Please confirm the version of One Identity Manager you are running as per the following:
How to identify the version of One Identity Manager
It is critical to the troubleshooting process that Support have the latest logs for any issues.
Please provide the logs for every service request.
Version 7 and Above:
How to Enable TRACE Logging
Also, please refer to the Configuration Guide, Searching for Errors in the One Identity Manager.
Identity Manager Service Extended Debugging (sign in required).
Please provide the
Job Service Configuration
1. Issue: The job service configuration is complete, but the One Identity Manager (1IM) service is not starting. Items to check:
- Is the Connection string correct, and does testing the connection succeed?
- Is the service configured to use an account with the correct permissions on the “Log On” tab?
For more information please refer to the Configuration guide: Configuring the One Identity Manager Service.
2. Issue: The job service configuration is complete and correct, and the 1IM service starts successfully, but there are errors in the job service log. Items to check:
- Is the job server declared in the database (Designer | Base Data | Job server)? A job server needs to be declared in the database, this is a requirement. For more information please refer to the Configuration Guide: Setting up Job servers.
- Is the service configured to use an account with the correct permissions on the “Log On” tab? Refer to Knowledge Article 115917, One Identity Manager Service Account permissions.
Issues with adding a Managed Domain (ADS)
1. Please refer to Knowledge Article 116763 for steps on how to use the ADS Target System Wizard, How to use the ADS Target System Wizard.
2. If the "Configure Active Directory" wizard freezes, please refer to Knowledge Article 89764, The "Configure Active Directory" wizard freezes.
3. Use Job Queue Info (JobQueueInfo.net) to monitor processes and troubleshoot errors. Check for frozen processes or the status of processes, e.g.: “LOADED”, “PROCESSING”.
4. Verify completed processes in the Process history tab of the Job Queue Info tool. Refer to Knowledge Article 110587, regarding How to turn on Process History.
- Once Process History is enabled go to View | Process history. Processes can be sorted chronologically by right-clicking the “Process history” tab and selecting “Show chronological order” (Please note: if there are thousands of processes in the history, this could take several minutes to complete).
5. Gather the job service log. You may also collect the NsProviderTrace log. To confirm the location of each and how to enable “Component Debug mode” please see the following Knowledge Article 115851, Available logging options for the Identity Manager Job Service.
6. Confirm you can connect to the domain/domain controller using the VINSProviderTest tool. Refer to Knowledge Article 115852 for steps on how to use the VINSProviderTest tool: Confirm connection to the domain/domain controller using the VINSProviderTest tool.
Running a Full or Partial sync fails. Please confirm and gather the following:
1. Confirm that a valid Domain Controller is listed as the “Domain controller (sync.)" in Manager for the managed domain:
2. Confirm that the Mapping rule and Schema definition have each been loaded for the Active Directory domain in Manager.
3. Confirm that the LDAP login is a valid AD account with required permissions: Quest One Identity Manager Service Account permissions.
4. Gather the job service, stdioprocessor and NsProviderTrace logs for Support.
5. Depending on the errors being received it may be necessary to collect:
- The mapping file (MappingInfo)
- The Schema Definition
- The “SyncConfigurations”
Please refer to KB Article 229618, Troubleshooting One Identity Manager Provisioning Issues.
"Frozen" jobs in the job queue (JobQueueInfo.net)
Please refer to Knowledge Article 123342 for troubleshooting steps, How to troubleshoot “Frozen” jobs in the job queue (JobQueueInfo.net).
Example: the ADSAccount_Update takes a long time to complete, 'ADSAccount_Update' Job taking a long time to run.
You can also configure the system to send a message when there are failed jobs: What email notifications are available to alert that jobs are failing or frozen?
Troubleshooting IT Shop (web portal) issues
For log on issues, i.e., unable to log
1. Can the
2. How are you attempting to log in? For example, are you using a system user, Employee or AD account? The relevant authentication module needs to be activated in the web.config.
3. If logging in to the portal via Web Designer works, authentication modules are correct (and you are using a valid account), then it may be necessary to gather the log files:
How to Enable and Collect IT Shop Logs
For other issues with ITShop, such as cosmetic issues, data not displaying, and so on:
1. Verify whether the item appears in the Web Designer preview or not.
2. Enable the “monitor” page to confirm if there are any errors.
3. Confirm if the