FIM 2010 Troubleshooting: Default RCDCs Not Recognized After Replacement through FIM Service Configuration Migration

 

---

Credits

This article was originally posted on the FIM Forum by Steven Klem.

 

---

Gallery

A downloadable PDF is available at Technet Gallery:

• https://gallery.technet.microsoft.com/FIM2010-Troubleshooting-387fa918

---

Online Presentation

The presentation is online available at Office Mix: https://mix.office.com/watch/ovmzg51c0fcf

 

---

Symptoms

FIM Portal

Viewing the object type in the Portal returns an error:

“There’s an error in the <Resource Type Name> display configuration. Please contact your system administrator.”

 

Forefront Identity Manager event log error

The Resource Management Portal detected an error using the Resource Control Display Configuration (RCDC).  This prevented the portal from displaying the object as expected and the portal switched over to Admin View.

The failure is due to a incorrect configuration file.  The file does not validate against the configuration file schema.

Verify that the configuration file is valid XML and matches the configuration file schema. Either upload a new file or modify the existing file in the Resource Management Portal directory.  Afterward, reset IIS.

Resource Type displayed in “Admin View”

---

Default RCDC Background

• RCDC definitions for default Resource Types referenced by GUID by the FIM Portal
• Replacement (Delete /Add) of the RCDC replaces the default GUID

---

Common ways to Cause the Problem

• RCDC is replaced during the FIM Service configuration migration
• RCDC was deleted in the Portal and recreated

---

Resolution Options

Fixing this problem on a system where it is not practical to re-migrate the configuration to a blank FIMService database, this is when we recommend contacting support.

Re-migrate the FIM Service configuration

• Target a “Clean” FIMService database
• Ensure Join criteria attributes match between Source and Target
• Re-run the FIM Service configuration migration

Modify the FIMService Database

Aug 2022: To fix this without reinstalling MIM entirely or contacting support, you can modify the FIMService database directly, as described in this technet post. The basic steps are as follows:

• Find the ResourceID of the Default RCDC that you accidentally deleted from the table below
• Update the ObjectID on fim.Objects and the ValueIdentifier on fim.ObjectValueIdentifier on the deleted RCDC to some random value using the code in the linked technet post
• Find the ResourceID of the new RCDC that was created
• Update the ObjectID on fim.Objects and the ValueIdentifier on fim.ObjectValueIdentifier on the new RCDC to the ResourceID for the Default RCDC you deleted
• Restart IIS/FIMService

Contact FIM Support for other options

FIM Support has a product group provided option that is unsupported except through support

Long Term

The FIM product group is investigating a long-term fix to this problem

---

Proactive Avoidance

RCDC (OVC) Join Rule Attributes

• DisplayName
• AppliesToCreate
• AppliesToEdit
• AppliesToView

Any change to one of these attributes will cause the RCDC to be replaced

• Display Name Modification is most common currently

Check the policy “Change.xml” file for any Deletes and Adds for default RCDC objects

Text search by Name or GUID (see slide “Default RCDCs”)

---

Policy “Change.xml” File

RCDC (OVC) Delete Entry

<ImportObject>

    <TargetObjectIdentifier>urn:uuid:cc802776-9127-400d-aee2-1b43d538d01e</TargetObjectIdentifier>

    <ObjectType>ObjectVisualizationConfiguration</ObjectType>

    <State>Delete</State>

  </ImportObject>

cc802776-9127-400d-aee2-1b43d538d01e

Default GUID for RCDC “Configuration for User Editing”

RCDC (OVC) Add Entry

All attributes defined in the join rule must match for the object to be updated rather than replaced.  If the objects are not found to match according to the join rule defined, the object in the Target system will be deleted, and the object from the Source system will be added as a Create operation.

Each Create operation creates a new unique GUID for use as the Resource Guid of the newly created object.

 <ImportObject>

    <SourceObjectIdentifier>urn:uuid:cc802776-9127-400d-aee2-1b43d538d01e</SourceObjectIdentifier>

    <ObjectType>ObjectVisualizationConfiguration</ObjectType>

    <State>Create</State>

    <Changes>

…

 <ImportChange>

        <Operation>None</Operation>

        <AttributeName>DisplayName</AttributeName>

        <AttributeValue>_sjkConfiguration for User Editing</AttributeValue>

        <FullyResolved>true</FullyResolved>

        <Locale>Invariant</Locale>

      </ImportChange>

Display Name Changed, but it could also have been any of the other three attributes in the Join rule:

• AppliesToCreate
• AppliesToEdit
• AppliesToView

---

Additional Information

Review – Resource ID in the Portal

How to Retrieve a Resource ID in the FIM Portal

• View the object attributes in the Portal
• Click the Clipboard icon to copy the URL for the dialog
• Paste the URL into Notepad
• Copy the GUID referenced in the URL
• http://FIMService01/identitymanagement/aspx/customized/EditCustomizedObject.aspx?id=cc802776-9127-400d-aee2-1b43d538d01e&type=ObjectVisualizationConfiguration&display=Configuration%20for%20User%20Editing&_p=1

How to Search by Resource ID in the FIM Portal

• Navigate to the FIM Home page or the Administration page
• Paste the GUID into the “Search for” text box
• Set “Search within” to “Search Resources by Resource ID

---

Errors Returned in Config Migration

Any errors or warnings returned in the PowerShell window are not written anywhere else.

