OIM AD provisioning Error

Similar Messages

• CUP Provisions user to SAP successfully but gives "Auto-Provisioning" error

  Hi All,
  I'm getting an "auto-provisioning" error in CUP when a "Change Account" workflow is approved. The strange thing is, CUP does successfully provision the change to the SAP backend. Yet, the "New Account" provisions successfully without the error.
  Here is an example of the audit trail log from Change Account:
  Request submitted for approval by Dylan Hack(HACKDY) on 06/28/2010 17:14 
  Approved By Dylan Hack(HACKDY) Path AE_AUTO_APPROV_ERROR and Stage AE_AUTOPROV_ERR on 06/28/2010 17:14 
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
  Auto provisioned for request on 06/28/2010 17:14 
     User Provisioning failed for System(s) : DEV. Error Message :
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
  Request submitted for reroute by system on 06/28/2010 17:14 due to auto provisioning failure 
     Rerouted in the Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR to Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR
  Note: the role names were replaced with "xxxxxxx."
  The system log gives an error, but it is very vague:
  2010-06-28 17:14:34,682 [SAPEngine_Application_Thread[impl:3]_33] ERROR com.virsa.ae.service.ServiceException
  com.virsa.ae.service.ServiceException
       at com.virsa.ae.service.sap.SAPProvisionDAO.intializeWithChangeUserInputParameters(SAPProvisionDAO.java:762)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3457)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3419)
  Any ideas or suggestions?
  Current software level AC5.3 SP12.
  -Dylan

  Hello Varun,
  Thanks for the thought on this. We don't use User Defaults for Change Account, but do for New Account. You question prompted me to do more testing with very interesting results.
  Results
  New Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  New Account without User Defaults configured:
  User provisioned successfully, no Auto-Provision error.
  Change Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  Change Account without User Defaults configured:
  User provisioned successfully, Auto-Provision ERROR, Defaults NOT provisioned.
  In both New and Change Account, the configured User Defaults are NOT provisioned even though the user is provisioned. AC5.3 is on SP12, the RTA is VIRSANH SP12 and VIRSAHR SP10.
  For the Change Account, the user is always provisioned regardless of User Defaults; however, when no User Default is configured, the Auto-Provisioning error occurs. The User Defaults NOT provisioning is a real problem, the CUP error message, I can work around for now.
  What about on your side? Am I the only guy using SP12 here?

• OIM 11gR2 provisioning with GTC

  Hello,
  We are curently implementing Oracle Identity Manager 11gR2, and we are having difficulties with the implementation of the provisioning from OIM to the Target Systems exposed through a webservice on Oracle Service Bus.
  We are using the Generic Technology Connectors as a basis of working. And initially we have created a GTC with only reconciliation Transport & Format Providers:
  Connector Name TargetSystem1
  Transport Provider (Provisioning):
  Format Provider (Provisioning):
  Transport Provider (Reconciliation): Database Application Tables Reconciliation
  Format Provider (Reconciliation): Database Application Tables Reconciliation
  We have configured the Process Definition of TargetSystem1 with all the operations (Create User, Update User, Enable User, Disable User, Delete User, etc.) connected with custom Java implementations, that are working just fine is we trigger them form Eclipse. The “Create User” task has only “Required for Completion”, “Allow Cancelation while Pending” and “Allow multiple instances” check boxes set to CHECKED; it also has all the fields in Integration TAB mapped, Responses mapped, but when we create a User in OIM and provision it with an account on the TargetSystem1_GTC Application Instance, the provisioning process in not accessing the “Create User” task to make the provisioning in the target system. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”. We have also checked the logs of OSB, but there is no activity there, because no request from OIM is being received.
  After we investigated more closely the Oracle documentation for the Generic Technology Connectors we discovered that if we do not select Transport & Format Providers during the GTC creation, then the corresponding steps are not performed and they are not initialized, thus the provisioning cannot be done. The documentation also states that if we need to create custom providers in order to make the Provisioning with the GTC, but unfortunately we have no knowledge or any examples on how to do such custom providers for the provisioning of Users from OIM on the target systems via the Oracle Service Bus.
  We have installed a second GTC with both provisioning and reconciliation Transport & Format Providers:
  Connector Name: TargetSystem2
  Transport Provider (Provisioning): Web Services
  Format Provider (Provisioning): SPML
  Transport Provider (Reconciliation): Database Application Tables Reconciliation
  Format Provider (Reconciliation): Database Application Tables Reconciliation
  The Web Services and SPML options were the only options that we could select from the out of the box connectors that are installed, and we did not find any other connectors in the download section of Oracle for this product, that can accommodate such communication. So, we configured the provisioning accordingly, and modified the “Create User” task from the TargetSystem2_GTC Process Definition, in order to use our custom adaptor instead of the adpTargetSystem2_GTC adapter that was preset when the TargetSystem2_GTC is created. But this does not help us, because the provisioning is not done, and the “Create User” task is not used. The user that we are trying to provision has the account Status set to “Provisioning” and the Account Type set to “Unknown”.
  Next we tried to see if the GTC can be used to communicate directly with the OSB, using the Web Services Transport Provider and SPML Format Provider, and we did not make any modifications to the after the normal installation of the TargetSystem2 GTC. In this case the we can see that the OSB is being accessed by OIM, but unfortunately this case does not help us also, because the operations implemented on the OSB webservice have a different structure then the one SPML expects as default:
  Caused by: com.thortech.xl.gc.exception.XSDValidationException: The SOAP response does not contain a valid SPML response type. Should be one of these -->addResponse modifyResponse deleteResponse resumeResponse suspendResponse setPasswordResponse
  Do you have any suggestion on how to make the provisioning process work?
  Edited by: user1717356 on 22.10.2012 03:22

