub.com/windows-server-2012-unified-remote-access-planning-and-deployment/book

3. Microsoft Forefront UAG 2010 Administrator’s Handbook

http://www.packtpub.com/microsoft-forefront-uag-2010-administrators-handbook-raw/book

4. Mastering Microsoft Forefront UAG 2010 Customization

http://www.packtpub.com/mastering-microsoft-forefront-uag-2010-customization/book

Happy reading!

Categories: Security
Follow

Get every new post delivered to your Inbox.