Copy and paste all errors and warnings from the PowerShell window into a text file.

Do this for each .ps1 run so we have a record

---

Tips for Troubleshooting Config Migration

Always save the following during a configuration migration:

• Pilot_Schema.xml
• Production_Schema.xml
• Pilot_Policy.xml
• Production_Schema.xml
• Changes.xml
  • Both from Schema and Policy
• Undone.xml
  • Both from Schema and Policy
• There may be multiple copies depending on how many times we run ResumeUndoneImports.ps1
  • Text files containing warnings and errors for each *.ps1 run

The reason we want to keep these files is for troubleshooting in case a problem crops up.  These files are very helpful to have when calling support to troubleshoot this type of problem.

 

---

FIM Configuration Migration Resources

TechNet Reference for Forefront Identity Manager

Configuration Migration Deployment Guide

• Under Deployment in the FIM TechNet Guide
• http://technet.microsoft.com/en-us/library/ee534906(WS.10).aspx

Windows PowerShell Configuration Tools for FIM 2010

• Under Technical Reference in the FIM TechNet Guide
• http://technet.microsoft.com/en-us/library/ff394140(WS.10).aspx

 

---

Default RCDCs

Default Name

Default GUID

Configuration for Approval Viewing

165182c3-a61b-42c2-b2f5-0610f3ddd84a

Configuration for Attribute Type Description

7552d4a0-6ebd-4123-b7a8-9c7f54d5bc65

Configuration for Binding Description

ef0a04a3-0fce-4421-80ad-63f472e49b8f

Configuration for Constant Specifier

9fc03ab1-1bc8-4a4e-b8f6-94f59dfb0812

Configuration for Domain Configuration

9243730c-7a1b-4e3c-8f6c-c4e366dd0110

Configuration for Email Template

02910881-421b-4b5e-8e9a-63c2f04099fd

Configuration for Filter Permission

5413b00a-e999-4459-bb9a-5f33f74bacaf

Configuration for Flow Definition Popup

8aa67dca-8824-4d32-96d2-3f21ed1239f2

Configuration for Forest Configuration

e808a4fa-fcb4-478a-98d2-f5172035d80

Configuration for Group Creation

a32dec19-9505-4c8b-b8c4-b26f3932d773

Configuration for Group Editing

6753e552-5038-45b5-b6e6-15091c7407bb

Configuration for Group Viewing

e50958e2-b85a-4cb4-a683-b95527ca2280

Configuration for Home Page Resource

01154346-5918-4b63-a869-22fd3fdafc66

Configuration for Management Policy Rule Creation

3c63462f-78e3-45d7-94c3-83a3d084493c

Configuration for Management Policy Rule Editing

f1a0659f-d183-4859-8293-c7766d70afc9

Configuration for Management Policy Rule Viewing

d41efc7e-c33b-41d0-92ab-2d227913eef3

Configuration for Management Policy Rules Explorer

0565e5f1-0d89-485d-9a23-d8208ff22de3

Configuration for Navigation Bar Resource

e85f0df3-e2eb-4763-b0ff-f2331cc66e59

Configuration for Request

46729b85-96b8-49ee-ac5b-64b4ccc04fb6

Configuration for Resource Control Display Configuration Creation

861c45a4-d507-4c11-91db-bdb68bb3af73

Configuration for Resource Control Display Configuration Editing

b7fed8bd-fd93-4342-8849-cc59f4210bac

Configuration for Resource Control Display Configuration Viewing

4b0b1d6d-6307-467a-bb5e-3e92b90c9cd8

Configuration for Resource Type Description

261b5990-aa02-4875-92ab-86feaa5f879b

Configuration for Search Scope

b4b6a761-892d-4285-b17d-74dbf5a15986

Configuration for Set Creation

7d3fa1ba-36d3-4989-a2e6-4e3cbe1bf40d

Configuration for Set Editing

967c0272-9b2e-46c4-895d-4cd10387442e

Configuration for Set Viewing

7d3fa1ba-36d3-4989-a2e6-4e3cbe1bf40e

Configuration for Synchronization Rule

ecbff780-511b-45da-85fe-65cbf236d80f

Configuration for Synchronization Rule Viewing and Editing

8aa59dca-7759-4d32-96d2-3f21ed1239f2

Configuration for User Creation

03707f4c-45a2-4906-b24a-0254fae4fc09

Configuration for User Editing

cc802776-9127-400d-aee2-1b43d538d01e

Configuration for User Viewing

f241e254-8f89-4d00-984f-0b75e8193428

Configuration for Workflow Definition Creation

bed9e2ac-e97e-4d00-a294-96405b26e6d3

Configuration for Workflow Definition Editing

ac01bffb-8d54-4b53-a034-74e7e0e293fb

Configuration for Workflow Definition Viewing

61f748f3-87d8-4301-bba7-c2a2da089dba

 

---

References

Originally published on the FIM forum:

• FIM Portal Troubleshooting - Default RCDCs Not Recognized After Replacement through FIM Service Configuration Migration.

Other related articles:

• What to do if your FIM user RCDC breaks by Bob Bradly
• RCDC Not recognized After FIM Configuration Migration  by Thomas Vuylsteke

 

---