FIM

HRESULT: 0x8023063D when attempting to run multiple Sync Run Profiles in MIM/FIM after applying rollup build 4.3.2124.0

A new hotfix rollup was released on the 11^th of March Microsoft Identity Manager contains a number of fixes and some new functionality.

It appears that it also contains a new bug. Information about this came to my attention from Ryan Newington

The bug kicks in if you’re trying to run sync sequences on multiple MA’s simultaneously. It throws the error; “Unable to run the management agent.” Exception from HRESULT: 0x8023063D

The screenshot below shows the error when attempting to run a Full Synchronization on an MA when another MA is already running a Full Synchronization.

Note: You CAN still run Stage (Full Import) sequences on multiple MA’s simultaneously.

After rolling back my MIM Sync Server (to 4.3.2064.0, the snapshot prior to applying the 4.3.2124.0 rollup) I can again run multiple sync sequences across multiple management agents simultaneously.

Summary

If your run sequences include running multiple sync jobs running simultaneously don’t update your MIM/FIM Synchronisation Server to 4.3.2124.0.

Microsoft, can we have a fix please.

Follow Darren on Twitter @darrenjrobinson

Darren Robinson

Bespoke learnings from a Microsoft Identity and Access Management Architect using lots of Microsoft Identity Manager, Azure Active Directory, PowerShell, SailPoint IdentityNow and Lithnet products and services.

Next Managing SharePoint Online (SPO) User Profiles with FIM/MIM 2016 and the Granfeldt PowerShell MA »

Previous « Creating Microsoft Identity Manger (MIM) Run Profiles using PowerShell (post MIM rollup build 4.3.2124.0)

View Comments

Marc Mac Donell says:

March 15, 2016 at 9:48 pm

I don't believe this is a bug, but rather preventing you from doing what shouldn't be done, i.e. running synchronization run profiles concurrently. That can easily lead to deadlocks, and possibly data corruptions, given two synchronization runs running at the same time may try to synchronize the same object at the same time.

They are addressing this in the hotfix, i.e. issue 4. Running more than one run profile with a synchronization task at the same time may cause data corruption. Note A message box is displayed with a 0x8023063D error code.

That's exactly the behaviour you're seeing.

Cheers,

Marc
- Darren Robinson says:
  
  March 16, 2016 at 7:00 am
  
  I understand your viewpoint Marc if you're using FIM/MIM to managed a single object type.
  Many of my implementations are managing many different object types across multiple MA's. This is where is makes perfect sense to run them in parallel.
  Decisions to run them like this should be up to the implementer not a constraint in the product.
  
  DR
Darren Robinson says:

May 3, 2016 at 9:47 am

Hotfix rollup package (build 4.3.2195.0) has been released which is supposed to address this issue. However in my testing I'm still getting Exception from HRESULT 0x8023063D when running a Sync on multiple MA's. https://support.microsoft.com/en-us/kb/3134725
Adam Cosby says:

January 16, 2017 at 11:30 pm

Do we know if there is a workaround to this issue?

We have many MAs so now having to run in parralell is taking days rather than hours. Is this logged formally with Microsoft?
- Darren Robinson says:
  
  January 17, 2017 at 5:55 am
  
  Microsoft are aware this is an issue for some implementations. I previously just hadn't applied that hotfix. Now for the one implementation that needs this that is on the latest patch level I've split the Import from the Sync. It's multiple Syncs that throw the exception. You can still run multiple Imports Only in parallel.