Troubleshooting the PowerShell Management Agent

I want to stress that this is a free product and therefore no free support is provided. For general questions, please post in the FIM 2010 forums where good people (and me sometimes) are ready to help.

You can buy this Management Agent and get support through purchase. Please contact me at soren@granfeldt.dk for price and details. If you discover problems or have some neat scripts for the MA, please send them to soren@granfeldt.dk or leave as comments and I'll make them available for public download. Please do not use this email for support as there is no free direct support.

You can help to improve the all-round quality and reach of this Management Agent. Below you can find tips and tricks from the community and users of this Management Agent.

General troubleshooting

The MA uses extensive tracing throughout the code. You can get at this information in different manners. So, when configuring and creating/testing script, you can use a tool like DebugView to catch tracing information from this MA.

Make sure 'Capture Global Win32' is ticked in the Capture menu of and for a more readable tracelog in DebugView, you should remove the tick mark at "Force Carriage Returns" under Options in DebugView.

Other errors and warnings that are not caught by the MA and the logging mechanics can be found in the Application Event Log on your Synchronization Server.

Trace and debug information from your scripts

As of version 5.5.1.1017, you can now use Write-Debug, Write-Verbose, Write-Progress, Write-Warning and Write-Error in your scripts. Information from these lines is picked up and send to the trace log.

To make sure that output from Write-Verbose and similar, you should set the correponding preference to 'Continue' in the start of your scripts, i.e.

$VerbosePreference = 'Continue'

Missing PowerShell v3

A few reports has mentioned that no specific error is reported, if your server does not have PowerShell 3.0 installed. The requirement for PowerShell version 3 is mentioned in the requirements section, however, it is repeated here as this is a common mistake. You can find PowerShell 3 downloads here.

Problem: stopped-extension-dll-instantiation

As of build 5.5.3508, you need to create an eventlog source called "PowerShell Management Agent". The PSMA will try to create this, but if enough permissions are not available, you will get this error. This is easiest done by using the PowerShell command below -

New-EventLog -Source "PowerShell Management Agent" -LogName Application

Problem: Wrong or missing PowerShell Execution Policy

Make sure that the FIM Synchronization Service service account is able to execute script on the FIM server. A hint for doing this is trying to start a PowerShell prompt using RunAs as the service account and make sure that the PowerShell scripts can be executed as that user / in that security context. Also, verify that the PowerShell Script Execution Policy has been configured correctly (see more about using the Set-ExecutionPolicy Cmdlet here)

Problem: Unblocking the DLL

Since the Management Agent is a DLL download from the internet, it may become blocked (Blocked File Protection Control). You can read more about this and how to unblock it here.

Problem: Error on schema import

If the Management Agent is unable to properly interpret the schema file, it displays this error -

Unable to retreive schema. Error: An anchor attribute defined by the extension must not be of type Reference or Boolean. A multivalued attribute defined by the extension must not be of type Boolean.

This might be a bit confusing. However, often times this is because no anchor is defined. Please see schema section for more information on how to schema script with proper object types.

This error may also occur if the service account can't execute the schema script (see Execution Policy problem)

This error may also occur if the path to the schema script contains spaces. The current version does not support spaces in path names. Use short pathname or place scripts in folder path without spaces.

Case-sensitivity

When returning attributes from your scripts, please note that the FIM Schema in some cases is case-sensitive; this means that returning an attributename as "samaccountname" is not the same as returning "sAMAccountName". As a general rule, you should use the same casing for all attributenames as you have specified in the schema script. Please note that this is a requirement for the FIM Synchronization Engine, not from the PSMA.

Last edited Feb 27 at 6:40 AM by Granfeldt, version 6