FIM Reference: Discovery Errors
What is a Discovery Error?
A Discovery Error is an error received during an Import Operation on a Management Agent.
What are some of the side effects of Discovery Errors?
| Component | Description side effect |
| deprovisioning | You remove an object from the source expecting deprovisioning to happen but it does not because you have synchronization errors. The object may have its DN become a GUID, but it will not be removed from the Connector Space and/or the Metaverse. |
Delta Import as a Full Import |
Discovery errors prevent the delta mechanism (watermark) from working properly. This will cause a Delta Import to operate as a Full Import. This can cause a problem in very large environments. |
What do I do if I get a Discovery Error?
It is highly recommended that you resolve the Discovery Errors prior to moving forward with any other operations in the FIM Synchronization Service Manager Console.
What are some good practices?
A good practice is to develop and maintain a good maintenance schedule on the backend SQL Server.
Having a good maintenance routine/schedule may provide resources to recover faster from certain situations.
Here are some good articles covering backup and maintenance.
- FIM 2010 Backup and Restore
- FIM Service Backup and Restore
- Database Management for the ILM Synchronization backend database
Discovery Error descriptions
The info on these errors can be found on this page: Management Agent Run Error Codes
Error |
Description |
| missing-change-type | This error is returned during a delta import run by file-based and database management agents, as well as the management agent for Sun and Netscape directory servers, when the change type column value (add, modify, delete) is not present. |
| invalid-change-type | This error is returned during a delta import run by file-based and database management agents, as well as the management agent for Sun and Netscape directory servers when the change type column value does not match the list of valid change types. It is also returned from an LDAP Data Interchange Format (LDIF) full import when a change type field is present and has a value other than add. |
| multi-valued-change-type | This error is returned during a delta import run by file-based and Sun and Netscape directory server’s management agents when more than one value for the change type is present. |
| need-full-object | This error is returned during a delta import run of a file-based management agent or when resuming from a file-based management agent. It indicates that the management agent has submitted a modification on an object which cannot be located in the connector space. The synchronization engine is requesting the current values of all attributes on the object. Since this is an import from a file, that information is not available. A full import should resolve this problem. |
| missing-dn | This error is returned for file-based management agents (that is, management agents for LDIF, DSML, or flat files with configured domain name attributes) when there is no domain name value. This is also returned in the case of a corrupted Sun ONE Directory Server change log where the domain name attribute is missing. It indicates that the management agent could read the element and parse it, but there was no domain name value for the object. |
| dn-not-ldap-conformant | This error is returned when a management agent for LDAP, LDIF, DSML, or a flat file with a configured domain name attribute reports a domain name value that does not conform to the LDAP specification. |
| invalid-dn | This error is returned when a management agent reports that a domain name does not meet an FIM constraint, which includes:
|
| missing-anchor-component | This error is returned by file-based and database management agents, as well as the management agent for Sun and Netscape directory servers, when the anchor cannot be constructed because one or more anchor construction rule attributes do not have values. |
| multi-valued-anchor-component | This error is returned by the management agent for Sun and Netscape directory servers if they cannot construct the anchor because an anchor construction rule attribute has more than one value. |
| anchor-too-long | This error is returned by file-based and database management agents, as well as the management agent for Sun and Netscape directory servers, when the anchor construction produces an anchor that exceeds the maximum size limit for FIM. |
| duplicate-object | This error is returned on full imports by file-based and database management agents when an object with the same anchor has already been reported to the synchronization engine during this run. > [!NOTE] > Obsolescence of connector space objects will only occur if the current run-step has completed with Success, Complete with sync failure, Complete with warning, or Complete with transient. |
| missing-object-class | This error is returned by a file-based management agent (that is, a management agent for DSML, LDIF, or a flat file with a configured object class attribute), or for the management agent for Sun and Netscape directory servers, if there is a corrupted change log. This indicates that the management agent cannot read a value for the object class attribute. |
| missing-object-type | This error is returned when performing a resume of import from a corrupted drop file. This error should not be encountered during normal operation. |
| unmappable-object-type | This error is returned by a file-based management agent when it reads an object that has a set of object class values that cannot be matched to any of the prefix mappings. |
| parse-error | This error is returned by the management agent for Sun and Netscape directory servers in delta mode and by file-based management agents when they cannot parse an entry. The <entry-number> element (and in most cases <line-number> and <column-number>) will be present to help locate the error. The <attribute-name> element might be present. The management agent for Sun and Netscape directory servers terminates the run when this is encountered. The file-based management agents log the discovery error and continue. |
| read-error | This error is returned by call-based management agents when there is a generic error reading a particular object. This generally causes termination of the run. The connected data source error element is present, which you can use to troubleshoot the problem. |
| staging-error | This error is returned by most management agents. It indicates that the synchronization engine could not stage the delta in the connector space. The server creates an event log that provides information about the problem and that can be used for troubleshooting. Most management agents continue the import run when the error is logged, but the management agent for Sun and Netscape delta runs stops because gaps in the change log processing could be cause an inconsistent state in the connector space. This error should not be encountered during normal operation. |
| invalid-modification-type | This error is returned during a delta import on an LDIF management agent when an object level modification type is not one of the standard LDIF modification types or there is a non-replace modification type on the objectclass, such as add: objectclass or delete: objectclass. |
| conflicting-modification-types | This error is returned by the LDIF management agent indicating differing attribute level modification types were encountered in the same record (in this case the attribute name which produced the conflicting types is reported) or multiple replace LDIF deltas are seen in the same file, such as:
Copy |
| multi-single-mismatch | This error is returned by a file-based management agent when it reports more than one value add, or more than one value delete for an attribute that is defined in FIM as being a single value attribute. This error might indicate that the connected data source schema that is stored with FIM is incorrectly specified (file-based management agents) or out of date with the current schema. Includes an <attribute-name> element to give the context of the error. |
| invalid-attribute-value | This error is returned by a call-based management agent when an attribute value is read that does not conform to the attribute type declared in the schema. Includes an <attribute-name> element to give the context of the error. |
| invalid-base64-value | This error is returned by the management agents for LDIF, DSML and Sun and Netscape directory servers when they encounter an invalid base64 string. |
| invalid-numeric-value | This error is returned by file-based management agents and the management agent for LDAP when they are unable to parse a numeric value. Includes an <attribute-name> element to give the context of the error. |
| invalid-boolean-value | This error is returned by file-based management agents and the management agent for LDAP when they are unable to parse a Boolean value. Includes an <attribute-name> element to give the context of the error. |
| reference-value-not-ldap-conformant | This error is returned by management agents for LDAP, LDIF, and DSML or flat files (with configured domain name attribute) when a domain name value does not conform to the LDAP specification. This error message includes an <attribute-name> element to give the context of the error. |
| invalid-reference-value | This error is returned by a management agent when a domain name does not meet FIM constraints, which include:
|
| unsupported-value-type | This error is returned by the DSML or LDIF management agent when the type of value given in the file is incompatible with the type of attribute, including:
A URI or URL value is given for a non-string attribute or for any reserved keyword such as dn, objectclass, or changetype. A base64 value is given for the changetype attribute. A string value containing non-ASCII characters is given for a binary attribute. |
Additional Information
MSDN
Troubleshooting Discovery Errors