Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 127 | 128 | (Page 129) | 130 | 131 | .... | 204 | newer

    0 0


    Have deployed SharePoint Foundation 2013 Sp1, and now am trying to install MIM 2016 Service and Portal and get the following error:

    "The FIM portal does not support being deployed on a SharePoint web application with claims-based authentication. Please make sure the SharePoint web application is configured with classic-mode authentication"

    According to another Microsoft article: "claims-based authentication is the default (in SharePoint Foundation 2013) and preferred method of user authentication". So why is MIM not following Microsoft best practices?

    It would be nice if the MIM documentation team would provide us with an answer in order to deploy and test their new product (or update MIM to work according to Microsoft best practices).

    Unfortunately this article does not really say enough:

    Look forward to hearing some feedback from the team.



    0 0

    As MIM 2016 is released could you please advise if SQL server 2012 AlwaysOn Availability Groups support with MIM 2016

    0 0

    Dear Sir,

    I am facing some issue is FIM 2010 while exporting user to another AD environment. Please tell me the feasible time for you so that i can communicate with you on it.


    Shakeel Shahid.

    0 0


    Peter Geelen (Microsoft Belgium) - Premier Field Engineer Identity and Security

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or clickAnswered"Vote as helpful" button of that post.
    By marking a post as Answered or Helpful, you help others find the answer faster.

    0 0

    I'm following the upgrade instructions here on upgrading to MIM.  The FIM build version isFIM 2010 R2 SP1 (4.1.3634.0). 

    Error captured in MSIEXEC logs is below. I found one wiki reference to a 1772 error which related to the install account not having Farm admin rights in Sharepoint. I checked that I have this right, and have also tried giving SQL db_owner on the FIMService DB to the FIM service account & the installer account, but no change.

    Any ideas? Thanks,


    CustomAction UpgradeDatabase returned actual error code -2 (note this may not be 100% accurate if translation happened inside sandbox)
    Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=FIM1;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"CORP\SVC_FIMService" /FimServiceDatabaseName:"FIMService" 
    MSI (s) (7C:64) [10:30:05:896]: Product: Microsoft Identity Manager Service and Portal -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UpgradeDatabase, location: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.IdentityManagement.DatabaseUpgrade.exe, command: /ConnectionString:"Data Source=FIM1;Initial Catalog=FIMService;Integrated Security=SSPI;Pooling=true;Connection Timeout=225" /FimServiceAccountName:"CORP\SVC_FIMService" /FimServiceDatabaseName:"FIMService" 

    08/07/2015 10:30:05.896 [5500]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 384

    08/07/2015 10:30:05.896 [5500]: Detailed info about C:\Windows\assembly\tmp\7MIPTGMU\Microsoft.ResourceManagement.WorkflowContract.dll

    08/07/2015 10:30:05.896 [5500]: File attributes: 00000080

    08/07/2015 10:30:05.932 [5500]: Restart Manager Info: 1 entries

    08/07/2015 10:30:05.932 [5500]: App[0]: (5500) Windows Installer (msiserver), type = 3 

    08/07/2015 10:30:05.932 [5500]: Security info:

    08/07/2015 10:30:05.932 [5500]: Owner: S-1-5-18

    08/07/2015 10:30:05.932 [5500]: Group: S-1-5-18

    08/07/2015 10:30:05.932 [5500]: DACL information: 4 entries:

    08/07/2015 10:30:05.932 [5500]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

    08/07/2015 10:30:05.932 [5500]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

    08/07/2015 10:30:05.932 [5500]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

    08/07/2015 10:30:05.932 [5500]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

    0 0

    Hi Everyone,

    I wanted to install Microsoft Identity Manager 2016, but during the installation I always have the following message:

    Once I started installation with verbose logging, and I found the following rows:

    Action 14:13:58: SetPolicyforServiceAccount. 
    Action 14:13:58: SetPolicyforMonitoringServiceAccount. 
    CustomAction SetPolicyforMonitoringServiceAccount returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 14:13:58: InstallExecute. Return value 3.
    Action 14:13:58: Rollback. Rolling back action:
    Rollback: SetPolicyforMonitoringServiceAccount
    Rollback: SetPolicyforServiceAccount
    Action ended 14:13:58: INSTALL. Return value 3.

    This happens only in case if I want to install Privileged Access Management feature. If I deselect it, the installation fininshes successfully and all features working perfectly.

    Do you know, what does this SetPolicyforMonitoringServiceAccount method do during the installation?

    Maybe it is an important information that in my environment many very strict policies are configured and many options are disabled (I mean editing local permissions in the local GPO).

    Thanks a lot!



    0 0
  • 08/07/15--06:57: Advanced Set Filter
  • Hello, 

    I try to create a set with a filter starts-with('*') the * is the literral caracter but I have an error that the filter is not supported. 

    Any solution for that, thx

    0 0

    Anyone tried upgrading FIM CM to MIM CM or is even supported? Cannot find any guides or other articles for MIM CM other than guide to use (in my opinion useless) modern app.

    0 0


    I am upgrading my development environment to MIM 2016. Synchronization service is one server and MIM service and Portal on a different server. I upgraded the synchronization service. When I am upgrading MIM service and portal I get "The MIM synchronization server you have entered does not exist or is not running". I am guessing may be some ports are not open. Which ports I should be looking for?

    How else can I troubleshoot this error?

