Contact us at 408.675.5020 or sales@identitymaestro.com

Home Page

Knowledge Base Search     Advanced

How to Perform a Sanity Health Check on an Identity Maestro server.

Article ID: 1629
Last updated: 06 Apr, 2020

The sanity health check is a procedure to follow to confirm that all of the connections and critical components of an Identity Maestro server are working as expected.  This procedure is normally used:

  • After the initial installation and configuration of an Identity Maestro server, restart the host Windows server and perform this procedure.
  • After an upgrade to a newer release of an Identity Maestro server, restart the host Windows server and perform this procedure.
  • After a restart of the Windows server hosting an Identity Maestro server (e.g. is Windows Update requires a restart).

Conducting a sanity health check includes the following major steps:

Applies to

These procedures can be used for:

  • Identity Maestro 4.0.4 and higher releases
  • ServiceControl 4.0.3

Step 1 - Check Core Services and Directory Connections

  1. RDP connect to the Identity Maestro host server as a user with local administrator rights.

  2. Launch the Windows Services application and confirm that both of the ServiceControl services are running and that the ServiceControl Connection Agent is set to Log On as the local connection user account created during the installation, e.g. in our example we used .\servicecontrol.

  3. Stop and start each ServiceControl Connection Agent service.  If the ServiceControl Connection Agent service fails to stop, perform an iisreset /stop and try to stop the service again.  If the ServiceControl Connection Agent service fails to start to an invalid logon credential, reset the logon password in the properties of the service. 

  4. Close the Windows Services application.

  5. Launch the Connection Utility and confirm that you see the connections that previously existed.  If connections are missing, contact Identity Maestro support for assistance.


     

Check Active Directory Connections

  1. Double-click the AD connection, select Connection Targets, click the LDAP connection, click Test the connection target, and confirm that the test passes.

  2. Click OK to close the Connection Successful window.

  3. Select the Home Directories tab.

  4. Select the configured server and click Test and confirm that the test is successful.



    If the test fails, that normally indicates that the ServiceControl Connection Agent Windows service is not running.  Check and start that service and retest.

Test Exchange Connections

  1. Double-click the Exchange connection.

  2. Select the Remote Agent tab.

  3. Check to see that both services are Running.

  4. Click the Test button.

  5. Click OK and Cancel.  Minimize or close the Connection Utility.

Step 2 - Check IIS Application Pools and Websites

These steps will confirm that the installed application pools and websites are working as expected.

  1. Launch the IIS Manager application.

  2. Expand the Installation Server and select Application Pools.

  3. Select the ServiceControl pool and check that the Start task in Application Pool Tasks is greyed out.  That indicates that the pool is running.

    Identity Maestro will create an application pool for each website that it installs.  The Identity Maestro pool is used by the Default Web Site.  The Omni.WorkflowEngine pool is used by the Omni.WorkflowEngine website.  There will be an application pool for each Omni.RA (remote agent) website.  The identity for each of those websites needs to be set to the local service user accounts that was created when Identity Maestro was installed.  That local user is a member of the local Administrators group (to provide local file system access) and to IIS_USRS group to provide sufficient permissions to service websites.  If any of the website checks fail, that can indicate that the identy set for the application pool is corrupted.  Select the application pool, click Advanced Settings and reset the username and password for the identity.
  4. Select and check the  Omni.WorkflowEngine pool.

  5. Select and check each Omni.RA application pool.

  6. Expand Sites and select the Default Web Site.

  7. In Action pane, select Basic Settings.

  8. In the Edit Site window, click Test Settings.

  9. In the Test Connection window, confirm that the test shows green arrows.

  10. Click Close and Cancel.

  11. Repeat this process to confirm that the connections pass for the Omni.WorkflowEngine site, and connections pas for each Omni.RA site..

  12. Close the IIS Manager application.

Step 3 - Check Office 365 Connections & Azure AD Remote Agent

These steps will confirm that the Office 365 connection is working in both the Connection Utility and the Remote Agent for Azure AD web application.  Skip this procedure if your Identity Maestro is not connecting to Office 365.

