MIM

Note-to-self: offline preparation for MIM Portal on Sharepoint 2019 without internet connection
  1. Introduction
    1. Prerequisites
  2. AppFabric troubleshooting
    1. Troubleshooting Error 1603
    2. Solution (in my case)
    3. Other reference:

What if you need to install MIM (Microsoft Identity Manager) Portal on a server that has no internet connection?

Introduction

When installing MIM you could face a situation where the MIM servers is part of intranet, and internal domain, but without internet connection.

If you’re lucky the internet connection is redirected via an internet proxy, but that’s not always the case… Highly sensitive servers, like domain controllers or identity management servers, are better kept disconnnected or at

It’s a common scenario to avoid that an internal server (and in this case the MIM server) is establishing a break-out connection to internet.

But when you install Sharepoint for the MIM portal server, the installation wizard has some prerequisites to install and by default it will fetch the prerequisites… from internet.

Prerequisites

Source: https://learn.microsoft.com/en-us/sharepoint/install/hardware-and-software-requirements-2019

  • Web Server (IIS) role (server feature)
  • Windows Process Activation Service feature (server feature)
  • Microsoft .NET Framework version 3.5 (server feature)
  • Microsoft .NET Framework version 4.7.2 (server feature)
  • Microsoft SQL Server 2012 Service Pack 4 Native Client
  • Microsoft WCF Data Services 5.6
  • Microsoft Identity Extensions (identity foundation > server feature)
  • Microsoft Information Protection and Control Client 2.1 (MSIPC)
  • Microsoft Sync Framework Runtime v1.0 SP1 (x64)
  • Windows Server AppFabric 1.1
  • Cumulative Update Package 7 for Microsoft AppFabric 1.1 for Windows Server (KB 3092423)
  • Visual C++ Redistributable Package for Visual Studio 2012
  • Visual C++ Redistributable Package for Visual Studio 2017

The server features you need to install from the Windows Server manager > Add Roles and Features.

The other options will be fetched from internet, but if you can’t connect to internet, you can manually download them.
Source information

Due to the lack of the internet connection you might also see an additional erro when installin the AppFabric module..

AppFabric troubleshooting

Troubleshooting Error 1603

Solution (in my case)

https://stackoverflow.com/questions/26026901/installing-appfabric-1-1-with-powershell-dsc-results-in-modal-dialog-error

Installation of AppFabric with verbose logging: 

            Start-Process -FilePath 'c:\temp\SharePoint\pre\appfabric\setup.exe' -ArgumentList '/i cacheclient","cachingService","CacheAdmin /gac /l c:\temp\appfabric.log' -Wait | Write-verbose

Other reference:

Microsoft Identity Manager online resources (#MIM2016)
  1. Quick note on Microsoft Learn & Docs
  2. Microsoft news and announcements
    1. Microsoft Product support lifecycle
    2. Feeds
  3. Official documentation – Microsoft
    1. Getting prepared
    2. Best practices
    3. Deployment documentation
    4. MIM for developers
    5. MIM reference material
  4. Github
    1. (Microsoft) MIM Configuration Documenter
    2. (Microsoft) Workflow Activity Library (WAL)
    3. MIM projects
  5. Microsoft Community
    1. Forums (Active)
    2. Microsoft Answers
    3. Forums (Achive)
    4. Technet blogs archive
    5. Experts Exchange
    6. Microsoft Wiki
      1. FIM/MIM related content (check the tags)
      2. ILM/FIM/MIM article overview
      3. ILM/FIM/MIM Troubleshooting
    7. The FIM/MIM geek blogs & posts…
  6. Social Media
    1. Facebook
    2. Twitter
  7. Books
    1. Online Companion guide for MIM 2016 book
  8. Visio Stencils
  9. Archives
    1. Microsoft Learn – previous versions

Quick note on Microsoft Learn & Docs

A while ago Microsoft moved from Docs (Docs.microsoft.com) to Learn (Learn.microsoft.com), but still some older information might point to the Docs links. In case the redirect fails, replace the docs prefix in the URL to learn an try again.
If it still fails, Bing it and let me know.

Microsoft news and announcements

Microsoft Product support lifecycle

https://docs.microsoft.com/en-us/lifecycle/products/?terms=Identity

Feeds

Official documentation – Microsoft

Getting prepared

Supported platforms: https://learn.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-supported-platforms

Best practices

https://learn.microsoft.com/en-us/microsoft-identity-manager/mim-best-practices

Deployment documentation

MIM for developers

MIM reference material

Github

(Microsoft) MIM Configuration Documenter

https://github.com/microsoft/MIMConfigDocumenter

(Microsoft) Workflow Activity Library (WAL)

https://github.com/microsoft/MIMWAL

MIM projects

https://github.com/search?q=mim2016

Microsoft Community

Forums (Active)

Microsoft Answers

Forums (Achive)

