The following is a list of issues known to exist at the time of release of One Identity Manager.
Known Issue | Issue ID |
---|---|
Error in the Report Editor if columns are used that are defined in the Report Editor as keywords. Workaround: Create the data query as an SQL query and use aliases for the affected columns. |
23521 |
Errors may occur if the Web Installer is started in several instances at the same time. |
24198 |
Header text in reports saved as CSV are not given their correct names. |
24657 |
In certain circumstances, objects can be in an inconsistent state after simulation in Manager. If an object is changed or saved during simulation and the simulation is finished, the object remains in the final simulated state. It may not be possible to save other modifications to this object instance. Solution: Reload the object after completing simulation. |
12753 |
Invalid module combinations can be selected in the Configuration Wizard. This causes errors at the start of the schema installation. Cause: The Configuration Wizard was started directly. Solution: Always use autorun.exe for installing One Identity Manager components. This ensures that you do not select any invalid modules. |
25315 |
Schema extensions on a database view of type View (for example Department) with a foreign key relation to a base table column (for example BaseTree) or a database view of type View are not permitted. | 27203 |
Error connecting through an application server or the API Server if the certificate's private key, used by the VI.DB to try and encrypt its session data, cannot be exported and the private key is therefore not available to the VI.DB. Solution: Mark the private key as exportable if exporting or importing the certificate. |
27793 |
It is not possible to extend predefined dynamic foreign keys by references to redefined tables. If you define custom dynamic foreign keys, at least one of the parties involved - dynamic foreign key column or referenced table - must be a custom object. |
29227 |
Error resolving events on a view that does not have a UID column as a primary key. Primary keys for objects in One Identity Manager always consist of one, or in the case of M:N tables, two UID columns. This is basic functionality in the system. The definition of a view that uses the XObjectKey as primary key, is not permitted and would result in more errors in a lot of other places. The consistency check Table of type U or R with wrong PK definition is provided for testing the schema. |
29535 |
The default setting of globallog.config assumes that write access exists for %localappdata%. If an EXE does not have sufficient permissions, the log can be written to a directory that does have the access rights by changing the variable logBaseDir in the globallog.config or by introducing a special log configuration in the *.exe.config or the Web.config file. |
30048 |
If the One Identity Manager database is installed in an SQL cluster (High Availability Group) and the option DTC_SUPPORT = PER_DB is set, replication between the server is done by Distributed Transaction. The error, in case a Save Transaction is carried out is: Cannot use SAVE TRANSACTION within a distributed transaction. Solution: Disable the option DTC_SUPPORT = PER_DB. |
30972 |
If no date is given, the date 12/30/1899 is used internally. Take this into account when values are compared, for example, when used in reports. For detailed information about displaying dates and time, see the One Identity Manager Configuration Guide. |
31322 |
The following error occurred installing the database under SQL Server 2019: QBM_PDBQueueProcess_Main unlimited is only allowed as an agent job Solution:
For more information, see https://support.oneidentity.com/KB/315001. |
32814 |
Known Issue |
Issue ID |
---|---|
The error message This access control list is not in canonical form and therefore cannot be modified sometime occurs when installing the Web Portal with the Web Installer. The error occurs frequently after a Windows 10 Anniversary Update. Solution: Change the permissions for the users on the web application's parent folder (by default C:\inetpub\wwwroot) and apply the changes. Then revoke the changes again. |
26739 |
In the Web Portal, a product’s request properties are not transferred from the original request to the shopping cart if the request is renewed or canceled. Cause: Request properties are saved in separate custom columns. Solution: Create a template for (custom) columns in the ShoppingCartItem table that stores the request properties when the request is made. This template must load the request properties from the identical (custom) columns in the PersonWantsOrg table relating to this request. |
32364 |
It is not possible to use the Web Designer to place a link in the header of the Web Portal next to the company name/logo. |
32830 |
In the Web Portal, it is possible to subscribe to a report without selecting a schedule. Workaround:
|
32938 |
Known Issue | Issue ID |
---|---|
Memory leaks occur with Windows PowerShell connections, which use Import-PSSession internally. |
23795 |
By default, the building block HR_ENTRY_DATE of an SAP HCM system cannot be called remotely. Solution: Make it possible to access the building block HR_ENTRY_DATE remotely in your SAP HCM system. Create a mapping for the schema property EntryDate in the Synchronization Editor. |
25401 |
Any existing secondary SIP addresses are converted into primary email addresses when Microsoft Exchange mailboxes are added, providing that no primary SIP addresses were stored up to now. | 27042 |
Error in IBM Notes connector (Error getting revision of schema type ((Server))). Probable cause: The IBM Notes environment was rebuilt or numerous entries have been made in the Domino Directory. Solution: Update the Domino Directory indexes manually in the IBM Notes environment. |
27126 |
The SAP connector does not provide a schema property to establish whether a user has a productive password in SAP R/3. If this information is meant to be in One Identity Manager, extend the schema and the synchronization configuration.