  Hi,
  I think you need to put this check only for few attributes?
  If Yes, then lets suppose you want to have a check for Country Field in Database which once modified by target Admin, then OIM should know.
  1) Create one dummy field CountryDummy (Hidden) in OIM TargetProcess form and dont map it to any target attributes. This dummy field will only store values populated from OIM user profile to -> DB Connector Process Form.
  2) On success of "Reconcilation Update Recievced", Put a custom process task which does a comparison with "CountryDummy" & "Country" and inform Admin using email notifications that this mismatch has been found.
  HTH,
  ~J

• Oim Strting errror- Error XELLERATE.ACCOUNTMANAGEMENT

  Hi ,
  I am getting the following error when I am starting the OIM server.
  <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/decrypt encounter some problems: Input length must be multiple of 16 when decrypting with padded cipher
  javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
  at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
  at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
  at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
  at javax.crypto.Cipher.doFinal(DashoA13*..)
  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:219)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
  at com.thortech.xl.dataobj.tcDataSet.decryptDataSet(tcDataSet.java:1431)
  at com.thortech.xl.dataaccess.tcDataBase.readPartialPreparedStatement(tcDataBase.java:1365)
  at com.thortech.xl.dataaccess.tcDataBase.readPreparedStatement(tcDataBase.java:1158)
  at com.thortech.xl.dataobj.PreparedStatementUtil.execute(PreparedStatementUtil.java:60)
  at oracle.iam.ldapsync.impl.eventhandlers.LDAPAddMissingObjectClasses.initialize(LDAPAddMissingObjectClasses.java:177)
  at oracle.iam.platform.kernel.impl.OrchConfig.getinitializedEventHandler(OrchConfig.java:205)
  at oracle.iam.platform.kernel.impl.OrchConfig.<init>(OrchConfig.java:123)
  at oracle.iam.platform.kernel.impl.KernelObjFactory.<init>(KernelObjFactory.java:54)
  at oracle.iam.platform.kernel.impl.KernelObjFactory.<clinit>(KernelObjFactory.java:48)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.<init>(OrchestrationEngineImpl.java:71)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
  at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
  at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
  at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
  at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
  at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
  But OIM started and I can able to view the OIM Admin consle.
  I need to know why this error came and How to resolve it?
  Please try to help me.
  Thanks & Regards,
  Karthick

