We showed Lab Preview version of Provisioning Monitor tool at TechEd’2015 and since some time both Identity Management 7.2 and 8.0 customers can enjoy it because it is release independent component.
Based on information form support questions we identified several typical issues and the tool can recognize those and propose solutions for them.
The provisioning monitor can help you analyze and troubleshoot performance issues, such as:
The tool reads data from database, it does not do any changes but can show you and advise you what might be the issue by showing the workflows in the provisioning queue, which are related to a specified entry (for example, person, privilege, or role). The output are two JSON files – Workflow.json and Problem.json.
While Workflow.json can give you insights about what is going on with the entry - the workflow as the name implies, the second one contains additional information about the problem and a proposal for a solution, if the analysis of the provisioning monitor has detected one or more of the following root causes:
Let's look in more details.
1. Tasks are stuck in state „Queued“
The problem is that there are tasks stuck in state “Queued” (State = 37) in the provisioning queue which would never be executed because there is no task which they are waiting to finish or all the tasks are completed.
Solution : The task state in the provisioning queue have to be updated to 2 – “Ready To Run”.
Additional Information : You can fix such problem with the following database statement :
SQL Server/ Sybase ASE - UPDATE mxp_provision set State = 2, PrevState = State where State = 37 AND ActionID = <ReportedProblemTaskID> AND MSKey = (select mcmskey from mxi_entry with (nolock) where mcmskeyvalue = <EntryMskeyvalue>)
Oracle/DB2 - UPDATE mxp_provision set State = 2 where State = 37, PrevState = State AND ActionID = <ReportedProblemTaskID> AND MSKey = (select mcmskey from mxi_entry where mcmskeyvalue = <EntryMskeyvalue>)
2. Tasks are stuck in state "Ready to run" with no execution time
The problem is that in the provisioning queue exist tasks which are in status “Ready To Run”, but there is no scheduled execution time about them.
Solution : The exectime in the provisioning queue has to be updated.
Additional Information : You can fix such problem with the following database statement :
3. An object references itself and can't be completed
The problem is that somewhere in a given task/process flow a task/process has a reference to itself.
Solution : The duplicated task/process has to be removed from the flow.
4. Tasks are stuck in state "Wait for event tasks" or "Wait for event task status"
The problem is that there are tasks in state “Wait for event task” (State = 23) or “Wait for event task status” (State = 24) in the provisioning queue which are waiting for event task which is already completed.
Solution : The status has to be updated respectively to 33 – “Ready To Process Wait Before task” or 34 – “Ready To Process Wait After task”
Additional Information : You can fix such problem with the following database statement :
SQL Server/ Sybase ASE - UPDATE mxp_provision set State = State + 10, PrevState = State where State = <ReportedProblemState> AND ActionID = <ReportedProblemTaskID> AND MSKey = (select mcmskey from mxi_entry with (nolock) where mcmskeyvalue = <EntryMskeyvalue>)
Oracle/DB2 - UPDATE mxp_provision set State = State + 10, PrevState = State where State = <ReportedProblemState> AND ActionID = <ReportedProblemTaskID> AND MSKey = (select mcmskey from mxi_entry where mcmskeyvalue = <EntryMskeyvalue>)
5. Approval tasks without assigned approvers are stuck in the provisioning queue
The problem is that an approval task is stuck in the provisioning queue without approvers.
Solution : If the task is of type Basic Approval, the approvers which are assigned to the task have to be checked. If there are assigned approvers they have to check their “To Do” tab in the Identity Management User Interface. If no approver is assigned, assign an approver and trigger the approval task again.(One way to do it, is to set the task to be triggered on modify in the Event Tasks property of the attribute. And then modify the attribute)
If the task is of type Assignment Approval, the Development Support has to be contacted.
More information on how to get provisioning monitor tool for 7.2 and 8.0 SP1 and how to use it you can find here:
The difference between 7.2 and 8.0 is that in 7.2 it is a command-line standalone tool
while in 8.0 it is integrated in the Monitoring tab of administrative UI.
Here is an example of how to call it in 7.2. in Windows environment:
ProvMonitor.bat "jdbc:sqlserver://localhost:1433;databasename=MXMC_db;user=MXMC_oper;password=_Password" "C:\usr\sap\idm\JDBC Drivers\MSSQL JDBC40\sqljdbc4.jar" "mskeyvalue.demo" "1" "DEBUG"
You can put this string in a shell file and if you do not want to put the password inside use "_Password" and you will be prompted during execution.
We are glad to receive feedback about the tool or other frequent patterns you may have faced.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
35 | |
25 | |
14 | |
13 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 |