FIM2010–Troubleshooting “sync-rule-inbound-flow-rules-invalid” Error Messages

Today while I was working at a client I made an adjustment to an outbound flow rule. When I imported it from the FIM MA and tried to synchronize it into the MV, I got the “sync-rule-inbound-flow-rules-invalid” error message. This is very concerning because once that error is received, the synchronization rule seems to stop working entirely.

I went through the following steps to try to resolve the issue:

  1. Went through and validated that the sync rule appeared to be valid and that all the attributes that were being used were still valid.
  2. Resynchronized the rule but the error still persisted.
  3. Went back to the synchronization rule definition and changed it to an inbound-outbound type flow rule. (it was previously outbound only).
  4. Resynchronized the rule and the error was gone.
  5. Again, went back and changed the synchronization rule to outbound only.
  6. Resynchronized the rule and the error was still gone and the rule operated normally.

This was interesting behaviour but if you happen to see the message it appears that simply changing the type and resynchronizing seems to clear the error. Then I could change the type back to the desired type (as I didn’t want any inbound flow rules accidently applied in this rule).

This is obviously a much better solution than what I had done previously in new systems where I deleted the synchronization rule and recreated it. I then had to reapply the new rule to all the objects because the ERE’s for the connected directory were now pointing to the wrong object ID, therefore synchronization rule, in the Metaverse which caused futher complications in life. Smile

This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

4 Responses to FIM2010–Troubleshooting “sync-rule-inbound-flow-rules-invalid” Error Messages

  1. Nigel says:

    FIM 2010 R2 SP1 … Same symptoms for all 8 SR. I flipped the simplest rule to in and out and the FIM MA FI FS fixed all 8 SR and projected to MV ??.. Thanks for the tip 🙂

  2. Fast forward to 2015 and I was getting the same error once more – but this time in another context. I had been updating ECMA1 schema (separate blog post coming on this one!) and “sync-rule-inbound-flow-rules-invalid” reared its head again – but this time no sync rule changes had been made! Found that the remedy was to restart the FIM Sync service and retry – so I figure that the old schema somehow needed to be flushed from memory.

    A big word of warning once you’ve overcome this error when declarative sync rules are involved – check your metaverse precedence rules and see if they haven’t been completely screwed up (like mine have been – and continue to be every time I get this error).

    • Hi Bob,

      Yes, this problem seems to persist. I have had another client have a similar problem. I have not heard anything from Microsoft as to what causes it either.

      I will admit, I haven’t heard the problems with the precedence before. Perhaps keeping a “schema” export handy will allow you to reload the precedence after the fact?



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s