  Looks like you are using LDAPSync post OIM installation and the encryption on the IT resource was not setup correctly. Follow the steps from MOS Article: 1307549.1 for the solution.
  _Cause:_
  Encryption of the Directory Server IT Resource data in SVP table was not accomplished.
  The fields that are plain text are:
  Server URL
  Use SSL
  Admin Login
  Admin Password
  Search Base
  User Reservation Container
  _Solution_
  1. Use the following query to find fields with "plain text" values:
  select svr.svr_name, spd.spd_field_name, svp.svp_key, svp_field_value
  from svp
  inner join spd on spd.spd_key = svp.spd_key
  inner join svr on svr.svr_key = svp.svr_key
  2. Set these plain text values to null after making backup of table.
  3. Edit the Directory Server to re-set values.
  Expected error at this stage:
  -- no "System Error call admin...", but that makes sense since the values in question pertained directly to the Directory Server --
  4. Re-entered the values for the IT Resource.
  5. Saving the changes and verify that SVP values are now all encrypted.
  With correct values and encryption, then users are able to be created.-Bikash

• "0xE800003A" & provisioning errors when trying to build and deploy!

  I've seen a few posts about this but none of the suggested solutions seem to work.
  My problems are as follows:
  1) "CodeSign error: no provisioning profile found with UUID '[code]'"
  2) "Your mobile device has encountered an unexpected error (0xE800003A) during the install phase: Verifying application"
  The provisioning error is really getting to me. I have found some fixes that describe modifying the project file and have done so. Once the file has been modified I can get the build and go to work with the simulator but as soon as I attempt to deploy to an actual iphone both will stop working. The iphone gets the 2nd error, which I've tried to fix by changing the info.plist file to modify the bundle id to just the address but it doesnt help.
  This is the only wall I can see thats blocking me from uploading to the appstore.
  Any help is greatly appreciated. Thanks in advance.

  You might want to look at my blog post at http://tinyurl.com/codesign .
  Apart from that it might help if you could elaborate a bit more about the specific error you're experiencing. In my experience EVERY codesign problem is an issue of mis-configuration / restarting Xcode and can ultimately be resolved.

