For several days my colleague Jerry Camel and I (keep your eye on Jerry's new blog) and I suffered from very odd behavior on an MIIS server we were building. Symptoms included the following:
- SQL 2005 Management Studio - the app would take forever to launch and present the connect dialog; while this was happening there was no activity in SQL Profiler and little to no CPU utilization
-
Identity Manager -
- Clicking tabs in IM would cause the cursor to hourglass and it would take several seconds at least to see a result
- Starting a Synchronization would cause several records to throw extension-dll-timeouts (my timeout was set to 10 seconds) and then the rest of the run would seemingly run ok until Reference Reprocessing kicked in...
- Reference Reprocessing would throw out of memory errors during every Identity Manager screen refresh cycle complaining that the step object details table could not be read
A look at the Application Event Log revealed the following MIIServer related error:
Event Type: Error
Event Source: MIIServer
Event Category: Server
Event ID: 6306
Date: 5/16/2007
Time: 3:04:51 PM
User: N/A
Computer: xxxx
Description:
The server encountered an unexpected error while performing an operation for the client.
"BAIL: MMS(432): mastate.cpp(8694): 0x8007000e (Not enough storage is available to complete this operation.): Error allocating memory
BAIL: MMS(432): server.cpp(5381): 0x8007000e (Not enough storage is available to complete this operation.)
BAIL: MMS(432): server.cpp(4275): 0x8007000e (Not enough storage is available to complete this operation.)
Microsoft Identity Integration Server 3.2.0559.0"
After much head bashing and hair pulling we found ourselves staring at the results of a 'netstat -a' query and trying to understand why the box was trying to reach a particular URL - http://crl.microsoft.com. A few searches later and we happened upon this posting:
Dan's Blog: SQL Server Management Studio Startup Time
As it turns out, this server had never been connected to a network that had internet access and therefore had never downloaded the Root Certificate updates from Microsoft. Further analysis of the Event Logs revealed many 'crypt32' errors indicating that the CRL could not be updated from Microsoft. While there may have been another method of forcing this update through other means, we opted for the quick and easy test on Dan's Blog which was to disable the "Check for publisher's certificate revocation" Advanced option in Internet Explorer. Disabling this option had an immediate effect - SQL Management Studio started immediately and MIIS Syncs processed error free - go figure.
Thanks to Dan for posting the original solution.
2 comments:
I have stared working on MIIS 2003 since last two months, there were some issues with this product version, after searching on net I got idea that sp1 will fix my problems. so i installed MIIS 2003 SP1. Hence my problem was fixed. My task was to connect to AD using ADMA and import users information in SQL Server (2000/sp4). I was ready to put this test on PRE-PRODUCTION. I require license so I went for its details on MS site and found that ILM 2007 is now packaged with MIIS 2003 SP2 (version 3.2.559.0). so before i went to purchase department I downloaded ILM 2007 eval. version and installed on my local test machine, before I start testing on PRE-PRODUCTION. Unfortunately, I saw connectivity issue, my existing credentials for connection domain (ADMA to connect to AD) is not working. Means Server, Port, User Name, Password and domain are same but they are not acceptable using MIIS 2003 SP2 from ILM 2007 Eval. version. Again I un-installed MIIS 2003 SP2 and install MIIS 2003 SP1 (version: 3.1.1046.0)worked fine.
I tried this on 3 machines again and again and found this conclusion that SP1 is connecting with same credentials but SP2 does not.
The other issue is that MIIS 2003 is not available for purchase. we have to purchase/use ILM 2007.
In this situation there is no any guidance on MS site nor any one has raised this issue on internet.
With SP2 when connecting AD using Management Agent wizard using ADMA, the status column shows "failed-connection" with error "Cannot connect to AD using the ADMA MA" on the other side when I use SP1 with same credentials it works perfect. I still have one machine with SP1 and its working perfect.
Plz. help. we had already scheduled our deployment and we are now 1 week late according to project plan.
Shamshad Ali.
I haven't seen this issue before and I've used the product pre-SP1 through to the new SP2 based ILM 2007 version. There have been changes to the ADMA - some of the most notable regarding connectivity are regarding the options for SSL and Kerberos Sign and Seal. Try experiementing with these settings to see if you have any luck. Aside from that, try the MIIS Technet forum for a much broader audience.
Post a Comment