Technet blogs archive

Technet blogs archive: https://learn.microsoft.com/en-us/archive/blogs/

Experts Exchange

Microsoft Wiki

FIM/MIM related content (check the tags)

ILM/FIM/MIM article overview

https://social.technet.microsoft.com/wiki/contents/articles/3610.fim-2010-mim-2016-related-wiki-articles.aspx

ILM/FIM/MIM Troubleshooting

https://social.technet.microsoft.com/wiki/contents/articles/3610.fim-2010-mim-2016-related-wiki-articles.aspx#FIM_Troubleshooting_Article

The FIM/MIM geek blogs & posts…

Below you’ll find some interesting and helpful articles and posts (some of the are old/archived… But still valid for MIM too.)

In alphabetic order (on last name)

Social Media

Facebook

Twitter

Books

Online Companion guide for MIM 2016 book

Visio Stencils

https://github.com/PeterGeelen/Microsoft-Identity-Manager/tree/main/FIM-MIM%20stencils

Archives

Microsoft Learn – previous versions

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ee652263(v=vs.100)

#MIM2016 Troubleshooting: SQL Connection issues

On TNWiki you’ll find my latest article on MIM 2016 troubleshooting.

MIM 2016 Troubleshooting: SQL Connection issues

This week I got (dragged into/) involved in a MIM 2016 performance troubleshooting, on a test / dev server, facing a large bunch of errors.

The first detection happened on the sync server, but apparently rather it’s twin brother was causing the issues.

It became pretty quickly obvious that MIM was not able to connect to (one of) it’s databases on the SQL server, so the sync engine was unable to pull information from the MIM service.

Also bizar, we could still work on the MIM sync GUI, but almost any MA action in the GUI failed…

Furthermore the Portal did not respond and finally the “MIM Service” service, didn’t behave as expected, not willing to start.

The event viewer contained the obvious amount of errors…

Finally,  the SQL DBA to the rescue.

I’ve added a lot of significant technical event info into the article, to make it easy to search for you, for later reference.

Read the tech details in: MIM 2016 Troubleshooting: SQL Connection issues

Updated: 2020-12-29

#MIM2016 Troubleshooting: Uninstall fails with error – Administrator privileges are required to run installer. Please re-launch installer with administrator privileges.

I’ve got a new post up on TechNet Wiki about MIM2016 troubleshooting:

Full version at the TNWIKI: MIM2016/FIM2010 Troubleshooting: Uninstall fails with error – Administrator privileges required

Feel free to add useful information yourself, I’m looking forward to your feedback and cooperation to make it better.

The short version is below.

Rikard Strand Jump has published a similar article, which has served as baseline for this article. Rik’s article is focussed on DirSync, but the troubleshooting below is more widely applicable and even programs not related to FIM/MIM/DirSync…

When you try to uninstall or to change the component from the Control Panel > Programs (Uninstall a program), you get a error pop up, saying:

Administrator privileges are required to run installer. Please re-launch installer with administrator privileges.
 
There are some troubleshooting steps, including running the Control Panel in administrator mode.
 
If that doesn’t work, you need to find the uninstaller info in the registry and run the msiexec command with the uninstaller info.
Open the registry editor and navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

In this directory you’ll find the installed programs with their GUID, which is mostly fixed per application.

Eg

  • MIM 2016: {5A7CB0A3-7AA2-4F40-8899-02B83694085F}
  • DirSync/AADConnect: {C9139DEA-F758-4177-8E0F-AA5B09628136}

And finally, the quick and dirty option is to kill the uninstall registry key before your run the uninstall from the control panel again

In case of MIM2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A7CB0A3-7AA2-4F40-8899-02B83694085F}
 
You know the usual warning: I didn’t tell you to delete the registry key.

Last update: 2020-12-30

Note-to-self: Hotfix rollup package (build 4.4.1459.0) is available for #MIM2016 SP1

Microsoft has released an hotfix for MIM2016 SP, with an awful lot of updates and improvements.. to much to list… but more to read:

See here: https://support.microsoft.com/en-us/help/4012498/hotfix-rollup-package-build-4-4-1459-0-is-available-for-microsoft-iden

Last update: 2020-12-30

Note-to-self: Got #MIM2016 product feedback, feature wish list? aka.ms/mimfeedback

Very short note-to-myself (#memory-function-on)…

David Steadman, respected @fimguy, now  @TheMIMGuy posted an interesting poke…

So, got any constructive suggestion, move over to that feedback page at: https://aka.ms/mimfeedback

(Last update: 2020-12-31)

#MIM2016 Troubleshooting: FIM MA Full import error 0x80070002

This post has been published on TNWiki too, and waiting for your input at: MIM 2016 Troubleshooting: FIM MA Full import error 0x80070002

Symptoms

When you try to run an Full import run profile on the MIMMA, you get an error message in the MIM GUI.

