FIM Metaverse & FIM Service

Similar Messages

• How do I manually uninstall FIM Portal and Service 2010

  I installed Forefront Identity Manager 2010 as follows:
  Server 1: FIM Sync Service
  Servers 2, 3: SharePoint Farm, FIM Portal and Service
  I've had issues from the installation. When installing FIM Portal and Service on Server 2 it failed to recognize fim sync service on server 1. We had FIM service unavailable errors in most usage scenarios (even though asmx returned service description).
  I was able to use RunAs different user to start browser as the service account used to install and run the FIM service, browse to the identity management site using
  http://localhost and saw the fim portal. I was never able to see the portal using DNS address or server name from the server 2 or any other computer on the network, or using any other account (although I checked the option to
  enable portal access for authenticated users).
  I tried to uninstall - this went through all the steps but failed during apply and did a rollback. However, subsequent attempts to change, repair or uninstall all fail with message that the site was not found, please create it...
  I would like to manually remove FIM Service and Portal and begin again. How do I manually remove FIM Service and Portal when uninstall fails?
  Thanks,
  David Saylor

  Are you getting this error message while uninstalling FIM?
  FIM Portal and Service is trying to find a site which is not there anymore.  Just add  the url which FIM was looking into the Central Administration >> Alternate Access Mappings 
  Save and exit out from Central Administration and try to uninstall now and it should work.  It worked for me.
  http://aryannava.com/2014/03/26/how-do-i-manually-uninstall-fim-portal-and-service-2010/
  Aryan Nava | Twitter: @cloudtxt | Blog:
  http://virtualizesharepoint.com
  Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.
  Aryan, you should convert your blog post into a Wiki article:
  http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx
  Thanks!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• FIM Portal Self Service User Provision Frequency

  Hi All,
  I have a question about fim portal self service.If a user updates their AD attributes (i.e telephone number) in the portal, how long before it appears in AD? Presumably it's dependent on a management agent run profile? If so can this be automatically triggered?
  On the other hand, I assume automatic triggerring in a production environment is a bad idea due to load and frequency?
  thanks

  Hello,
  my shedule is currently not the optimal, best way should be:
  1: AD MA Import
  2: FIM MA Import
  3: AD delta sync
  4: FIM delta sync
  5: AD export & delta import (confirm)
  6: FIM export & delta import (confirm)
  I will also bring my shedules to this order in near future. Currently I am in the process to run imports and export in paralell to speed up things using PowerShell Jobs or Workflows.
  Regards
  Peter
  Peter Stapf - Doeres AG - My blog:
  JustIDM.wordpress.com

• FIM Portal - FIM service could not be contacted. Please contact your administrator.

  Hello,
  I have an issue with FIM where I can access the fim portal in it's entirety on the fim server itself using my domain admin credentials, but if I try to connect in from another server I can get the FIM homepage, but clicking through various menus I receive
  a "service  could not be contacted error".
  I've setup fim as shown below:
  http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx
  vm-fim08-01 --- fim service + portal (uses SharePoint foundation 2010)
  DNS Alias "fimportal" for vm-fim08-01
  SharePoint - 80 application account: service.spportal
  FIM service account - service.fim
  vm-fim-sync -- fim sync service + sql 2008 R2
  vm-fim-sql08 -- contains SQL 2008 R2 DB for fim service
  SPNs configured as shown below (setspn -l):
  service.fim
  FIMService/fimportal
  FIMService/fimportal.domaina.local
  mssqlsvc/vm-fim-sql-01:1433
  service.spportal
  HTTP/fimportal.domaina.local
  HTTP/fimportal
  Delegation setup as shown in the pics on the two service accounts only.
  http://fimportal/IdentityManagement/default.aspxfrom the
  fim portal server (vm-fim08-01) works OK without  a login prompt for full portal access (I don't received the service could not be contacted message). Using the fqdn fimportal.domaina.local from the same server this time asks for a login prompt,
  I enter my current Windows credentials, get the home page, but I soon receive "The FIM service could not be contacted".
  Using a different server with the fqdn I'm prompted for a login (using the alias logs me in immediately). Either way, whenever I use a different server other than the fim portal server I soon receive "The FIM service could not be contacted".
  On the fim portal server's application event logs I see
  The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly. The cause may be
  due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service."
  I'm pretty sure this is down to an authentication failure, but changing delegation settings have not helped (I've tried setting my service accounts and computer accounts to delegate for any service, but it didn't help). I've checked my SPNs which
  look right to me. Any advice is much appreciated.
  Thanks in advance

  You did setup an alias for the DNS name. Kerberos delegation needs A records. If you use an Alias you get the type of errors you describe.
  Locally this works as the kerberos ticket is available on the local server. If you access the portal from another computer the FIM service has to request a ticket with delegation, that service needs a records as it uses the hostname in the request.

