Description:
Identity Manager r12.5 - Provisioning Directory Creation Fails
When running the Provisioning Directory creation through the IDMManage UI, the following error is thrown:
An error occurred while configuring Identity Manager. Reverting configured objects...
Error: ImsManagedObjectDefinitionImpl.postCreate
Solution:
There are a few different configuration problems that could cause this error condition, and therefore a few different areas that need to be checked and verified. Any or All of the below actions may be necessary to resolve this issue so the recommendation would be to verify each step listed below before proceeding to the next.
Things To Check:
Running SiteMinder?
Check the IM and SiteMinder logs for connectivity errors such as:
ERROR [ims.llsdk.managedobjectdefinition.attributedefinition][facility=4 severity=3 reason=0 status=22 message=Operation has failedSmImsComman (returnManagedObjectAttributes) Provider call failed
Error Code was: -2140798856
Error Message: IM Directory Service: Failed to load the associated SiteMinder user directory ID:176]
Are you using SiteMinder to protect the Identity Manager URL?
If so, you would need to extend the Policy Store Schema.
The following error in the IDM log is pointing to a problem with the SiteMinder connectivity, specifically with the Policy Store Schema which should be extended properly when the IM extensions are installed..
ERROR [ims.llsdk.environment] Could not delete the directory in Siteminder.
ERROR [ims.llsdk.environment] AttributeNotPresentException:
This method requires the presence of an attribute which was not provided.
The attribute is named smOID.
The following error points to the smOID attribute not being present:
ERROR [ims.llsdk.environment] AttributeNotPresentException: This method requires the presence of an attribute which was not provided. The attribute is named smOID.
The smOID attr not being present tells us its a SM Schema problem.
This error points to additional IM/SM communication problems:
IM Directory Service:Failed to load the associated SiteMinder user directory ID:176]
Once you install the CA Identity Manager Extensions for SiteMinder on the system with the Policy Store, extend the policy store schema for CA Identity Manager.
To extend the schema to the policy store, use the Identity Manager Administrative Tools.
Install Identity Manager Administrative Tools using the CA Identity Manager installation program, without installing the Identity Manager Server.
To extend the Policy Store Schema run one of the following scripts for CA Identity Manager on the Policy Store database:
SQL: C:\Program Files\CA\Identity Manager\IAM Suite\IdentityManager\tools\policystore-schemas\MicrosoftSQLServer\ims8_mssql_ps.sql
If this was already done, or if this does not resolve the problem, there is a Registry modification that can be made that may addresses this.
Make the following Registry modification to the sm.registry:
ImsInstalled=8.0; REG_SZ
Note: Before making ANY Registry modifications make sure you have a full system backup!!
After making this modification restart the Policy Server.
At that point re-attempt the Provisioning Directory creation.
Clean up objects in the Policy store that didn't get cleaned up by the IDM create process(even though the error states 'Reverting configured objects' when it fails):