Error: The WinRM client received an HTTP status code of 456 from the remote WS-Management service

When connect to an Outlook Live Powershell session you get:

[ps.outlook.com] Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 456 f
rom the remote WS-Management service. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Supply a non-null argument and try the command again.
At line:3 char:17
+ Import-PSSession <<<<  $Session
    + CategoryInfo          : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

or

When trying to run the Outlook Live MA may get an stopped-extensible-extension-error with the following stack trace:

"Microsoft.MetadirectoryServices.ExtensibleExtensionException: Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 456 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting Help topic.

 at Microsoft.Exchange.XmaConnector.PSDataProvider.ReportError(Exception e, ScorecardCounter scorecard)
 at Microsoft.Exchange.XmaConnector.PSDataProvider.InvokeCmdlet(PSCommand cmd)
 at Microsoft.Exchange.XmaConnector.PSDataProvider.ReportScorecard()
 at Microsoft.Exchange.XmaConnector.XmaExportExLabs.ReportScorecard()
 at Microsoft.Exchange.XmaConnector.MAExtension.IlmMAExtension.EndExport()
Microsoft Identity Integration Server 3.3.1139.2"

This error occurs when the account that you are connecting with is blocked for sign-in as can be seen below.



You will need to contact the Live@Edu support services in order to resolve this issue

Restoring ILM/FIM Database in a different domain

Hi When you need to have to restore your ILM/FIM SyncService server to a different domain either for recovery for development, you will need to do the following in order to access the database:

1. Install ILM/FIM Sync Service.
2. Backup the existing configuration of databases and encryption keys.
3. Restore the database overwriting the existing database.
4. Run MIISActivate to activate the server.

Here however the fun begins, as you will not be able to access the server, due to the fact that the group SID's differ between data the stored database and actual group SID's of the domain. You have two choices regarding this. Rerun the setup (easiest IMO) or get the SID's from AD and update the SID values in the mms_server_configuration table. The values are stored in the following fields:

• administrators_sid - stores the SID for the ILM/FIM Administrators Group
• operators_sid - stores the SID for the ILM/FIM Operators Group
• account_joiners_sid - stores the SID for the ILM/FIM Account Joiners Group
• browse_sid - stores the SID for the ILM/FIM Browsers Group
• passwordset_sid - stores the SID for the ILM/FIM Password Set Group

As these values are binary, you will need to run a sql CONVERT when setting the values as per the example below:

UPDATE [FIMSynchronizationService].[dbo].[mms_server_configuration]
   SET [administrators_sid] = CONVERT(varbinary,0x0105000000000005150000002BA93955DBAC7A56E35F9DA76C040000)
      ,[operators_sid] = CONVERT(varbinary, 0x0105000000000005150000002BA93955DBAC7A56E35F9DA76D040000)
      ,[account_joiners_sid] = CONVERT(varbinary, 0x0105000000000005150000002BA93955DBAC7A56E35F9DA76E040000 )
      ,[browse_sid] = CONVERT(varbinary,  0x0105000000000005150000002BA93955DBAC7A56E35F9DA76F040000)
      ,[passwordset_sid] = CONVERT(varbinary,  0x0105000000000005150000002BA93955DBAC7A56E35F9DA770040000)
   
 WHERE instance_id ='976E8CFB-46C3-425B-85B1-96726DFB044D'
GO

Restart the ILM/FIM SyncService Service and all will accessible again.

PCNS Event 6023,6025 Firewall Issue running on Windows 2008

When Running the PCNS (Password Change Notification service) with both Windows 2008 Domain Controller and ILM/FIM Synchronization Service server, allways remember to add a rule on the ILMFIM Synchronization Service server to allow inbound PCNS connections in (recommended) or disable the Firewall on the "Domain" Profile (not recommended.

If this is not in place, you will typically get the following event log errors on your DC's
Event ID 6023

(click on Image to enlarge)

Event ID 6025



(click on Image to enlarge)

On eventlog 6025 the typical eventlog data will look as follows

Log Name:      Application
Source:        PCNSSVC
Date:          2010/09/30 03:09:55 PM
Event ID:      6025
Task Category: (4)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DCname.domain.com
Description:
Password Change Notification Service received an RPC exception attempting to deliver a notification.