• Installing HA Fim Service

  Hi All 
  im following this guide to install FIM portal and Service with load balancing
  http://www.harbar.net/articles/fimportal.aspx 
  All went well, after modifying some of the scripts, but now the question is when i install the FIMservice on the second node do i create a new DB or i reuse the existing one ?
  Also when installing the password reg and res portals, inorder to make them externally accessible all i need to do is just specify the external names only ?
  Thanks in advance
  Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

  Thanks for your answer, but i am now struggling to get the portal up in the first place
  below is what i am doing 
   Configured LB for the 2 fim portal/service machines
  Deployed SPF 2013 and configure all the special settings and joined the second machine 
  Install fim service and portal on the 1st node 
  install fim service on the second node 
  All of the above goes successful until i try to login i get service unavailable in a forefront page
  any ideas if i am doing something wrong ?
  Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

• NLB for Two FIM Service and portal servers in single domain

  Hi,
  I am currently working in a FIM Project in which i need to install two FIM service and Portal Servers in single Domain.
  Customer wants to open the FIM Portal with common URL of both the Servers.
  I have only knowledge that we need to do NLB between IIS of both the servers. anyone can provide help that how can we achieve this.
  Any help would be really appriciated.
  Thanks,

  Actually - just configure NLB and make sure that your Sharpoint site collection handles access mapping for this common name. Best would be to create it with this name as a site name from the start. 
  Same for service - configure all nodes to use same service name and configure NLB. 
  Here is some blog post which should help on details:
  http://blogs.msdn.com/b/agileer/archive/2011/06/28/setting-up-an-nlb-cluster-for-a-fim-portal-web-service.aspx
  Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

• FIM Service could not be installed

  Experts,
  I am installing FIM 2010 R2 SP1.
  installation order
  step1 on server1 - FIM Synchronization server
  step2 on server2 - FIM Service
  step3 on server3 - FIM Portal
  FIM Synchronization service installed successfully.
  while installing FIM Service. All things goes smoothly but FIM Service is not visible in services.msc.
  What could be reason?
  Should I install Portal first?
  Thanks,
  Mann

  You can install FIM Service and FIM Portal at the same time as seen on this guide
  Step 8: Install FIM Synchronization Service, FIM Portal, SSPR, and FIM Reporting
  What happens if you open your browser in your FIM server and go to
  http://YourFIMServer/identitymanagement or
  https://YourFIMServer/identitymanagement if you have enabled SSL?
  He is not installing FIM Portal at the same box - so /identitymanagement would not work here...
  Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Deleting orphaned FIM MA CS objects

  Has anyone ever found that they needed to do this, but couldn't afford to delete the entire FIM MA CS to achieve this outcome?
  In my case I have a sync design which imports entitlement objects from two separate HR sources into FIM, but had the object deletion and FIM MA deprovisioning rules set incorrectly resulting in orphaned objects in the FIM MA when the source (projecting) MA
  object was deleted.  I have since corrected the rules, but had a few hundred bogus entitlement objects to delete out of FIM ... and wasn't prepared to work through the FIM Metaverse and manually disconnect each one ... and with no guarantee that I had
  solved my design problem yet, there was a chance they would come back again anyhow.
  So I needed to come up with a clever way of deleting these, and resorted to an old fashioned provisioning MVExtension to achieve this.  Here is the code snippet for my Provision method:
          void IMVSynchronization.Provision (MVEntry mventry)
              // disconnect any orphaned entitlements (this should be unnecessary
  if we can work out what is generating them)
              if (mventry.ObjectType.Equals(Properties.Settings.Default.EntitlementMVObjectName)
                  && mventry.ConnectedMAs.Count.Equals(1))
                  ConnectedMA fimMA = mventry.ConnectedMAs[Properties.Settings.Default.FIMMAName];
                  if (fimMA.Connectors.Count.Equals(1))
                      mventry.ConnectedMAs.DeprovisionAll();
  What I want to know is how others have approached this problem themselves.  I don't know if I really want to leave my MVExtension wired up forever, and am thinking there's probably a better way.  I can already hear Carol asking "why wouldn't you just
  use a PowerShell script?", and I can see how I might be able to copy the table results of an MV query from the Identity Manager into the clipboard, and paste it into a CSV, then process the CSV ... but there may not always be an easy way of identifying these
  objects with such a query (although there probably is!).
  Any other ideas people?
  Thanks.
  Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

