I received a very strange errors at one of my clients when a approver view/refresh his "Approve Requests"
There is no errors within the FIM portal requests, but in the FIM Event get the following error:
Source: Microsoft.ResourceManagemt
Event ID: 3
Requestor: urn:uuid:10c491fb-a0fa-4dd5-9a27-66f5a4465963
Correlation Identifier: 42f74d59-bb91-480a-9582-d9c588436ebb
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: ResourceIsMissing
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteGetAction(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey, Boolean isRedispatch)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Get(Message request)
After quite a bit of research and setting the event logging to Verbose logging I have discover teh following:
The error only appear in the event viewer when we do a search on approvals when the originator is the service account which update users. The approvers which have this error does not have the correct rights, due to that we used a web service call from another domain which uses a service account to make the changes in the FIM Portal and the account is part of the FIM Administrators. Grant the users the correct permissions and the error is resolved.
After having the same problem I found I needed to let 'All People' read the ObjectID and ObjectType of 'All People'. Previously I had restricted All People to a set of "Portal Users" which excluded admin and service accounts.
ReplyDelete