|
27359 |
Synchronization projects for SAP R/3 that were imported by a transport into a One Identity Manager database, cannot be opened. The problem only occurs if an SAP R/3 synchronization project was not added in the target database before importing the transport package. Solution: Create and save at least one SAP R/3 synchronization project before you import SAP R/3 synchronization projects into this database with the Database Transporter. |
27687 |
Error provisioning licenses in a central user administration's child system. Message: No company is assigned. Cause: No company name could be found for the user account. Solution: Ensure that either:
|
29253 |
Certain data is not loaded during synchronization of SAP R/3 personnel planning data that will not come into effect until later. Cause: The function BAPI_EMPLOYEE_GETDATA is always executed with the current date. Therefore, changes are taken into account on a the exact day. Solution: To synchronize personnel data in advance that will not come into effect later, use a schema extension and load the data from the table PA0001 directly. |
29556 |
Error synchronizing an OpenDJ system, if a password begins with an open curly bracket. Cause: The LDAP server interprets a generated password of the form {<abc>}<def> as a hash value. However, the LDAP server does not allow hashed passwords to be passed. Solution: The LDAP server can be configured so that a hashed password of the form {<algorithm>}hash can be passed.
|
29620 |
Target system synchronization does not show any information in the Manager web application. Workaround: Use Manager to run the target system synchronization. |
30271 |
The following error occurs in One Identity Safeguard if you request access to an asset from the access request policy section and it is configured for asset-based session access of type User Supplied: 400: Bad Request -- 60639: A valid account must be identified in the request. The request is denied in One Identity Manager and the error in the request is displayed as the reason. |
796028, 30963 |
Inconsistencies in SharePoint can cause errors by simply accessing a property. The error also appears if the affected schema properties mapping is disabled. Cause: The SharePoint connector loads all object properties into cache by default. Solution:
|
31017 |
If a SharePoint site collection only has read access, the server farm account cannot read the schema properties Owner, SecondaryContact and UserCodeEnabled. Workaround: The properties UID_SPSUserOwner and UID_SPSUserOwnerSecondary are given empty values in the One Identity Manager database. This way, no load error is written to the synchronization log. |
31904 |
If date fields in an SAP R/3 environment contain values that are not in a valid date or time formats, the SAP connector cannot read these values because type conversion fails. Solution: Clean up the data. Workaround: Type conversion can be disabled. For this, SAP .Net Connector for .Net 4.0 on x64, version 3.0.15.0 or later must be installed on the synchronization server. IMPORTANT: The solution should only be used if there is no alternative because the workaround skips date and time validation entirely. To disable type conversion
|
32149 |
There are no error messages in the file that is generated in the PowershellComponentNet4 process component, in OutputFile parameter. Cause: No messages are collected in the file (parameter OutputFile). The file serves as an export file for objects returned in the pipeline. Solution: Messages in the script can be outputted using the *> operator to a file specified in the script. Example: Write-Warning "I am a message" *> "messages.txt" Furthermore, messages that are generated using Write-Warning are also written to the One Identity Manager Service log file. If you want to force a stop on error in the script, you throw an Exception. This message then appears in the One Identity Manager Service's log file. |
32945 |