  1. In the Connection Utility, double-click the Microsoft Online connection for the Office 365 instance, select the Remote Agent tab and clicking the 2. Test AAD Connection button.

  2. Click Cancel and close the Connection Utility.

  3. In a web browser on the Identity Maestro server, go to http://127.0.0.1:40002. Click on the Swagger icon.

  4. Expand the Domains list and select Get Domains.

     

  5. Scroll down and add the Office 365 subscription primary email domain name in the domain field in the Parameters section.

  6. Click the Try it out! button.  When prompted to authenticate, provide the credentials for the Azure AD Remote Agent app pool (from IIS Manager).

  7. Scroll down to the results and confirm that the IsDefault and IsInitial values show true.


     

  8. Close the browser.

Step 4 - Check the Azure License Profiles 

This procedure will confirm that the license profiles displayed in the Azure License Profile Manager desktop console are being read by the Remote Agent for Azure AD web application.

  1. Select the Azure License Profile Manager desktop console.  Right-click the desktop icon and select Run as administrator.

  2. In the "User Account Control" window, select Yes.

  3. In the navigation pane, refresh the nodes until you reach and refresh the Licensing node.  Confirm what each license profile is set to.


     
  4. Close the desktop console.
  5. Open a web browser on the Identity Maestro host server and go to http://127.0.0.1:40002.

  6. Select Swagger UI.

  7. Expand the Licences list and select Get Licences.

  8. Scroll down and click the Try it out button.

  9. When prompted to authenticate, provide the credentials of the Identity user for the Remote Agent for Azure AD application pool (in IIS).

  10. Scroll down to Responses and examine the information.  You should see information to confirm that all license profiles are being read by the Remote Agent for Azure AD web application.


     

    ID: this value should match the Profile ID value.

    Domain:  Should display the primary domain name of the Office 365 connection.

    LicensingProfileName:  This should display the value of the Profile Name.

    DisabledServicePlans:  This should display the list of service plans that were unchecked in the license profile in the Azure License Profile Manager desktop console.

  11. Close the web briwser tab for the Remote Agent web application when you no longer need to use it.

Step 5 - Check the Identity Maestro web application

This procedure confirms that the Identity Mastro portal is working.

  1. Open a web browser on the Identity Maestro host server and go to http://127.0.0.1.

  2. Login as a Delegated Administrator user.

  3. Select Administration on the main menu to access the Administration panel.

  4. Select Options > Advanced Settings > Email Settings.

  5. Click Send test Email and confirm that you see that the message was sent.  This confirms that Identity Maestro emails will be delivered to the defined SMTP service.

  6. Click the Home button to switch to the front-end.

  7. Select the Browse tab and expand the domain.  You should see all top-level folders and OUs.

  8. Expand an OU and you should see all of the Child OU's.

  9. Click on an OU and confirm that you can see all of the users, contacts and groups.

  10. Test access to other modules that have been enabled.

  11. Logout and login as An Administrator Account.

​​​

Step 6 - Check the Workflow Center

  1. Open a web browser on the Identity Maestro host server and go to http://127.0.0.1:40000.

  2. In the Navigation Panel, select Workflow Definitions and ensure that you can see workflows that apply to your installation options, especially the Create.Entity.ActiveDirectory, Create.Entity.eDirectory, and Office365 workflows.

  3. In the Navigation Panel, select Test Email Service.  In the Email Message box, change the To: field to display as a valid Domain email Address.

  4. Click Send Test Email and confirm that the message was sent and there are no errors.

  5. Close your web browser.

This article was:   Helpful | Not helpful Report an issue


Article ID: 1629
Last updated: 06 Apr, 2020
Revision: 21
Views: 706
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Also read
item Setup the Server Desktop

Also listed in
folder Identity Maestro -> Guides, How-to, FAQ -> Management Guides -> Administrator Guide -> Admin Tasks: Common

Prev     Next
7 - Health Check: Perform       Administrator Guide