All,
We had a few different consultants come in and install IDM for our organization and after multiple restarts finally got it running to a point. Nothing was really documented on how specific tasks are triggered and where that is configured and honestly I am having the time of it trying to find a document that discusses the entire workflow task hierarchy for numerous out of box provisioning tasks.
That said, I also have a few Warning messages that show up everyday in our system that I guess were ignored by the consultant that set up the system and I think are causing a majority of my provisioning hold-ups and dispatcher failures every day.
Any help with identifying a solution for the below would be helpful.
Dispatcher2
Error in Sys Log: Exception from Add operation:ToCustom.addEntry failed for entry E0090986 - Exception:com.sap.idm.ic.ToPassException: User E0090986 exists
Situation:
User was hired in last year, was already in a role and provisioned successfully to the backend ABAP system. The users shows in the IDM web UI that they have an account on our Training box:
User changed jobs and an HCM event triggered our modify task which worked perfectly up untill the "create ABAP identify" task. On this task, even though IDM shows (see above) that it knows a user accout exists in our Training (consultant labeled it test) environment, it fails with a stating that account already exists.
Below are the details of the task.
My personal thoughts are that IF this was a user move then shouldn't this have triggered the "Modify" ABAP provisioning task and not the "Create" task? If so then how do you tweek the system to recognize a move in the organization to modify a users backend SAP access instead of trying to create it new which causes the error?
Secondly to this, it is NOT failing on the PRD SAP or GRC access which strikes me wierd..
So far the only way to get the user to provision to the backend system is for me to delete the user account and then retry the job.
Side note**** This happens frequently with different user accounts across our PRD, TRN and GRC backend systems, in that Some provisioning will work correctly while others fail with the above error message even though the identify store sees them. In all cases if I delete the ID in the backend and retry in any system it seems to work after that.
Below is the log details from the Job.
<Log details>
<?xml version="1.0" encoding="UTF-8"?>
<mx:EMSLOG xmlns:mx="http://www.maxware.com/EMS">
<mx:GENERAL>
<mx:DATE>03.09.2014 13:39:00</mx:DATE>
<mx:VERSION>DSE.JAR version: 7.2.8.0 Built: 15.05.2013 18:37:10 - 176434 (c) Copyright 2012 SAP AG. All rights reserved.</mx:VERSION>
<mx:JOB>Identity Center JobID:1</mx:JOB>
<mx:JOBName>CreateABAPIdentity</mx:JOBName>
<mx:MCVersion>7.20.8.0-SQL-2013-06-21 Schema update:1100</mx:MCVersion>
<mx:JDBCInfo>jdbc:sqlserver://****************.*****************.com:1433;xopenStates=false;sendTimeAsDatetime=true;trustServerCertificate=false;sendStringParametersAsUnicode=true;selectMethod=direct;responseBuffering=adaptive;packetSize=8000;loginTimeout=15;lockTimeout=-1;lastUpdateCount=true;encrypt=false;disableStatementPooling=true;databaseName=PN2_db;applicationName=Microsoft SQL Server JDBC Driver;</mx:JDBCInfo>
<mx:MACHINE>idmdispatcher2</mx:MACHINE>
<mx:JOBID>976EB10B-0609-432B-B4E0-924E7C824E95</mx:JOBID>
<mx:WORKAREA>E:/usr/sap/IdM/Identity Center/Jobs/976EB10B-0609-432B-B4E0-924E7C824E95</mx:WORKAREA>
<mx:PRODUCT>Provisioning</mx:PRODUCT>
<mx:CUSTOMER>SAP customer : f9c1c5cd66189d133765ac44ea6c127a</mx:CUSTOMER>
<mx:TIMEUSED>2</mx:TIMEUSED>
<mx:NERRORS>1</mx:NERRORS>
<mx:NWARNINGS>0</mx:NWARNINGS>
<mx:NENTRIES adds="0" dels="0" markdels="0" mods="0" noops="0">0</mx:NENTRIES>
</mx:GENERAL>
<mx:PASSES>
<mx:PASS name="06B5C9F3-3F04-4FB6-ABDB-D606847D761F" seq="1" title="CreateABAPIdentity" type="To Custom">
<mx:REPOSITORYNAME>ECC_TEST</mx:REPOSITORYNAME>
<mx:MESSAGES>
<mx:ERROR seq="1">
<mx:TEXT>putNextEntry failed storingE0090986</mx:TEXT>
<mx:TEXT>Exception from Add operation:com.sap.idm.ic.ToPassException: User E0090986 exists</mx:TEXT>
<mx:ENTRY>
<mx:ATTR name="MX_DATEFORMAT">2</mx:ATTR>
<mx:ATTR name="MX_MAIL_PRIMARY">email.address@email.com</mx:ATTR>
<mx:ATTR name="MX_NUMBERFORMAT">X</mx:ATTR>
<mx:ATTR name="MXREF_MX_COMPANY_ADDRESS"/>
<mx:ATTR name="MX_PRINTERSETTINGS_SPDB">G</mx:ATTR>
<mx:ATTR name="MX_FIRSTNAME">*************</mx:ATTR>
<mx:ATTR name="MX_COMMUNICATION_METHOD">INT</mx:ATTR>
<mx:ATTR name="MX_PRINTERSETTINGS_SPLD">AGLOCAL1</mx:ATTR>
<mx:ATTR name="MX_ENCRYPTED_PASSWORD">************************************************************</mx:ATTR>
<mx:ATTR name="MX_VALIDFROM">2012-11-12</mx:ATTR>
<mx:ATTR name="MX_VALIDTO">9999-12-31</mx:ATTR>
<mx:ATTR name="MX_ADMIN_UNIT">NONSUPER</mx:ATTR>
<mx:ATTR name="MX_REFERENCE_USER"/>
<mx:ATTR name="MX_ENTRYTYPE">MX_PERSON</mx:ATTR>
<mx:ATTR name="DISPLAYNAME">***********************</mx:ATTR>
<mx:ATTR name="MX_LASTNAME">***************</mx:ATTR>
<mx:ATTR name="MX_ENTRY_REFERENCE"/>
<mx:ATTR name="MSKEY">150232</mx:ATTR>
<mx:ATTR name="MSKEYVALUE">e0090986</mx:ATTR>
</mx:ENTRY>
</mx:ERROR>
</mx:MESSAGES>
<mx:DELTA>0</mx:DELTA>
<mx:TIMEUSED>2</mx:TIMEUSED>
<mx:NENTRIES adds="0" dels="0" markdels="0" mods="0" noops="0">0</mx:NENTRIES>
<mx:NERRORS>1</mx:NERRORS>
<mx:NWARNINGS>0</mx:NWARNINGS>
</mx:PASS>
</mx:PASSES>
<mx:PROVISIONING fail="1" num="1" ok="0">
<mx:PROVISION auditid="924904" mskey="150232" seq="1" status="FAIL">
<mx:TEXT>ToCustom.addEntry failed for entry E0090986</mx:TEXT>
</mx:PROVISION>
</mx:PROVISIONING>
</mx:EMSLOG>