Microsoft

Note-to-self: #DPIA for cloud – reference material (focus on #Microsoft cloud)

In interesting set of reference material, that is regularly coming back in data protection, cybersecurity and information security discussions I lately had with peers and colleagues.
May you can use it too…

Feel free to provide some feedback yourself, if you know additional pointers I should add.

You know where to find me.

Change history

2022-04-27 14:00: Added EDPB announcement to references section

Governmental DPIAs

Netherlands

2018-12-06: DPIA on Microsoft Office 2016 & 365

https://iapp.org/news/a/dutch-government-commissioned-dpia-on-microsoft-office-pro-plus/

Direct download of PDF:

2022-02-22: DPIA on Microsoft Office 365

https://www.dataguidance.com/news/netherlands-dutch-government-publishes-dpia-microsoft

Press release by Dutch Government:

2022-02-21 https://www.rijksoverheid.nl/documenten/publicaties/2022/02/21/public-dpia-teams-onedrive-sharepoint-and-azure-ad

Publication of DPIA by Dutch Government

2022-02-21 : https://www.rijksoverheid.nl/documenten/publicaties/2022/02/21/public-dpia-teams-onedrive-sharepoint-and-azure-ad

Source: Beltug news https://www.beltug.be/news/7430/Dutch_government_publishes_DPIA_and_DTIA_for_Microsoft/

2022-02: The Dutch Ministry of Justice and Security requested an analysis of US legislation in relation to the GDPR and Schrems II by GreenburgTraurig.

Switzerland

In a recent article (In French) by ICT journal, the Canton of Zurich published a

https://www.ictjournal.ch/articles/2022-04-26/comment-le-canton-de-zurich-a-estime-le-risque-de-passer-sur-le-cloud-de

Research

Researchgate

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

https://www.researchgate.net/publication/349882283_Data_Protection_Impact_Assessment_DPIA_for_Cloud-Based_Health_Organizations

Guidelines

CNIL

https://www.cnil.fr/en/tag/Privacy+Impact+Assessment+(PIA)

https://www.cnil.fr/en/guidelines-dpia

IAPP

https://iapp.org/news/a/guidance-for-a-cloud-migration-privacy-impact-assessment/

Templates

IAPP

https://iapp.org/resources/article/transfer-impact-assessment-templates/

Referring to:

IAPP Templates

Supplier references

Microsoft

Data Protection Impact Assessment for the GDPR

2021-11-17: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-data-protection-impact-assessments

Data Protection Impact Assessments: Guidance for Data Controllers Using Microsoft Professional Services

Part 1: Determining whether a DPIA is needed

https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dpia-prof-services?view=o365-worldwide#part-1–determining-whether-a-dpia-is-needed

Part 2: Contents of a DPIA

https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dpia-prof-services?view=o365-worldwide#part-2-contents-of-a-dpia

Download Customizable DPIA document

https://www.microsoft.com/en-us/download/details.aspx?id=102398

(more to come, this article will be updated with additional references when necessary)

Other relevant references

EDPB (European Data Protection Board)

Launch of coordinated enforcement on use of cloud by public sector

https://edpb.europa.eu/news/news/2022/launch-coordinated-enforcement-use-cloud-public-sector_en

Outlook: Set an automatic out-of-office message with Power automate

Credits

FEMKE CORNELISSEN

This article has been translated from the original Dutch version published by Femke Cornelissen in to English, with an explicit and upfront consent of Femke (find her on LinkedIn).

Original article in Dutch

You can find the original article here: https://femkecornelissen.com/2022/02/23/afwezigheid-automatisch-instellen-via-power-automate/.

Except from the original Dutch content, also some Dutch screenshots have been replaced with an English version. And some extra notes are added for clarity.

Additional information

Power Automate is part of M365 license. More information here: https://docs.microsoft.com/en-us/power-platform/admin/power-automate-licensing/types

Set an automatic out-of-office message with Power automate

You got a day off and you forgot to turn on your out-of-office (OOF) assistant in Outlook. Pretty recognizable, right?

With the out-of-office message, people who send you an email see that you are absent. But in addition, this is of course also reflected in Microsoft Teams. When you try to contact someone, there is a notification or you can recognize it by the presence icon of the profile picture in the chat.

