0161 906 1002 enquiries@salfordsoftware.co.uk
ILM 2007 FP1 error with Live@edu - The cookie with domain controller 'GUID' has expired and should be abandonded
2011-10-07
- Microsoft Live@EDU
- Microsoft Identity Lifecycle Manager
- Microsoft Forefront Identity Manager
Summary
Problems with errors in the event logs of the ILM server which is syncing to Outlook Live@edu. MA's appears to take a long time to complete a sync. The main errors in the App event log are:
Log Name: Application
Source: OLMA
Date: 08/07/2011 15:04:54
Event ID: 1011
Task Category: GALSync
Level: Error
Keywords: Classic
User: N/A
Computer: ILMServer.farbikam.ac.uk
Description:
The following error occurred on the server. Error Message: The cookie with domain controller '1d18ccee-66b4-49a5-b71f-d54f950bd0bf' has expired and should be abandonded. Current domain controller is 'ee31e8e3-1aee-44ba-b042-980c21c1f765'.. The Cmdlet:
Log Name: Application
Source: MIIServer
Date: 08/07/2011 15:04:54
Event ID: 6801
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Computer: ILMServer.farbikam.ac.uk
Description:
The extensible extension returned an unsupported error in MIIS.
The stack trace is:
"Microsoft.MetadirectoryServices.ExtensibleExtensionException: The cookie with domain controller '1d18ccee-66b4-49a5-b71f-d54f950bd0bf' has expired and should be abandonded. Current domain controller is 'ee31e8e3-1aee-44ba-b042-980c21c1f765'.
at Microsoft.Exchange.XmaConnector.XmaExceptionManager.ReportErrorToILM(String errorMessage, ILMExceptionType errorType, XmaErrorCategory errorCategory)
at Microsoft.Exchange.XmaConnector.MAExtension.IlmMAExtension.GenerateImportFile(String fileName, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fFullImport, TypeDescriptionCollection types, String& customData)
Microsoft Identity Integration Server 3.3.1101.2"
Solution
Backed up the ILM server configuration by doing and Export of the server, export of the MAs and an Export of the Metaverse via the.
Upgraded Glasync/Olsync Management Agent for Live@EDU to latest version from:
http://go.microsoft.com/fwlink/?LinkId=164627
then...
1. Log onto the ILM server with the MIIS (ILM) service account
2. Delete cookies located in this registry path: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WSMAN\Client\ConnectionCookies\"
3. Stop Microsoft Identity Integration Server (Start > Run, and type Services.msc). Then navigate to the installation location for ILM (Default directory is C:\Program Files\Microsoft Identity Integration Server\MaData\Hosted and move out all files in that directory except Report Directory to any other folder, for example to C:\Temp.
4. Then open C:\Program Files\Microsoft Identity Integration Server\MaData\Hosted\report directory and move all files there too.
5. Reboot the server and log back with whatever account you normally do.
6. Clear the Run history
7. Highlight the Onpremise MA and choose Delete from the Action pane and choose just to delete the connector space
8. Repeat for the Hosted Outlook Live MA
9.. Run full sync with Outlook Live. Open PowerShell (Start > Run, type PowerShell.exe) and navigate to the ILM installation script directory (Default location: C:\Program Files\Microsoft Identity Integration Server\SourceCode\Scripts) and run .\StartSync.ps1 -FirstRun
This seem to have resolved the issue.
THE INFORMATION IN THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS WITHOUT WARRANTY OF ANY KIND. PROVIDER SPECIFICALLY DISCLAIMS ANY OTHER WARRANTY, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL PROVIDER BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL OR INCIDENTAL DAMAGES, EVEN IF PROVIDER HAS BEEN ADVISED BY USER OF THE POSSIBILITY OF SUCH POTENTIAL LOSS OR DAMAGE. USER AGREES TO HOLD PROVIDER HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, LOSSES, LIABILITIES AND EXPENSES.