On screen

Unable to run the management agent.

The system cannot find the file specified. (Exception from HRESULT: 0x80070002)

Error message

Log Name:      Application
Source:        FIMSynchronizationService
Date:          10/17/2016 5:38:58 PM
Event ID:      6309
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER.SUBDOMAIN.AD.ACCEPT.ROOT
Description:
The server encountered an unexpected error while performing an operation for a management agent.
"BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)
Forefront Identity Manager 4.3.1935.0"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="49152">6309</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-17T15:38:58.000000000Z" />
    <EventRecordID>409902</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER.SUBDOMAIN.AD.ACCEPT.ROOT</Computer>
    <Security />
  </System>
  <EventData>
<Data>BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)
Forefront Identity Manager 4.3.1935.0</Data>
  </EventData>
</Event>

Other symptoms

When you try to stop the run of the MIM MA you get an error.

Root cause

The option “run the management agent in a separate process” is activated.

Resolution

Uncheck the option “Run this management agent in a separate process” from the “Configure extensions” item in the management agent properties.

Updated: 2020-12-30

#FIM2010 & #MIM2016 Error 25009 fun stuff on #TNWiki

For the FIM Geeks, I’ve submitted some new FIM/MIM 25009 event troubleshooting articles on TechNet Wiki (http://aka.ms/Wiki)

Plus, a page the collects all the 25009 troubleshooting resources, including lots of fun stuff of Tim Macauly.

If you got more of this 25009 fun stuff yourself, feel free to add your articles and add them to the collection page.

Updated: 2020-12-30

The new #MIM2016 book is out! Must have!

I just got the notice from Packt Publishing today that the new MIM2016  book has been published!
Go check at http://aka.ms/mim2016book.

David Steadman and Jeff Ingalls have been working very hard to create a reference piece of literature, so it’s a must have for your bookshelf.

From the early beginning of the book I’ve been involved in the reviewing, and although it has been a bumpy ride, it has been a great time!

I know my FIM/MIM geekiness/freakiness must have caused quite some headaches to the authors and the publishing project team at Packt, but just be sure it was for the better good.

The ebook version is awful cheap, but I’m going for the paper version anyway as I’m convinced it’s a must have.

So my future FIM/MIM students will have something to look forward to (meaning get their hands on MY copy of the book, … )

3925EN_4526_Microsoft%20Identity%20Manager%202016%20Handbook_jpg

Congratz, David and Jeff!
Now you can take a well-deserved vacation!

 

New hotfix rollup package (build 4.3.2266.0) is available for #MIM2016

Source: https://support.microsoft.com/en-us/kb/3171342

Quick overview below, full detail in KB article referenced.

Issues that are fixed and features that are added in this update

This update fixes the following issues and adds the following features that were not previously documented in the Microsoft Knowledge Base.

Privileged Access Management (PAM)

Issue 1: PAM monitor service error with PRIV only PAM USER

 

FIM add-ins and extensions

Issue 1: SSPR windows clients with high DPI have incorrect scaling of the final page

Issue 2: SSPR Windows client text message overlap

 

FIM Certificate Management

Issue 1: <span “text-base”=””>ExecuteOperations.Disable operation issue

Issue 2: Smart Card search issue

Issue 3: Profile summary issue

Issue 4: Duplicate revocation settings policy issue

Issue 5: Certificae Management portal issue with LDAP CN name

Issue 6: misplaced link in Certificate Management portal for certain languages

 

FIM Synchronization Service

Issue 1: MA config wizard issue

Issue 2: error messages logged in Event Viewer + Perf counter issue

Issue 3: Issue with Full sync vs Equal precedence

Issue 4: ECMA2 issue with incorrect page size

Issue 5 :error message from the Management Agent cannot be parsed if it contains some special symbols

Issue 6″Reference to undeclared entity ‘qt'” error message

Issue 7: <span “text-base”=””>New Functionality:/span> The ability to skip the Management Agent during the import of a server configuration is added.

Issue 8: A “MEMORY_ALLOCATION_FAILURE” error occurs in the Performance Monitoring tool.

 

FIM Portal

Issue 1: incorrect display of multivalue labels

Issue 2: RCDC update XML format not verified

Issue 3: cannot drag and drop user to remove box

Issue 4: Local date and time issue

Issue 5 RCDC additional attributed included

 

 

FIM Service

Issue 1: SharePoint Server 2013 and later , workflow issue, the version is automatically updated to 4.0.0.0. This causes a system error message during processing.

 

BHOLD

Issue 1: issue with incompatible permissions

Issue 2 attribute based AuthZ issues

Issue 3: Acces management connector issue

Issue 4: error during BHOLD installl in IIS

Issue 5: user role permission issue with extraction

Issue 6: email alias truncated if longer than 30 char.

Last update: 2020-12-30