I'm looking forward to a little bit of travelling these next days. I'm heading off to Reading, UK to visit Oxford Computer Group and attend their European Identity and Access Summit 2012 (http://www.oxfordcomputergroup.com/iasuk/iasuk-home).
It will be good to meet up with some peers and hopefully taste a wee bit of English beer.
Maybe I'll see you there?
Tuesday, October 23, 2012
Monday, October 15, 2012
Plans for the Home Directory Management Agent?
From download statistics (more than 150 downloads currently), I gather that my Home Directory Management Agent (MA) is very popular and I am very happy about that fact.
However, last week Microsoft announced that the XMA framework is deprecated.
However, last week Microsoft announced that the XMA framework is deprecated.
The Home Directory MA is written in this now deprecated XMA framework. Unfortunately very few people write to me of their usage of the MA, so I'm unable to contact them directory about this fact. If you're using it, you will eventually have to replace it with an updated version and probably sometime in the near future.
Leave a comment on this blog entry to let me know, if you're using it - and if there is enough demand out there, I will definitely have a look into building a newer version in ECMA2.
Hope to hear from you.
Leave a comment on this blog entry to let me know, if you're using it - and if there is enough demand out there, I will definitely have a look into building a newer version in ECMA2.
Hope to hear from you.
Sunday, October 14, 2012
PS MA 4.0 testers
Release of the new version 4.0 of my PowerShell Management Agent (MA) is near. I would like to do some final testing and I'm looking for anyone, who like to try it out and give some feedback (and help eliminate any bugs) before I release it.
If you're interested, then leave a comment on this page or send me an email on soren@granfeldt.dk - and I'll get a pre-release version of the MA to you for testing purposes.
If you're interested, then leave a comment on this page or send me an email on soren@granfeldt.dk - and I'll get a pre-release version of the MA to you for testing purposes.
Thursday, October 11, 2012
XMA/ECMA1 is deprecated
Microsoft just announced on MSDN/TechNet ( http://msdn.microsoft.com/en-us/library/ms698807(v=vs.100).aspx) that the FIM 2010 Connected Data Source Extensions or XMA/ECMA1 is marked a deprecated feature. This effectively means that any Extensible Management Agents build on this old framework in a near future is not supported and would have to be replaced by a version build on the 'new' ECMA2 framework (http://msdn.microsoft.com/en-us/library/windows/desktop/hh859557(v=vs.100).aspx).
So if you have build a Management Agent on the old framework, you should rewrite it for ECMA2 and if it is one supplied to you by a vendor then you should contact the vendor to see whether or not a newer, supported version is available. And if your vendor does not have a version ready, you maybe need to push them for one.
So, in my opinion, you should actually start this work right now as it probably could take a while to plan, test/build and introduce a new MA (maybe with missing or different features) into your FIM production environment to replace the deprecated XMA's. So there is absolutely no need to wait, take action today.
So far there are no indications of whether the possibility to run ECMA/XMA MA will be removed completely from the product, so we'll have to see what Microsoft decides on in that regard.
Hey, I'm using your Home Directory MA - what should I do?
If you happen to be running my Home Directory Management Agent, you'll notice that this is written in the now deprecated XMA framework. If enough people report that they would like to see an ECMA2 version, I will definitely consider this. Otherwise, it is recommend using my PowerShell MA as a replacement (more on this later)
So again, if you're running XMA's today, take action to get an ECMA2 version in production as soon as possible.
Wednesday, October 3, 2012
FIM2010 Lotus Domino Connector
If you're connecting to Lotus Domino with FIM 2010, you may want to take a look at the hotfix rollup (build 5.0.520.0) is available for Forefront Identity Manager 2010 Lotus Domino Connector.
Haven't had a chance to try it yet, but an important fix seems to being able to set the _MMS_CertDaysToExpire property to a value that is larger than 99 days. But go check it out for yourself.
Tuesday, October 2, 2012
KB2688078 gives ECMA's headaches
Let me make this clear from the start. This 'fix' is NOT supported by Microsoft.
I've seen a few people in the forum have this problem and have also run into this issue at a few of my customers. People are having trouble running ECMA2 Management Agents after applying this hotfix for FIM 2010 RTM. One of the threads dealing with this problem can be found here. There are numerous very good suggestions on how to fix this problem and all of them should be checked for sure as they may be the cause as well.
The first time, I ran into this problem was late at night and there was no time to do extensive troubleshooting. However, today I ran into the same problem and with good help of the customer representative, we found a remedy and a possible cause for the problem. Now, I'm pretty sure that this is NOT supported by Microsoft, but if you're in a tight spot and pressed for time (we needed to get a production system up and running) - well, then this may just help you.
I've seen a few people in the forum have this problem and have also run into this issue at a few of my customers. People are having trouble running ECMA2 Management Agents after applying this hotfix for FIM 2010 RTM. One of the threads dealing with this problem can be found here. There are numerous very good suggestions on how to fix this problem and all of them should be checked for sure as they may be the cause as well.
The first time, I ran into this problem was late at night and there was no time to do extensive troubleshooting. However, today I ran into the same problem and with good help of the customer representative, we found a remedy and a possible cause for the problem. Now, I'm pretty sure that this is NOT supported by Microsoft, but if you're in a tight spot and pressed for time (we needed to get a production system up and running) - well, then this may just help you.
The problem seem to appear because the file Microsoft.MetadirectoryServicesEx.dll is NOT updated when applying this patch (it sits under Bin\Assemblies). The reason for the lack of updating is properly that the new version has exactly the same version number as the existing file (if you're on patch level 4.0.3606.2). And then - even though it is a newer file - Windows Installer/MSI won't update it, because it has the same version number and MSI then assumes that it doesn't need updating.
The previous file has version number 4.0.1.0 and is dated Jan 28, 2012 whereas the new file also has version 4.0.1.0 but is dated Aug 3, 2012 -and they are different. As far as I know MSI will only use version numbers and not time stamps (like in the old days) when comparing (but do correct me if I'm wrong) and thus it will not update the file.
Effective result - no update takes place effectively leaving version differences between Microsoft.MetadirectoryServicesEx.dll and Microsoft.MetadirectoryServices.dll. And your XMA/ECMA's break due to this mismatch.
 |
| 4.0.3606.2 version |
 |
| 4.0.3617.2 version |
Now for the remedy. And I state again that this is NOT supported by Microsoft, but helped me get back up and running with the production environment - and we're moving to FIM 2010 R2 shortly, so we're gonna just let the existing system sit for now and not fiddle around with it anymore.
- We stopped the FIM Synchronization Service
- We "unzipped" the file FIMSyncService_x64_KB2688078.msp and extract the Microsoft.MetadirectoryServicesEx.dll file from one of the CAB files
- We copied the extracted file to the 'C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\Assemblies' folder
Hope this helps anyone in a tight spot...
Monday, October 1, 2012
A FIM 2010 MVP again..!
Woaw, I'm truly honored...
I just received the long awaited mail with the great subject 'Congratulations 2012 Microsoft MVP!'
An except from the mail states: 'Dear Soren Granfeldt, Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Forefront Identity Manager technical communities during the past year.'
This is the second year in a row, and trust me - I'll do my best to continue to honor the award.
Thank you, Microsoft ... and those that supported me for this award.
An except from the mail states: 'Dear Soren Granfeldt, Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Forefront Identity Manager technical communities during the past year.'
This is the second year in a row, and trust me - I'll do my best to continue to honor the award.
Thank you, Microsoft ... and those that supported me for this award.
Subscribe to:
Posts (Atom)