The G Suite connector cannot successfully transfer Google applications user data to another G Suite user account before the initial user account is deleted. The transfer fails because of the Rocket application's user data. Workaround: In the system connection's advance settings for G Suite, save an application transfer XML. In this XML document, limit the list to the user data to be transferred. Only run the Google applications that have user data you still need. You can see an example XML when you edit the application transfer XML in the system connection wizard. To limit the list of user data you want to transfer
|
33104 |
If target system data contains appended spaces, they go missing during synchronization in One Identity Manager. Every subsequent synchronization identifies the data changes and repeatedly writes the affected values or adds new objects if this property is part of the object matching rule. Solution: Avoid appending spaces in the target system. |
33448 |
Known Issue |
Issue ID |
---|---|
Moving a shelf to another shop and the recalculation tasks associated with it can block the DBQueue. Solution: Parent IT Shop nodes of shelves and shops cannot be changed once they have been saved. To move a product in a shelf to another shop
Once you have moved all the products, you can delete the shelf. |
31413 |
During approval of a request with self-service, the Granted event of the approval step is not triggered. In custom processes, you can use the OrderGranted event instead. |
31997 |
Known Issue | Issue ID |
---|---|
An error can occur during synchronization of SharePoint websites under SharePoint 2010. The method SPWeb.FirstUniqueRoleDefinitionWeb() triggers an ArgumentException. For more information, see https://support.microsoft.com/en-us/kb/2863929. |
24626 |
Installing the One Identity Manager Service with the Server Installer on a Windows Server does not work if the setting File and Printer sharing is not set on the server. This option is not set on domain controllers on the grounds of security. |
24784 |
An error, TNS-12516, TNS-12519 or ORA-12520, sporadically occurs when connecting with an Oracle Database. Reconnecting normally solves this. Possible cause: The number of processes started has reached the limit configured on the server. |
27830 |
Cannot navigate with mouse or arrow keys in a synchronization log with multiple pages. Cause: The StimulReport.Net component from Stimulsoft handles the report as one page. |
29051 |
Valid CSS code causes an error under Mono if duplicate keys are used. For more information, see https://github.com/mono/mono/issues/7455. |
762534, 762548, 29607 |
Memberships in Active Directory groups of type Universal in a subdomain are not removed from the target system if one of the following Windows updates is installed:
We do not know whether other Windows updates also cause this error. The Active Directory connector corrects this behavior with a workaround by updating the membership list. This workaround may deteriorate the performance of Active Directory groups during provisioning and will be removed from future versions of One Identity Manager once Microsoft has resolved the problem. |
30575 |
In certain circumstances, the wrong language is used in the Stimulsoft controls in the Report Editor. |
31155 |
In the Manager web application, following errors can occur under Windows Server 2008 R2: System.Security.Cryptography.CryptographicException: Object was not found. at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider, String algorithm, String name, CngKeyCreationOptions options) Workaround:
For more information, see https://support.microsoft.com/en-us/help/4014602. |
31995 |
When connecting an external web service using the web service integration wizard, the web service supplies the data in a WSDL file. This data is converted into Visual Basic .NET code with the Microsoft WSDL tools. If, in code generated in this way, default data types are overwritten (for example, if the boolean data type is redefined), it can lead to various problems in One Identity Manager. |
31998 |
In certain Active Directory/Microsoft Exchange topologies, the Set-Mailbox Cmdlet fails with the following error: Error on proxy command 'Set-Mailbox...' The operation couldn't be performed because object '...' couldn't be found on '...'. For more information, see https://support.microsoft.com/en-us/help/4295103. Possible workarounds:
|
33026 |