It’s quite interesting that this process is quite easy to automate with Power Automate. When I’m OOF is set in my calendar, the next step (in this case, turn on absence) must be performed.

Shall we walk through it together?

Steps

You go to https://flow.microsoft.com/ where you land in (M365) Power Automate.

Then click the create button.

Opt for an automated cloud flow.  We’re going to make sure when something is on your calendar, something happens.

Create > Automated cloud flow

Choose a flow name (like for example “Automatic out of office”)

Define flow name

At the trigger, choose “When an upcoming event is starting soon (V3)” and then click Create.

Select: When an upcoming event is starting soon (V3)

When the flow is created, make sure your calendar is selected.

Select your calendar

Then click new step.

Choose “Condition” or find the option conditions and then select it.

Condition Selection

For example, the condition can be the triggers that indicate that you are free or unreachable.

[Note, this can be a certain word in the subject, or an event type. Femke’s example is using a marker word in the subject. ]

Set condition type and options

Then you have the following two options:

  • With YES you indication which actions must be executed.
  • At NO, nothing happens (in our case)
Yes/No condition options

We’re going to add an action to the “If yes” clause.

You choose the action “Set up automatc replies (V2)

Automatic replies

[Make sure to set the start and end date of your appointment, as this will set the OOF start and end time too…]

You can copy the following data, but of course make it a personal text.

[Note: a white line, or break line must be set in HTML tag <br>]

You can click save in the top right corner and you’re done!

Now you never have to turn on your absence again, but this happens automatically. Handy, right?

Credits & original article: https://femkecornelissen.com/2022/02/23/afwezigheid-automatisch-instellen-via-power-automate/ by FEMKE CORNELISSEN

This award is for you, because YOU are my most valuable professional who made this possible.

I’m honored and humbled that I’m part of the Microsoft Most Valuable Professional (MVP) community award for another year.


As explained on the program page “MVPs, are technology experts who passionately share their knowledge with the community.” It’s an award for your Microsoft community work of the past year… you can find more details on the MVP website mentioned earlier.

But building community is not a one-person activity, not a job, …

It’s a passion, it’s fun, sharing knowledge and best practices with many people over the world, all eager to build community.

And last year (or longer) has been very challenging to keep the community running without face-2-face events, shifting to online only. It was hard work. And the MVP award renewal cycle has been very special this year, taking into account the Corona conditions.

But nevertheless, I can’t keep up this work without support of you, my dearest colleagues, partners, technology experts, community fellows, my audience, …
I won’t list any specific person, because I would not do honor to all the rest… too many to list.

Therefor a big shout out of gratitude for your support.

Thank YOU for supporting me, making this possible.

I dedicate this award to you, to your support. This is your award.


In the world of security, cyber- and cloud security, sharing knowledge is one of the most important principles to win the battle against cybercrime. Learn from the mistakes others have made.

I’m doing my best to keep up the work and to meet the bar of excellence, to be an community lead, to build community and to share knowledge.

This award and your appreciation gives me the extra motivation to keep going and do better next year!

Thank you!




Published on TNWIKI: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)


Published at: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)

Applies to

  • Window Server 2016

Issue

.Net Framework 3.5 installation fails on Windows Server 2016

Troubleshooting

Tried many solutions like below

.NET 3.5 Uninstall detected

See:
MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log

Windows Feature installation

See:
Windows Server 2012 R2 Troubleshooting: .NET Framework 3.5 installation failure (Offline/Online)

GPO Setting

See:
.Net Framework 3.5 Troubleshooting: installation errors (GPO)

Hotfix issue

See:
SharePoint 2013 Troubleshooting: NET 3.5 framework add feature error (the source files could not be found)

Solution

Grant read permission to the Everyone group on the installation files.

Check:
https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features

 

Important

When you are installing feature files from a remote source, the source path or file share must
grant
Read permissions either to the
Everyone
group (not recommended for security reasons), or to the computer (local system) account of the destination server; granting user account
access is not sufficient.

Servers that are in workgroups cannot access external file shares, even if the computer account for the workgroup server has
Read permissions on the external share. Alternate source locations that work for workgroup servers include installation media, Windows Update, and VHD or WIM files that are stored on the local workgroup
server.