The password change notification target could not be contacted.

User Action:
The target server may not be running. Verify that the target server is running.

Additional Details:

Thread ID: 2804
Tracking ID: 9dd78d30-cda7-4163-96ec-04cb1312823b
User GUID: 82ed51a7-5c1c-4e9d-ac22-296db6190f5d
User: Domain\TestUser
Target: miisPCNS
Delivery Attempts: 42
Queued Notifications: 3
0x000006BA - The RPC server is unavailable.

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 2
Status is 1722 - The RPC server is unavailable.
Detection location is 1710
Flags is 0
NumberOfParameters is 1
Long val: 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1722 - The RPC server is unavailable.
Detection location is 1442
Flags is 0
NumberOfParameters is 1
Unicode string: ilmserver.domain.com

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1722 - The RPC server is unavailable.
Detection location is 323
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1237 - The operation could not be completed. A retry should be performed.
Detection location is 313
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
Flags is 0
NumberOfParameters is 3
Long val: 49201
Pointer val: 0
Pointer val: 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:34:54
Generating component is 18
Status is 1237 - The operation could not be completed. A retry should be performed.
Detection location is 313
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:34:54
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established con
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PCNSSVC" />
    <EventID Qualifiers="49152">6025</EventID>
    <Level>2</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-09-30T13:09:55.000Z" />
    <EventRecordID>224531</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DCname.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>2804</Data>
    <Data>9dd78d30-cda7-4163-96ec-04cb1312823b</Data>
    <Data>82ed51a7-5c1c-4e9d-ac22-296db6190f5d</Data>
    <Data>domain\TestUser</Data>
    <Data>miisPCNS</Data>
    <Data>42</Data>
    <Data>3</Data>
    <Data>0x000006BA</Data>
    <Data>The RPC server is unavailable.
</Data>
    <Data>ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 2
Status is 1722 - The RPC server is unavailable.
Detection location is 1710
Flags is 0
NumberOfParameters is 1
Long val: 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1722 - The RPC server is unavailable.
Detection location is 1442
Flags is 0
NumberOfParameters is 1
Unicode string: ilmserver.domain.com
ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1722 - The RPC server is unavailable.
Detection location is 323
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 1237 - The operation could not be completed. A retry should be performed.
Detection location is 313
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
Flags is 0
NumberOfParameters is 3
Long val: 49201
Pointer val: 0
Pointer val: 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:55:89
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:34:54
Generating component is 18
Status is 1237 - The operation could not be completed. A retry should be performed.
Detection location is 313
Flags is 0
NumberOfParameters is 0

ProcessID is 2764
System Time is: 9/30/2010 13:9:34:54
Generating component is 18
Status is 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established con</Data>
<Data>

The password change notification target could not be contacted.

User Action:
The target server may not be running. Verify that the target server is running.

Additional Details:

</Data>
  </EventData>
</Event>

Configuring AD mail-enabled groups to sync as groups using Galsync R4.2

In order to allow for the creation of a group as a group and not a contact, you will need to configure the following:
1. OnPremise MA
You will need to select the following attributes:

• member
• legacyExchangeDN
• proxyAddresses
• mail

This can be done by :

1. Open the Identity Manager/FIM 2010 Synchronization Engine Console
2. Click on Management Agents.
3. Right click on the OnPremise MA and select Properties
4. Click on “Select Attributes”
5. Clicking on “Show All”, and selecting the abovementioned listed attributes
6. Then click on the “Configure Attribute Flow”
7. Select the options as below and click new






8.  Click Ok to finish

2. Hosted MA
You will need to configure the following:

1. Click on Management Agents.
2. Right click on the Hosted MA and select Properties
3. Click on “Configuring Additional Parameters” and configure as listed below





4. Then click on the “Configure Attribute Flow”





5. Select the options as below and click new


6. Click Ok to finish

Run a full import and full synchronization cycle on the OnPremise MA and a EDIDS(export,delta import and delta synchronization) cycle on the Hosted