  I accidently provisioned a few hundred objects into the FIM connector space, however they were never actually provisioned to the FIM portal due to attribute violation.  Long story short, these objects had nothing to match on aside from their guid.  So
  what I did was:
  Use PowerShell to find the CS DN of each orphaned object (link)
  Correlate these DNs to MV IDs
  Export the MV IDs to a csv file
  Create a tab-delimited MA, with a simple join rule - to join on this MV ID
  Configure deletion rule to delete MV object when <new MA> object was deleted
  Run a full import and sync (this joins to all the orphaned objects)
  Delete the <new MA> CS and then the MA itself.  This removes the orphaned objects per the deletion rule in #5.  
  sample code:
  #Import the FimSyncPowerShellModule Module
  ipmo FimSyncPowerShellModule
  $maNAME = 'Contoso FIMMA'
  #Get the last export run
  $LastExportRun = (Get-MIIS_RunHistory -MaName $maNAME -RunProfile 'Export')[0]
  #Get error objects from last export run (adjust your filter as needed...)
  $errorObjects = $LastExportRun | Get-RunHistoryDetailErrors | ? {($_.dn -ne $null) -and ($_.ErrorType -eq 'failed-creation-via-web-services')}
  #Build the custom Output Object
  $outputFile = @()
  $errorObjects | % {
  $TmpCSObject = Get-MIIS_CSObject -ManagementAgent $maNAME -DN $_.DN
  [xml]$UserXML = $TmpCSObject.UnappliedExportHologram
  $MyObject = New-Object PSObject -Property @{
  MVObjectID = (Select-Xml -Xml $UserXML -XPath "/entry/attr" | select -expand node | ? {$_.name -eq 'MVObjectID'}).value
  $outputFile += $MyObject
  #Output to file
  $outputFile | Export-Csv -NoTypeInformation $env:USERPROFILE\desktop\Deletions.csv
  See Wiki for latest updates:
  http://social.technet.microsoft.com/wiki/contents/articles/25249.deleting-orphaned-fim-ma-cs-objects.aspx
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Getting app-store-import-exception with FIM-MA Full Imports SQL Timeouts

  Hi,
  Any idea whats going on here? Full Import on FIM-MA leads to app-store-import-exception.
  Here is a quick profile of the situation:
  FIM Sync, FIM Service & FIM Portal all are instaled on the same machine with 24GB RAM hosted as a Virtual Machine.
  FIM-MA Full Import leads to app-store-import-exception
  Event log reports "Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding"
  Here is a screen shot: http://www.freeimagehosting.net/image.php?e5570db7f6.jpg
  As you can see, FIM-MA imported close to 118500 objects before timing out.
  Here are the things I have tried:
  Extended FIM timeout on the services as per
  Darryl's Blog
  Provided FIM MA's password as per
  Ahmed's suggestion
  Restricted SQL Service Max RAM to 15 GB (Machine has 24GB) as per
  David Lundell's suggestion
  Thanks for your help in advance.
  Thanks,
  Here is the Application Event Log
  Log Name: Application
  Source: FIMSynchronizationService
  Date: 1/6/2011 11:29:00 AM
  Event ID: 6500
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: fimsrv.fimdev.pvt
  Description:
  The description for Event ID 6500 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  There is an error executing ILM MA full import.
  Type: System.Data.SqlClient.SqlException
  Message: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
  Stack Trace: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
  at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
  at System.Data.SqlClient.SqlDataReader.get_MetaData()
  at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
  at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader()
  at Microsoft.ResourceManagement.Data.Sync.FullImportGetNext(Int64 beginObjectKey, Int64 maxObjectKey, Int32 batchSize)
  at MIIS.ManagementAgent.RavenMA.FullImportGetNextBatch(Int64 maxObjectKey, Int32 batchSize)
  the message resource is present but the message is not found in the string/message table
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="FIMSynchronizationService" />
  <EventID Qualifiers="0">6500</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2011-01-06T17:29:00.000000000Z" />
  <EventRecordID>1582399</EventRecordID>
  <Channel>Application</Channel>
  <Computer>fimsrv.fimdev.pvt</Computer>
  <Security />
  </System>
  <EventData>
  <Data>There is an error executing ILM MA full import.
  Type: System.Data.SqlClient.SqlException
  Message: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
  Stack Trace: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
  at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
  at System.Data.SqlClient.SqlDataReader.get_MetaData()
  at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
  at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader()
  at Microsoft.ResourceManagement.Data.Sync.FullImportGetNext(Int64 beginObjectKey, Int64 maxObjectKey, Int32 batchSize)
  at MIIS.ManagementAgent.RavenMA.FullImportGetNextBatch(Int64 maxObjectKey, Int32 batchSize)</Data>
  </EventData>
  </Event>
  Thanks,
  Jameel Syed |
  Identity & Security Strategist | [email protected] |
  Simplified Identity and Access Management