See also

References


 

Microsoft MVP for another year…

Today I received some exciting news: I was re-awarded the Microsoft MVP award for Enterprise Mobility (Identity & Access).

https://mvp.microsoft.com/en-us/PublicProfile/5002204?WT.mc_id=ES-MVP-5002204

Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community.

It’s my 6th award since 2008 (with a break as Microsoft Employee from 2012 to 2016).

But what is more important: I couldn’t achieve this without the help of the Microsoft Community, more specific with the help of the highly motivated TechNet Wiki Ninja’s 

To all who made this possible: thank you very much for supporting me.

Highly appreciated!!

Updated: 2012-12-29

Note-to-self: #MIM2016 & #FIM2010 Config documenter released on GitHub

Source: Announcement on MIM 2016 Group on LinkedIn by  Jef Kazimer

Source Code: https://github.com/Microsoft/MIMConfigDocumenter

Jef announced that the Identity Community Projects team has published the MIM Config Documenter tool to the Microsoft GitHub Organization as an open source community project.

The MIM configuration documenter is a very nice and easy tool to generate documentation of a MIM / FIM synchronization or service installation.

It allows to: 

  • Document deployment configuration details for the MIM / FIM solution, including MIMWAL Workflow definitions
  • Track any configuration changes you have made since a specific baseline
  • Build confidence in getting things right when making changes to the deployed solution

You can find the project code, releases, and documentation at https://github.com/Microsoft/MIMConfigDocumenter

 

Note-to-self: Hotfix rollup package (build 4.4.1459.0) is available for #MIM2016 SP1

Microsoft has released an hotfix for MIM2016 SP, with an awful lot of updates and improvements.. to much to list… but more to read:

See here: https://support.microsoft.com/en-us/help/4012498/hotfix-rollup-package-build-4-4-1459-0-is-available-for-microsoft-iden

Last update: 2020-12-30

#FIM2010 / #MIM2016 not so dead, and what you didn’t hear.

What seemed to be a small note on a MPN blog, landed on LinkedIn and finally got into a pretty… eh how would you name it … disappointing, bizar, vicious, mean, deviant, misunderstood .. nah .. just a wrong direction, has caused quite some confusion.

And looking at the IM and messages I get, it still is.

Let me spoil the clue of the story: Microsoft Identity and Access, FIM, MIM,… IS … ALIVE. VERY MUCH ALIVE. (NOT DEAD)
If you need more detail, continue…

Lots of things have been said and I don’t want to repeat too much stuff, and certainly don’t want to take credit for it.
But let me pick some core components of the discussion and get a few things straight.

Why not refer to the sources first, by chrono. (If you want to have them in a short list all together, quickly read through the post till the end.)

It started here (by Gavriella Schuster on 12 April 2016):

https://blogs.partner.microsoft.com/mpn/microsoft-partner-network-evolution/?ln=en-US

In essence Gavriella discusses MPN (Microsoft Partner Network) competencies and mentions the “The retiring competencies”, which include: “Identity and Access”.
She doesn’t mention any product specifically, but she doesn’t mention either that “Identity and Access” is being moved to the Enterprise Mobility Management (EMM) competency.
This is clearly a cause for confusion, disappointment and misunderstanding.

But if you continue to read her post and check the next paragraph, you’ll see:

  • Interactive MPN Evolution Guide – This NEW interactive tool is your first step to guide your decision process. Use this to explore all of the new paths and options and easily identify which is the best fit for your business.
  • MPN Evolution Page – This is an overview of the changes, including the full list of impacted competencies and timeline.
  • FAQ – We have received feedback from some of your peers in our advisory councils and compiled answers to some of the questions we anticipate you might have. We will continue to build on these as we receive new questions.

 

After a few clicks in the MPN evolution guide, you’ll see that “Identity and Access” is now in the Enterprise Mobility Management (EMM) competency. But it takes a few pages to find out. Right.

Also the MPN Evolution FAQ (downloadable PDF) says:

“Identity and Access Competency

Q) Where can I find more information about Enterprise Mobility Suite and partner opportunities?
A) For Enterprise Mobility Suite information, go here. For competency information, go here.

