Microsoft Identity manager (MIM) communicates with SharePoint via a web service, specifically, the “ProfileImportExportService” web service, located at http://YourCentralAdminSite/_vti_bin/ProfileImportExportService.asmx
When there are problems with the synchronization, you should always look at what the MIM client (miisclient.exe) and the SharePoint ULS logs are saying, but sometimes there is a need to dig a little deeper and take a look at the actual web service requests and their responses. This post is about configuring Fiddler to capture those web service requests.
Download Fiddler and install it on the MIM server: https://www.telerik.com/download/fiddler
On the MIM server, navigate to C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin and make a backup copy of the “miiserver.exe.config” file.
Edit the miiserver.exe.config file and add proxy info to it just above the closing Configuration tag. The text you need to add is highlighted. The “runtime” and “configuration” closing tags were left to show placement:
<proxy usesystemdefault="false" proxyaddress="http://127.0.0.1:8888" bypassonlocal="false" />
In services.msc, restart the “Forefront Identity Manager Synchronization Service.”
Open Fiddler on the MIM server.
Run whichever Sync step is giving you problems. You should now see the calls to SharePoint logged in Fiddler:
Here’s an example showing the “Inspectors” tab for a request to RetrieveProfileChangeDataFull, which is the web service method used to get profile data from SharePoint.
The MIM server request is on top. The SharePoint server response is below. This is how you can see the actual data changing hands when the Sync step runs.
This is change is easy to revert.
Rename the modified “miiserver.exe.config” file on the MIM box to something like “miiserver.exe.config.FiddlerEnabled”
Restore the backup copy of “miiserver.exe.config” you took earlier.
Restart the “Forefront Identity Manager Synchronization Service” on the MIM server again.
- This is only useful for troubleshooting Sync steps (“run profiles”) that communicate with SharePoint. If your problem is connecting to Active Directory, this will not help you.
- If you’re using SSL (HTTPS) on the SharePoint site you’ve configured MIM to connect to, you’ll also have to configure Fiddler to decrypt that.
- As long as the above proxy info is in the “miiserver.exe.config” file, Fiddler must be running on the machine. If you close Fiddler, but leave the proxy info in the config file, all HTTP calls that MIM makes will fail.
- This also works for Forefront Identity Manager (FIM) 2010, including the versions that are built into SharePoint 2010 and SharePoint 2013.