• OS Provisioning Error

  When attempting to provision a Solaris ALOM target, the install:provision_start plan fails. I am running SPS 6.0.2 masterserver and the remote agent has been upgraded/prepared. The OSP plugin is from ga2 release.
  I modified the n1osp_deploy_sps_wrapper.sh to include print out ksh -x debugging. It appears as though it is not writing the pid file and directory in /var/opt/n1sps.
  Is there something I am missing?
  Here are the error logs:
  Plan Failure
  Error:The plan (or preflight) "/system/autogen/Solaris10_807_sparc.standard-inst-provision_start-1209588353540" finished with 1 failed host(s). (017034)
  The execNative step failed because the exit status "2" of the command did not match "0" for the command
  "/opt/SUNWn1sps/N1_Service_Provisioning_System/agent/data/systemcomps/com.sun.n1osp/n1osp_util/n1osp_deploy_sps_wrapper.sh
  /opt/SUNWn1osp/sbin/n1osp_deploy /opt/SUNWn1osp/hosts/v240_p1 /opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1
  /opt/SUNWn1osp/subnets /var/run/n1osp log/v240_p1-provision.log console/v240_p1-provision.console pid/v240_p1-provision.pid true". (017068)STDOUT:
  Executing command /opt/SUNWn1sps/N1_Service_Provisioning_System/agent/data/systemcomps/com.sun.n1osp/n1osp_util/n1osp_deploy_sps_wrapper.sh /opt/SUNWn1osp/sbin/n1osp_deploy /opt/SUNWn1osp/hosts/v240_p1 /opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1 /opt/SUNWn1osp/subnets /var/run/n1osp log/v240_p1-provision.log console/v240_p1-provision.console pid/v240_p1-provision.pid true
  Making copies of files in /var/run/n1osp/5240
  Clearing stale log and console files (if any)
  Executing command in foreground /opt/SUNWn1osp/sbin/n1osp_deploy -v -f /var/run/n1osp/5240 < /dev/null 2>&1
  Usage: n1osp_deploy -h <hostfile1:hostfile2:...> -o <osprofilefile> -s <subnetdir> [-v]
  or     n1osp_deploy -f <provisioning files> [-v]
  or     n1osp_deploy -H
    -h  {h}ost description in xml
    -o  {o}s profile description in xml
    -s  directory containing {s}ubnet description(s) in xml
    -f  provisioning {f}iles (directory path)
    -v  {v}erbose console output
    -H  {H}elp and displays usage
  By default, n1osp_deploy shall delete the files being passed as input if the verbose option is not specified and the operation is successfully completed.STDERR:
  /bin/pwd
  2> /dev/null
  PWD=/opt/SUNWn1sps/N1_Service_Provisioning_System/agent/work
  + echo Executing command /opt/SUNWn1sps/N1_Service_Provisioning_System/agent/data/systemcomps/com.sun.n1osp/n1osp_util/n1osp_deploy_sps_wrapper.sh /opt/SUNWn1osp/sbin/n1osp_deploy /opt/SUNWn1osp/hosts/v240_p1 /opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1 /opt/SUNWn1osp/subnets /var/run/n1osp log/v240_p1-provision.log console/v240_p1-provision.console pid/v240_p1-provision.pid true
  + [ 9 -ne 8 -a 9 -ne 9 ]
  + umask 022
  + CP_CMD=cp
  + BASENAME_CMD=basename
  + DIRNAME_CMD=dirname
  + MKDIR_CMD=mkdir
  + RM_CMD=rm
  + TOUCH_CMD=touch
  + SORT_CMD=sort
  + GREP_CMD=grep
  + TR=env LC_ALL=C LANG=C /usr/bin/tr
  + N1OSP_DEPLOY_JAVA_CMD=com.sun.n1.isp.osservice.provision.PluginProxy
  + [  = SunOS ]
  + PS_UCB_CMD=ps
  + N1OSP_DEPLOY_CMD=/opt/SUNWn1osp/sbin/n1osp_deploy
  + HOST_XML=/opt/SUNWn1osp/hosts/v240_p1
  + PROFILE_XML=/opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1
  + SUBNET_DIRECTORY=/opt/SUNWn1osp/subnets
  + DEPLOY_DIRECTORY=/var/run/n1osp
  + TMP_DIR=/var/run/n1osp/5240
  + LOG_FILE=/var/run/n1osp/log/v240_p1-provision.log
  + CONSOLE_FILE=/var/run/n1osp/console/v240_p1-provision.console
  + PID_FILE=/var/run/n1osp/pid/v240_p1-provision.pid
  + FOREGROUND_FLAG=FALSE
  + [ 9 -eq 9 ]
  + FOREGROUND_FLAG=true
  + + env LC_ALL=C LANG=C /usr/bin/tr [:lower:] [:upper:]
  + echo true
  FOREGROUND_FLAG=TRUE
  + TMP_PID_FILE=/var/run/n1osp/5240/pid
  + trap terminate 15
  + sort -u /var/run/n1osp/pid/v240_p1-provision.pid
  sort: can't stat /var/run/n1osp/pid/v240_p1-provision.pid: No such file or directory
  + + basename /opt/SUNWn1osp/hosts/v240_p1
  NEW_HOST_XML_FILE=/var/run/n1osp/5240/v240_p1
  + + basename /opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1
  NEW_PROFILE_XML_FILE=/var/run/n1osp/5240/x4100_p1-jet.v240_p1
  + rm -f /var/run/n1osp/5240/*
  + mkdir -p /var/run/n1osp/5240
  + dirname /var/run/n1osp/log/v240_p1-provision.log
  + mkdir -p /var/run/n1osp/log
  + dirname /var/run/n1osp/console/v240_p1-provision.console
  + mkdir -p /var/run/n1osp/console
  + dirname /var/run/n1osp/pid/v240_p1-provision.pid
  + mkdir -p /var/run/n1osp/pid
  + echo Making copies of files in /var/run/n1osp/5240
  + cp /opt/SUNWn1osp/hosts/v240_p1 /var/run/n1osp/5240/v240_p1
  + cp /opt/SUNWn1osp/profiles/Solaris10_807_sparc.standard/x4100_p1-jet.v240_p1 /var/run/n1osp/5240/x4100_p1-jet.v240_p1
  + cp -f /opt/SUNWn1osp/subnets/192.168.1.0 /var/run/n1osp/5240
  + echo Clearing stale log and console files (if any)
  + rm -f /var/run/n1osp/log/v240_p1-provision.log
  + rm -f /var/run/n1osp/console/v240_p1-provision.console
  + rm -f /var/run/n1osp/pid/v240_p1-provision.pid
  + touch /var/run/n1osp/console/v240_p1-provision.console
  + touch /var/run/n1osp/pid/v240_p1-provision.pid
  + [ TRUE == TRUE ]
  + echo Executing command in foreground /opt/SUNWn1osp/sbin/n1osp_deploy -v -f /var/run/n1osp/5240 < /dev/null 2>&1
  + CPID=5263
  + echo 5263
  + 1> /var/run/n1osp/5240/pid
  + wait 5263
  + /opt/SUNWn1osp/sbin/n1osp_deploy -v -f /var/run/n1osp/5240
  + 0< /dev/null 2>& 1
  + status=2
  + rm -f /var/run/n1osp/pid/v240_p1-provision.pid
  + exit 2