  That is unusual. I suggest checking for database integrity and peforming index maintenance, on both the FIMService and FIMSync databases.
  You could also increase the following timeout (see link below for more settings)
  The values in Table 17 are located in the registry key: SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service.
  Table 17
  Registry value name
  Value type
  Class
  Created by
  Notes
  ReadTimeOut
  <dword>
  HKLM
  Admin
  The default value is 58, specified in seconds.
  Note
  Only used by the management agent for FIM (FIM MA) for reading from the FIM Service data base.
  http://technet.microsoft.com/en-us/library/ff800821(WS.10).aspx
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• FIM reporting -- Run FIMPostInstallScirptsForDatawarehouse.ps1 script

   We have 3 servers and
  1. Server 1 -- FIM Service
  2. Server 2 -- Service Manager server + Sql Server 2008 r2 with (ServiceManager DB on instance 1 +DWStagingAndConfig, DWRepository, and DWDataMart DB on instance 2)
  3. Server 3 -- Data warehouse server
  We have installed FIM reporting and MPSyncJob is successfully over. Next step is to run FIMPostInstallScirptsForDatawarehouse.ps1 on Data warehouse server but The FIM Reporting post installation scripts required to execute
  .\FIMPostInstallScriptsForDataWarehouse.ps1
  scripts in the Data Warehouse server. However, this script requires access to the "SQLCmd" tools and the "SMCmdletSnapIn" snapins. These two components are both present
  when the SQL server resides in the Data Warehouse server. In this scenario that condition is not true. In this procedure, we will run the FIM post installation powershell script in the SQL server. We will create a PSSessionConfiguration in the Data Warehouse
  server that will get called from the remote SQL server to execute the "SMCmdletSnapIn".
  To run the script i was following the steps on this link social.technet.microsoft.com/wiki/contents/articles/17916.troubleshooting-fim-install-fim-data-warehouse-support-scripts-on-a-remote-sql-server.aspx
  But in creating PSSession i am getting Access Denied error .
  So is it possible, if i will install SQL server management studio on Data Warehouse server as i will get SQLCmdlets of powershell in Data Warehouse server so i can run  the script directly on Data warehouse server without creating PSSession
  Will it work ??

  You can download just the needed pieces from
  http://www.microsoft.com/en-us/download/details.aspx?id=16978.
  Thanks, Brian
  I think Brian wanted to paste the link without dot at the end ;)
  http://www.microsoft.com/en-us/download/details.aspx?id=16978
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Business objects FIM (Financial Information Management)

  Hello.
  I would like to know if a forum to talk about FIM?
  I have some doubt in certain configurations and I dont know where I question them.
  by the way, the my problem is:
  I installed the data services 3.1 and boe xi 3.0, then i installed fim, the problem is when I execute
  http://servername:8080/fim/client/fim.jsp
  HTTP Status 404 - /fim/client/fim.jsp
  type Status report
  message /fim/client/fim.jsp
  description The requested resource (/fim/client/fim.jsp) is not available.
  Apache Tomcat/5.5.20
  this is a message appear. And I dont know how to solve this.
  The BOE Xi30 Console works pretty good and is working above tomcat/apache.
  I really need your guys help
  Thanks,
  My Best Regards
  Amit

  Hello Amit,
  I recommend to post this query to the [Enterprise Information Management|Data Services and Data Quality; forum.
  This forum is dedicated to topics related to Data Integration (Data Integrator, Data Federator, Text Analysis for Data Integrator, Rapid Marts, and Integration for PeopleSoft Enterprise), Data Quality (Data Quality and Data Insight), and Metadata Management.
  It is monitored by qualified technicians and you will get a faster response there.
  Also, all Enterprise Information Management queries remain in one place and thus can be easily searched in one place.
  Thanks a lot,
  Falk

