HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0

A new hotfix rollup was released on the 11th of March Microsoft Identity Manager contains a number of fixes and some new functionality.

It appears that it also contains a new bug. Information about this came to my attention from Ryan Newington

The bug kicks in if you’re trying to run sync sequences on multiple MA’s simultaneously. It throws the error; “Unable to run the management agent.” Exception from HRESULT: 0x8023063D

The screenshot below shows the error when attempting to run a Full Synchronization on an MA when another MA is already running a Full Synchronization.

Note: You CAN still run Stage (Full Import) sequences on multiple MA’s simultaneously.

After rolling back my MIM Sync Server (to 4.3.2064.0, the snapshot prior to applying the 4.3.2124.0 rollup) I can again run multiple sync sequences across multiple management agents simultaneously.

Summary

If your run sequences include running multiple sync jobs running simultaneously don’t update your MIM/FIM Synchronisation Server to 4.3.2124.0.

Microsoft, can we have a fix please.

Follow Darren on Twitter @darrenjrobinson

  • I don’t believe this is a bug, but rather preventing you from doing what shouldn’t be done, i.e. running synchronization run profiles concurrently. That can easily lead to deadlocks, and possibly data corruptions, given two synchronization runs running at the same time may try to synchronize the same object at the same time.

    They are addressing this in the hotfix, i.e. issue 4. Running more than one run profile with a synchronization task at the same time may cause data corruption. Note A message box is displayed with a 0x8023063D error code.

    That’s exactly the behaviour you’re seeing.

    Cheers,

    Marc

    • Darren Robinson

      I understand your viewpoint Marc if you’re using FIM/MIM to managed a single object type.
      Many of my implementations are managing many different object types across multiple MA’s. This is where is makes perfect sense to run them in parallel.
      Decisions to run them like this should be up to the implementer not a constraint in the product.

      DR

  • Darren Robinson

    Hotfix rollup package (build 4.3.2195.0) has been released which is supposed to address this issue. However in my testing I’m still getting Exception from HRESULT 0x8023063D when running a Sync on multiple MA’s. https://support.microsoft.com/en-us/kb/3134725

  • Adam Cosby

    Do we know if there is a workaround to this issue?

    We have many MAs so now having to run in parralell is taking days rather than hours. Is this logged formally with Microsoft?

    • Darren Robinson

      Microsoft are aware this is an issue for some implementations. I previously just hadn’t applied that hotfix. Now for the one implementation that needs this that is on the latest patch level I’ve split the Import from the Sync. It’s multiple Syncs that throw the exception. You can still run multiple Imports Only in parallel.

  • Pingback: How to create an AzureAD Microsoft Identity Manager Management Agent using the MS GraphAPI and Differential Queries | Kloud Blog()