  I had a similar issue... and the problem was in the subnet component. The gateway field for the variable set was empty (my provision network didn't have a gateway), the net component creation didn't complain about the empty field and later I got the provisioning error.
  As I didn't want to specify a gateway which didn't exist, I ended specifying the same IP as the host in the variable set. It worked just fine.
  Edited by: gersius2 on Mar 4, 2009 9:59 AM

• OIM approval / provisioning workflows

  Hi All
  I have a query about OIM approval / provisioning workflows.
  Application X (e.g. Active Directory) has an OOTB connector which can provision the user and manage his role in the application. The user can raise request for role change via OIM Admin console.
  My query - Can I configure access policy/user group for creation of a base user identity in the application X. This will create user identities for all users in application X without any roles. Later user should be able to request for roles and upon approval, his role should be updated in application X.
  Can this scenario can be implemented with any OOTB connector with provisioning and role approval workflows in place. Do you see any complexity in this. Please provide your comments.

  The base provisioning van be done using access policies.
  If you want request based role management in pre OIM 11g you would have to do it over custom ROs. There are a couple of ways to do this.
  The easiest way to do is to combine the approaches in these two postings and create a custom RO that moves the user into an OIM group that has an attached access policy that manipulates the child table on the base target system RO.
  http://iamreflections.blogspot.com/2010/09/oim-howto-one-resource-object-per.html
  http://iamreflections.blogspot.com/2010/09/oim-howto-target-system-group.html
  Please take a look and see if this is understandable. I probably should write another entry that addresses this specific use case.
  /Martin

• Invalid Naming Error while creating user in OIM and provisioning to OID

  Hi,
  I am trying to create users in OIM. As per the access policy, the users will directly provisioned to OID. When I am creating users in OIM, its showing provisioning for OID user resource. The create user task is rejected with error as
  "Response: Invalid Naming Error
  Response Description: Naming exception encountered"
  If anybody is getting these error, then please suggest a solution.
  Thanks.

  logs ???
  Are you provisioning any custom attributes of different object classes . Make sure you include those object classes as well , go to connector documentation for adding the object classes .., may be some configuration look up ....i guess
  Thanks
  Suren
  Edited by: Suren on Jul 6, 2010 7:41 PM

• OIM Provisioning - Error during OID Create User Task

  Hi,
  I am getting the following error during OIM Provisioning to OID (Create User Task).
  I added few more attributes to the OID_USR form and then to the "OID User" Process Definition.
  Also, I added the Code/Decode Key Values in AttrName.Prov.Map.OID.
  DEBUG,08 Dec 2010 21:19:04,547,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
  ERROR,08 Dec 2010 21:19:04,555,[XELLERATE.ADAPTERS],Class/Method: tcAdapterMappingUtility/getRunTimeVariable Mappings encounter some problems: No data available for variable having key = 350
  ERROR,08 Dec 2010 21:19:04,555,[XELLERATE.ADAPTERS],Class/Method: tcAdapterMappingUtility/getRunTimeVariable Mappings encounter some problems: No data available for variable having key = 350
  java.lang.Exception: No data available for variable having key = 350
  Earlier, before adding these attributes, the OID Create User Task was working. So I belive this is from the newly added attributes.
  Questions:
  - How to identity the attribute with this key? It looks like some of the attribute values that it gets during Run Time is not populated correctly. Any suggestions?
  - "key = 350"- Is there a database table that this gets stored? SPD? or anything else?
  Regards
  Vijay Chinnasamy

