This one has me a bit puzzled, haven't used much time troubleshooting
this either.


In July, I decommissioned two drivers from an IDM instance.
These drivers both had Entitlement objects (valued, legacy/pre-IDM4
style) - not bound to any resources.

These entitlements were referenced in two workflows, so as part of
decommissioning the drivers, I edited/deployed the two workflows to
remove the Entitlement activities which referenced these.

The workflows in question now only reference an entitlement object in a
third driver (which is still in use).

The drivers were deleted from the IDVault, so any DirXML-EntitlementRef
values on users which reference these drivers are also gone.


Since the decommissioning, there have been reports of intermittent
issues when approving requests via one the workflows. The server log
shows the following error (which references one of the deleted drivers)

[Workflow_Error] Initiated by cn=uaadmin,ou=Users,ou=Services,o=ACME,
Error Message: Malformed DN:
CN=ACME1,CN=DriverSet,OU=IDM,OU=Services,O=ACME specified., Process ID:
f37c211be8334fe4883aa8997a266d73, Process Name:
CN=CreateADUser,CN=RequestDefs,CN=AppConfig,CN=Use rApplication,CN=Driver
Set,OU=IDM,OU=Services,O=ACME:8, Activity: prov, Recipient:

Troubleshooting/problem isolation:
These requests were created (via the start workflow token, not via the
web UI) after the date when the driver was deleted and the updated PRDs
were deployed.

Only one of the deleted drivers which is ever referenced in the error

Only requests via one of the workflows generates this error.

When the error is generated, creating a new request (manually) and
approving it (by the same user) always works.

I've checked the PRD (including exporting it to XML) for any lingering
reference to the deleted driver/entitlement - can't find any.

Only happens in prod, not in the test environment.

Haven't looked in the database yet. Nor have I turned on any increased
log levels.

Has anyone seen a similar problem and got some clues as to where to
start hunting for what must be a lingering reference to this deleted
object? Could there be some lingering reference in the RBPM database?

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...