• FIM R2 SP1 MPR changes giving me "No policy grants the Requestor permission to complete all changes" no matter what I do

  I am implementing FIM R2 SP1 on win 2012 servers and migrating FIM 2010 RTM configurations to the new environment.  Some of the custom Sets, MPRs etc did not import correctly into the new portal and when I try to manually add a set or
  alter an MPR I recieve the following error
  Error processing your request: The operation was rejected because of access control policies.
  Reason: The operation failed as a result of insufficient access rights.
  Attributes: ActionParameter,ActionType
  Correlation Id: 11a13390-6a1f-4776-a796-fd0f05101120
  Request Id:
  Details: No policy grants the Requestor permission to complete all changes.
  I have tried enabling "all attributes" in "Administration: Administrators control set resources" and "Administration: Administrators control management policy rule resources" and recieved the same errors.  I am logged in
  as the user who installed the portal and it is a member of the administartors set.
  What am I missing?  Any ideas welcome please.

  Hi Peter,
  I found the import had not completely imported the configuration while trying to import the configuration (as I said above) and while trying to troubleshoot this issue I discovered this error.
  I have tried importing the old database and this does not help.
  I should mention that the configuration is coming from the production environment into a stand-alone development environment for testing.
  I have, today, in an attempt to resolve this error, uninstalled the portal and service (which are installed on the same server) and reinstalled it creating a new database.  This is to attempt to resolve any "overwritten" default sets or MPRs
  as you have suggested.
  I thought I would try out the FIM 2010 R2 Service and Portal configuration Backup Tool described here
  http://technet.microsoft.com/en-us/library/jj134311(v=ws.10).aspx but note there is no instructions for their use in restoring the environment.  I assume you just copy the
  files to the appropriate place, run the reg keys and sql scripts that it creates and that does it all for you?  I was hoping that this might be a successful alternative to the old Import-FIMconfig way of doing things.

• FIM 2010 - Set Population not kicking off workflow

  Hi,
  I am having a problem with Set Transition kicking of a MPR, in FIM 2010 R2 which I have never seen before after numerous implementations of both FIM and FIM R2. 
  Scenario: 
  My MPR kicks off a workflow which adds 6 sync rules, to users based on the "set transition in" set with criteria IsADConnected=true.
  The user is transitioned into this set but the MPR never fires. Everything is enabled and I have checked everything obvious. When I view the set in the "Sets" screen in FIM I can see that the user has transitioned in, and is a computed member based
  on my criteria "IsADConnected=true"
  The "FIM_MaintainSetsJob" job runs at 1am which auto corrects set membership and this does cause the MPR to kick off and consequently the sync rules to be applied. So it does work, just not when it should.
   What I have tried to fix this:
  Created a new workflow, set and MPR which does exactly the same job as the "broken" Set/MPR/workflow - Same thing happens (ie. it doesn't work)
  I read on one post that someone re-indexed the FIM service database and this fixed it for them - I tried this also but no joy. (some indexes were at 98/99% but they have been reduced after reindexing)  
  Has anyone ran into this issue before and does anyone have any idea what can cause it? It's doing my head in at this stage!
  Thanks
  Paul

  I ran into the same problem using the pattern for expected state detection:
  /Person[DetectedRulesList = Set[ObjectID='<GUID of the Set with the DREs>']/ComputedMember]
  Pasted from <http://technet.microsoft.com/en-us/library/ff608269(v=ws.10).aspx> 
  My users weren't transitioning into the set when they got a DRE.  Went on a wild goose chase until I saw this post.  Enabling the
  FIM_MaintainSetsJob fixed
  the problem.  Pretty frustrating... 

• Password History in FIM Password Reset

  Hello
  We have a problem no one seem to be able to fix. 
  We have a register/reset portal up n running and everything works great. Users can register and then change passwords.
  The problem is the password History, they can change back to old passwords. I have tryed all thinkable solutions but we cant seem to handle the history. We have policys on group level that applies this rules.
  Anyone with a solution or that have similar problem?

  Hi Tobias,
  Make sure you have the following configuration: 
  FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• FIM & SQL IOPS examples?

  Hi,
  Would anyone have any example FIM SQL & FIM Reporting IOPS, to give us some indications?
  Thanks,
  SK

  Please run FIM Service installer in "Repair" mode - it should fix missing jobs.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.