  @Keviin,
  I added 13 new attributes and corresponding "* Updated" Tasks.
  For all these, ProcessInstanceKey is mapped to Process Data -> Process Instance.
  I am going to validate the mappings again. Also, I noticed, some of the fields that I am prepopulating is not populated.
  Regards
  Vijay Chinnasamy

• OIM provisioning error to Siebel

  I am using the Siebel User Management connector to provision users to the Siebel CRM application. I am getting an error when provisioning users, however it is not showing up in the logs as an error. Siebel is set to DEBUG in the log file. The on screen error is the following:
  Response: erroneous handlers
  Response Description: Unknown response received
  Error details: Setting task status... "erroneous handlers" does not correspond to a known Response Code. Using "UNKNOWN".
  I have followed the instructions in the Siebel User Management connector documentation. The Siebel environment uses DB authentication so we are only trying to provision a user directly to the Siebel database.
  *DEBUG,12 Jan 2011 15:17:00,348,[XELLERATE.PREPAREDSTATEMENT],Class/Method: tcDataBase/writeStatement: Param (string/clob): 4 is set to Setting task status... "erroneous handlers" does not correspond to a known Response Code. Using "UNKNOWN".*
  DEBUG,12 Jan 2011 15:17:00,348,[XELLERATE.PREPAREDSTATEMENT],Class/Method: tcDataBase/writeStatement: Param (Timestamp): 5 is set to 2011-01-12 15:17:00.347
  DEBUG,12 Jan 2011 15:17:00,348,[XELLERATE.PREPAREDSTATEMENT],Class/Method: tcDataBase/writeStatement: Param (ByteArray): 6 is set to java.io.ByteArrayInputStream@299552d
  INFO,12 Jan 2011 15:17:00,350,[XELLERATE.PERFORMANCE],Query: DB: 2
  DEBUG,12 Jan 2011 15:17:00,350,[XELLERATE.AUDITOR],Class/Method: AuditEngine/getAuditEngine entered.
  DEBUG,12 Jan 2011 15:17:00,350,[XELLERATE.SERVER],Class/Method: tcDataBase/readPartialStatement entered.
  Has anyone encountered anything like this? Thanks for your help.
  OIM 9.1.0
  Siebel 8.1.1
  Siebel User Management Connector 9.0.4

  Hi,
  Are you able to resolve this issue. I am facing a similar issue.
  Your guidance, will be handy.
  Regards
  Karan

• Provisioning error in in OIM 11g

  Hello,
  We are trying to provision an application instance of ACF2 from sysadmin console to a user.
  After checkout the status is provisioning.
  Open task, shows Create User failed, with the below error message.
  "Server not available, error encountered while trying to connect to target system"
  Verified the IT resource connection details.
  Also, We were able to recon from ACF2 successfully.
  Thanks

  Is pioneer Agent installed and configured on the target system.
  check if the host and port is defined properly in the acf2.properties. telnet the same
  host=?
  Port=?

• OIM 11g R2 -AD Provisioning Error

  Hi,
  We have configured AD connector server. When we try to provision the user with AD account we get:
  Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
  <Nov 14, 2012 10:05:40 PM PST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
  java.lang.IllegalArgumentException: Parameter 'name' must not be blank.
  at org.identityconnectors.common.Assertions.blankCheck(Assertions.java:90)
  at oracle.iam.connectors.icfcommon.service.oim9.OIM9Configuration.getConfiguration(OIM9Configuration.java:139)
  I can see that all the mandatory fields are pre-populated except the Unique ID attribute -is this could be the issue, if yes then how do we handle this. I can see there are no events logged at the connector server end for this provisioning process attempt.
  We have reconciled Groups, Organization successfully using connector server.
  Can anyone help on this asap..!
  Thanks

  Unique ID attribute is ObjectGUID which I think would be autogenerated. I can see that my user id , OU and other mandatory attributes are populated on the process form, but still I am facing this issue.
  it is throwing this error soon after CREATEOBJECT is invoked.
  Thanks again

• AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

  I have set up AD password sync with from AD to OIM 11G R2
  The password syncs from AD to OIM 11G R2 on non ssl port 389.
  But if fails on SSL Port 636.
  Errors in OIMMain.Log:_
  Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
  Debug [10/11/2012 10:49:34 AM]
  ldap_connect failed with
  Debug [10/11/2012 10:49:34 AM] Server Down
  Debug [10/11/2012 10:49:34 AM]
  Steps Carried Out thus far:_
  AD is up and running.
  Configured AD Password Sync Connector on 636 and selected ssl.
  Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
  Imported Certificate to AD. After this, restarted the AD
  I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
  Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
  Help would be appreciated.
  Many Thanks

  This question is now been fixed.
  Instead of explicitly stating 636 for SSL,
  Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
  Export Certificates from AD to java security keystore and to weblogic keystore
  Export .pem certificate created on OIM host machine to AD.
  Restart weblogic, oim and AD
  Everything would work fine.
  For all the other information, refer to doc.
  Thanks

• Exchange Provisioning - Provisioning error

  Hi everyone,
  I use OIM 11g R2.
  I want to make provisioning and reconciliation between exchange and oim.
  Scenario 1:
  I made reconciliation a user from exchange machine.
  This user created in OIM.
  And I want to provisioning this user form OIM to exchange.
  Scenario 2:
  I created a user in OIM.
  I made provisioning this user to AD.
  And I want to provisioning this user form OIM to exchange.
  both two scenario, When I make provisioning, an error occured :
  SEVERE: oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
  org.identityconnectors.framework.common.exceptions.ConnectorException: Problem while PowerShell execution Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: No provisioning handler is installed.
  at Org.IdentityConnectors.Exchange.RunSpaceInstance.CheckErrors(IList errors) in c:\ADE\aime_oimcp\idc\bundles\dotnet\Exchange\ExchangeConnector\RunSpaceInstance.cs:line 295
  at Org.IdentityConnectors.Exchange.RunSpaceInstance.InvokePipeline(Collection`1 commands) in c:\ADE\aime_oimcp\idc\bundles\dotnet\Exchange\ExchangeConnector\RunSpaceInstance.cs:line 241
  at Org.IdentityConnectors.Exchange.Service.Impl.PowerShellExchangeServiceImpl.InvokePipeline(Command cmd) in c:\ADE\aime_oimcp\idc\bundles\dotnet\Exchange\ExchangeConnector\PowerShellExchangeConnectorServiceImpl.cs:line 627
  Do you have any idea ?
  What is the meaning of "No provisioning handler is installed."
  Altought I installed Exchange management Shell, why this error uccured?
  and
  If you know create user power shell script to execute power shell tool, can you say this script ?
  I want to execute this script manually on power shell machine.
  Thanks.
  Best regards.

  Try
  Make sure that your IT resource account is in the member of:
  1. Exchange Organization Administrators.
  2. Local Administrators
  This error may also happens if there are more than 100 smtp proxy addresses defined on the Default recipient Policy. If this is the cause, please split up all smtp proxy addresses into two new Recipient policies.
  Also you can try with the Administrator account with which you are able to create mailbox.

• [Create Login] Provisioning Error: event handler/adapter could not be found

  Hello,
  I am running a fresh install of OIM 9.0.3 (installed yesterday) on a Windows XP Machine running:
  Weblogic 813 SP6
  JDK142 11,
  MSSQL 2000 SP3a I have a test resource, a simple MSSQL Table with a few fields, which I used the connector pack to install and connect. I imported the resource without any issues. However, when I attempt to Create Login on the resource, it gives me the following error:
  "An error occurred while retrying one of the tasks
  Create Login: Event Handler not found"When I check the details of Create Login (in my To-Do List for xelsysadm):
  Error Details
  The class file for event handler/adapter "adpDBCREATELOGIN" could not be found.I am very new to this system, and I really don't know where to begin trouble shooting this issue. Any ideas on what might be wrong with the system? It could be anywhere from missing a step in the beginning of the installation to doing something incorrectly. Any pointers on where I can start troubleshooting as to why I can't provision would be very helpful and much appreciated!
  Thanks

  Did you compile the adapters? When you import them from XML they must be compiled before you can use them. Go to the Design Console -> Dev tools -> Adapter Manager and compile them there.