Q) Where can I find more info around Enterprise Mobility Suite incentives eligibility via the Enterprise Mobility Management Competency?
A) To learn more about EMS Incentives, visit the portal page, here. “

A few days later a post on LinkedIn interpretes the competency change as “It marks the end of MIIS, ILM, FIM, and MIM“.
This opinion/ interpretation ignited a discussion or list of comments that even got vicious and mean if not incorrect. But I’ll leave that to your own interpretation.

But I can certainly advise to read all of it.

One of the key comments is posted by Alex Simons (Director of PM, Microsoft Identity Division): (quote)

“This focus area has just been combined with Mobility as we believe the overall category is merging as part of the shift we are seeing among customers to a modern end-user productivity model which merges Identity, Mobiltiy and Information Protection together to enable workers to get their jobs done wherever they are. So don’t let the merger fool you! We have more engineers working on Identity and Access Managemebt today (600+ across the cloud and on-premises) than we have ever had before at Microsoft!”

Apparently, due to some technical issues, an important comment of David Steadman never got posted to that thread. And probably for that reason, it got disconnected.
But it’s a damn important insider-note or add-on to Alex’ message.

“Identity within Microsoft not Dead!!”

“/../ this is not the end to identity platform. It simply transforming to what customers are demanding, just like MIIS changed and ILM. Merging the assets makes sense, As we have seen with this product and others. If you do not change you will be left behind it is a strategic change that meets the demand of our Azure Customers and On-premise Customers. Also the MIM product group has release a few new additions to MIM CTP4 /../”

“… Because Microsoft is the Identity platform and as this merger of Identity, Mobility and Information Protection continues you will see great add to the story and services.”

A few days later, , posts an interesting reply to the discussion. To jump to his conclusion: “ Success in the cloud is underpinned by a well-engineered Identity and Access infrastructure – and that is usually a hybrid on-premises/cloud infrastructure involving MIM, AD, Azure AD and much more. You can call it what you like, but rumours of its death have been greatly exaggerated.

And to close the discussion, you might want to get up to speed on what Microsoft Identity and Access aka Enterprise Mobility is heading to… with another post by Hugh.
It’s the essence of the whole story: Identity and Acces, now Enterpise mobility is not limited to the ‘identity technology’ anymore: consider”Advanced Threat Analytics, Secure Islands, Adallom, hybrid identity, devices and enterprise mobility management, Microsoft Identity Manager (MIM) including Privileged Access Management (PAM), new features in Microsoft’s Enterprise Mobility Suite, including changes in Azure Active Directory, Rights Management, and Intune… and more.

It’s damn clear that a specialist in Microsoft Identity & Access (eh sorry, Enterprise Mobility), will have plenty of work in the future.

That being said, here’s the short list.

References list of LinkedIn articles:

But that’s not all.
Recheck the Microsoft support lifecycle for the various products and save it for future reference:

 

*EDIT – 13/may/2016 … the discussion continues*
Above was the customer friendly version, as I’ve got quite some queries for details.
So it allows to explain that the pronounced dead essentially was a hoax.

On the FIM/MIM FB group, there was a very pertinent remark by Gil Kirkpatrick which I’m allowed to share here:

I’ve been utterly baffled at the public reaction to all of this… I’ve had probably a dozen people (a Kuppinger-Cole guy for chrissakes) tell me how MSFT has failed to crack the IAM market and how they’ve given up and EOL’d FIM/MIM, and now its a free-for-all and tha datacenter is on fire, and …, well you get the idea. It’s like nobody even bothered to read the announcement, and I don’t know, maybe look up some of the words in the dictionary if they were having trouble understanding it.”

+1

I personally think this is exactly the reason that David, Hugh and others (including me) have been fighting this hoax.

And I’ll not go into the view and recent reports of the market watchers, like Kuppinger-Cole and Gartner on Identity and Access, Identity Governance, .. whatever.
These are valuable if the reports are built on current, solid data.
But if a vendor does not participate in the survey for a year, or two, because their product stack is been overhauled and set ready for the future.. and therefore the ‘product suite’ does not fit to the market watchers categories (so it drops from the reports), it’s no reason to burry a product/vendor.

And certainly if these reports are published one year later… 
Things are moving fast, very fast.

