What to do if your FIM user RCDC breaks

A colleague ran into a problem yesterday which I had seen before, and before he rolled back and started from scratch I showed him this blog post by Thomas, which explained exactly what happened to me, and what I needed to do to correct it.

Unfortunately the SQL procedure ‘[debug].[ReplaceObjectIdentifier]’ Thomas refers to is still only available via a PSS call and not something I am comfortable to publish here.  Thankfully for my colleague we didn’t have to go through the process again, and I had written up a step-by-step instruction on how to apply the script last time which he could follow.  Here is that process in case anyone else falls down this rabbit hole …

The assumption here is that the 2 BROKEN RCDCs are Configuration for User Creation and Configuration for User Editing respectively.

TARGET ENVIRONMENT

  1. Open SQL Enterprise Manager for the target environment’s SQL FIMService database (in my case it was my client’s UAT Environment), and install the stored procedure [debug].[ReplaceObjectIdentifier]. (just open a new query window, select the FIMService database, and hit the EXECUTE button, i.e. )
  2. Backup the FIMService SQL Database for the target environment’s SQL server instance (we might as well back up the database with our new stored procedure!)
  3. Navigate to the Resource Control Display Configuration page, and search for USER (3 RCDC objects should be returned ONLY)
  4. Click on the Configuration for User Creation object to display the details dialog, then click on the  icon in the top right corner (to the left of the ? icon) to retrieve the corresponding TARGET GUID for CREATE USER:

    Create User RCDC

    Getting the guid from the URL

  5. Paste the contents of the clipboard into NOTEPAD to see something like the following:
    http://myfimserver/identitymanagement/aspx/customized/EditCustomizedObject.aspx?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&type=ObjectVisualizationConfiguration&display=Configuration%20for%20User%20Creation&_p=1
  6. Extract the GUID from the above (i.e. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) and save this as the FIRST parameter to the stored procedure call we’re going to make to fix our the Configuration for User Creation object.
  7. Click OK then Cancel to close the RCDC details dialog.
  8. Click on the Configuration for User Editing object to display the details dialog, then click on the  icon in the top right corner (to the left of the ? icon) to retrieve the corresponding TARGET GUID for EDIT USER.
  9. Paste the contents of the clipboard into NOTEPAD to see something like the following:
    http://myfimserver/identitymanagement/aspx/customized/EditCustomizedObject.aspx?id=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy&type=ObjectVisualizationConfiguration&display=Configuration%20for%20User%20Editing&_p=1
  10. Extract the GUID from the above (i.e. yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy) and save this as the FIRST parameter to the stored procedure call we’re going to make to fix our the Configuration for User Editing object.
  11. Click OK then Cancel to close the RCDC details dialog.

 SOURCE ENFVIRONMENT

  • Repeat steps 3-11 above, but this time on the SOURCE FIM System (in my case this was my client’s DEVELOPMENT environment, which contained the original OOTB FIM guids).  This will give you the 2 guids you need from your WORKING environment to replace the ones in your target environment.  Save them both … the working ones for CREATE and EDIT will always be the same from one FIM site to the next, namely 03707f4c-45a2-4906-b24a-0254fae4f and cc802776-9127-400d-aee2-1b43d538d01e respectively.  Make sure you check these for yourself to confirm you’re using the correct source environment.

TARGET ENFVIRONMENT

  1. Back on the SQL server for your target (broken) environment, open a new query window in SQL Enterprise Manager and construct the following 2 calls to the newly installed SQL stored procedure:

— Configuration for User Creation

exec [debug].[ReplaceObjectIdentifier] ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx’, ‘03707f4c-45a2-4906-b24a-0254fae4fc09’

— Configuration for User Editing

exec [debug].[ReplaceObjectIdentifier] ‘yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy’, ‘cc802776-9127-400d-aee2-1b43d538d01e’

  1. Hit the EXECUTE button, i.e. ExecuteSP) to correct the guids for your 2 broken RCDCs.
  2. On the FIM Portal Server, perform an IISRESET, and check that your Configuration for User Creation and Configuration for User Editing RCDC objects are functional once more.
Advertisements

About bobbradley1967

Microsoft IAM MVP and Solutions Architect (MCTS, MCP) - FIM/ILM/MIIS Specialist, with 20 years SQL database ( OLAP) and MS.Net applications development/SI background, in particular on the SharePoint platform
This entry was posted in FIM (ForeFront Identity Manager) 2010 and tagged , . Bookmark the permalink.

4 Responses to What to do if your FIM user RCDC breaks

  1. greg says:

    Hi,

    Thanks for your post, we are currently running into the same problem but we can’t find the stored procedur ‘debug.ReplaceObjectIdentifier’ as you said. Could you please help up to fix it !
    Did you write this procedure ?

    Thanks

    Greg

    • Hi Greg – when I say “Unfortunately the SQL procedure Thomas refers to is still only available via a PSS call and not something I can publish here” – I mean that in other words the debug.ReplaceObjectIdentifier procedure is not something that is part of the base FIM database install, and something that you are NOT going to have in your own database until you install it under direct instruction from MS. Sorry, but that’s the best I can do myself – considering that the stored proc provided to me was probably specific to the version of FIM I was using at the time, and may possibly be out of date.
      To lodge a support call please follow the guidelines here.

  2. greg says:

    Hi,

    Thanks for your reply. I tried to follow the procedure describe here : http://social.technet.microsoft.com/Forums/en-US/56dad4ed-ee8a-40bc-907f-83851c6b3064/fim-portal-set-view-and-edit-mode-rcdc-corrupted-?forum=ilm2 with the stored procedure, but still doesn’t work.
    I’ll keep trying until it works, and if i find something I’ll post it here.

    Thanks for your help

    Greg

  3. Greg – please don’t post anything here since I already have the stored procedure, but am uncomfortable sharing it, because if people use it to tinker with your production FIM database it will compromise your support contract with Microsoft. Provided you can assure me this is not for changing a production database, you will now find there is a link in the second paragraph of my post, and when you have clicked on this, please use it by following my instructions above explicitly, taking care to retain a backup of your FIMService database first. Post back here with your results and I will remove the attachment and delete the link again. As I say, this is really for MS to distribute at their discretion, since it involves directly editing the FIM database which could break your MS support contract.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s