Updated: 2020-12-30

Note-to-self: EMET 5.5 released

Source: http://blogs.technet.com/b/srd/archive/2016/02/02/enhanced-mitigation-experience-toolkit-emet-version-5-5-is-now-available.aspx

Microsoft announced “the release of EMET 5.5, which includes the following new functionality and updates:

  • Windows 10 compatibility
  • Improved configuration of various mitigations via GPO
  • Improved writing of the mitigations to the registry, making it easier to leverage existing tools to manage EMET mitigations via GPO
  • EAF/EAF+ pseudo-mitigation performance improvements
  • Support for untrusted fonts mitigation in Windows 10″

Download is available at: https://www.microsoft.com/en-us/download/details.aspx?id=50766

More interesting information at:

EMET 5.5 FAQ: https://support.microsoft.com/en-us/kb/2458544

EMET at the Security TechCenter: https://technet.microsoft.com/en-us/security/jj653751

FIM2010# MIISActivate – FIM Sync service terminated with service-specific error %%-2146234334

This article has been posted on TNWiki at: FIM2010 Troubleshooting: MIISActivate – FIM Sync service terminated with service-specific error %%-2146234334.


Situation

Failing over a FIM Sync Server to the standby FIM sync server using MIISActivate.

After using successfully MIISActivate, the FIMSync Service fails to start and logs an error in the eventviewer.


Symptoms

You’ll see 2 error messages in the event viewer, erro 7024 and error 6324.

Error 7024

Reference

This error is pretty similar or exactly like the error described in the following Wiki article:

FIM2010 Troubleshooting: FIM Sync service terminated with service-specific error %%-2146234334.

Screen

Error message Text

Log Name: System
Source: Service Control Manager
Date: 3/02/2016 15:08:59
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: servername.domain.customer
Description:
The Forefront Identity Manager Synchronization Service service terminated with service-specific error %%-2146234334.
Event Xml:
<System>
<Provider Name=”Service Control Manager” Guid=”{555908d1-a6d7-4695-8e1e-26931d2012f4}” EventSourceName=”Service Control Manager” />
<EventID Qualifiers=”49152″>7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=”2016-02-03T14:08:59.670239000Z” />
<EventRecordID>679744</EventRecordID>
<Correlation />
<Execution ProcessID=”516″ ThreadID=”1212″ />
<Channel>System</Channel>
<Computer>servername.domain.customer</Computer>
<Security />
</System>
<EventData>
<Data Name=”param1″>Forefront Identity Manager Synchronization Service</Data>
<Data Name=”param2″>%%-2146234334</Data>
</EventData>
</Event>

Error 6324

Error message Text

Log Name: Application
Source: FIMSynchronizationService
Date: 3/02/2016 15:08:59
Event ID: 6324
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Computer: servername.domain.customer
Description:
The server encountered an unexpected error and stopped.
 
“BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(5096): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(493): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(429): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x8023060d (The computer_id in the database does not match this computer.)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2145188339. This is retry number 0.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1041): 0x80131022 (unable to get error text)
Forefront Identity Manager 4.1.3634.0″
Event Xml:
<System>
< Provider Name=”FIMSynchronizationService” />
<EventID Qualifiers=”49152″>6324</EventID>
<Level>2</Level>
<Task>3</Task>
< Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2016-02-03T14:08:59.000000000Z” />
< EventRecordID>266336</EventRecordID>
<Channel>Application</Channel>
< Computer>servername.domain.customer</Computer>
<Security />
</System>
< EventData>
<Data>BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(5096): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(493): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(429): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x8023060d (The computer_id in the database does not match this computer.)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2145188339. This is retry number 0.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1041): 0x80131022 (unable to get error text)
Forefront Identity Manager 4.1.3634.0</Data>
</EventData>

</Event>


Solution

Restart Service twice

At the first attempt, the service will take a very long time to try starting.

When the initial attempt fails, try restarting the FIM Synchronization again.

Check DB connection

Use a UDL file with the Data Link Properties tool to check if you can connect to the FIM Sync Database.

More info:
FIM2010 Troubleshooting: FIM Sync service terminated with service-specific error %%-2146234334.


Also on this blog


Last update: 2020-12-30