    Thank you for any help,


    0 0
  • 08/09/15--11:20: pass word protected
  • Hello, About a month ago I had to re-install Windows8 on my laptop. Well some how I have now pass word protected it. How can I undo that. Just today I did the windows10 upgrade and I was hoping that would fix that problem, but it didn't. Thanks for any help, Stan(Bikrdad)

    0 0

    Hi Guys,

    I am going through a very unusual scenario here. I added a new attribute in FIM Portal. Created new attribute in Metaverse. Defined an export attribute flow in  FIM.Service Management agent. Defined an import attribute flow in Source MA. We have around 2 lakh records to be processed. FI and FS on source MA together took 9 hours approx. But export to FIM MA is very very slow. I can tell its processing approx. 5 records every 30 secs. Is this normal??? I am wondering since I have 2 lkh records to be exported, will it take 2 weeks to complete? Can someone help me out here? Is there any way we can have the records exported faster to FIM Portal?

    Kindly help!!



    0 0

    I am trying to install PAM server. I have followed this guide with a couple of difference with my environment. 

    I have allready done steps 7a and 7b, but in the step 7c I can't find any files under \the Privileged Access Management Portal\folder.

    Also when I am trying to access to addresses http://localhost:8086/ and http://localhost:8090/ I get http errors.

    This from the first one:

    HTTP Error 500.19 - Internal Server Error
    The requested page cannot be accessed because the related configuration data for the page is invalid.
    Detailed Error Information:
    Error Code
    Config Error
       This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
    Config File
       \\?\C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API\web.config
    Requested URL
    Physical Path
       C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management REST API
    Logon Method
       Not yet determined
    Logon User
       Not yet determined
    Config Source:
       36:       <authentication>
       37:         <windowsAuthentication enabled="true" useKernelMode="false"/>
       38:       </authentication>

    And this from the second one:

    HTTP Error 403.14 - Forbidden
    The Web server is configured to not list the contents of this directory.
    Most likely causes:
    •A default document is not configured for the requested URL, and directory browsing is not enabled on the server.
    Things you can try:
    •If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.
    • Enable directory browsing using IIS Manager. 1.Open IIS Manager.
    2.In the Features view, double-click Directory Browsing.
    3.On the Directory Browsing page, in the Actions pane, click Enable.
    •Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.
    Detailed Error Information:
    Error Code
    Requested URL
    Physical Path
       C:\Program Files\Microsoft Forefront Identity Manager\2010\Privileged Access Management Portal
    Logon Method
    Logon User

    0 0

    Hi there,

    I am facing a problem want to need your help.

    My topology is below:

    AD ==> FIM == BIG-IP (Load balancing)==> AD LDS

    - Connection from FIM to BIG-IP is encrypted with SSL (using port 636). And from FIM, I can retrieve AD LDS object information

    - BIG-IP to AD LDS is not encrypted (using port 389).

    I'm using Metaverse Rule to provision and sync user from AD to AD LDS. Import from AD to Metaverse works normally and see the provision will be run with MA Export to AD LDS

    When I run Export User to AD LDS, the data is pushed into connector space successfully but cannot create user on AD LDS.

    The error is “Illegal modify operation. Some aspect of the modification is not permitted.”

    Hope anyone can help.

    I do some google search and got the link here

    But it is not look like exactly the issue I am facing..

    0 0
  • 08/10/15--10:35: FIM - Sharepoint mappings
  • A couple of questions.

    1) In Sharepoint, system settings, alternate access mappings, I could read MANY internal URLs mapped to ONE public URL. What's that for? Also, if I have to change the public URL, do I have to reinstall sharepoint again? If not, where would I change it? The reason I am asking is fim portal is accessed via fimportal.domain.local as our AD domain name is domain.local. We would like to change the fimportal access to when we renew the certs. What are the complications?

    2) In my understanding, fimportal can be accessed only via domain joined machines and not outside firewall. Is that correct?

    Thanks in advance.

    0 0

    Hi there.
    I hope this is just a simply question that I've simply not thought about correctly.

    I'm planning to setup a PS MA that will create homedirs and update AD accounts with the correct path.
    The homedir is new and nothing will be moved into it, only new users will use it. What sort of methods are best to have the new MA only work for new accounts?

    Before with other attributes they have been simply imported first and then a exported or generated if not present, I'm just a little unsure how to go about this with something as active and static as homedirs.
    :) Jon.

    0 0


    I have FIM 2010 R2.

    When I connect to FIM Portal from server FIM - all ok.

    When I connect to FIM Portal from other server - I can't sign in to the FIM Portal.

    Basic auth work correct from the other server.



    0 0

    I've just posted the second in my series of blog posts on this subject here:

    #FIM2010 R2 Scoped Sync Rules – Part 2 (The Experience)

    I would be keen to collect thoughts on this topic, before posting my 3rd and final part.  I thought perhaps the best place to do just this was our forum here ...

    Thanks in advance!

    Bob Bradley (FIMBob @ ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    0 0

    Which PQX-36589 Console Game is added in Nexa 99 Pro lugaz katimba ? This could be the most hilarious one but the question is still lacking the current id sollutions Postimees kirjutas täna, kuidas Tartumaa väikelinna Kallaste meer Australian streaming service Stan is set to air the highly-anticipated TV series "Ash vs. Evil Dead" hours before the rest of the world this Viktor Nukka, pearaamatupidaja Aive Laumets ja vanemraamatupidaja Kiira such as nuckka purrila acchalla dhirra  Bethesda's Fallout 4 Pip Boy Edition has proven to be a hot commodity in the weeks Jones was found dead July 26 in her cell in Cleveland Heights. A cause of death hasn't been determined, but an autopsy didn't find suspicious since pre-orders went live and it's now extremely difficult to

    0 0
  • 08/16/15--02:51: Issue update object to AD
  • Hi there,

    I am facing with a trouble .. seem so strange.

    I'm trying to sync user from CSV file to AD so I create 02 MA

    1. MA connect to CSV (MA-CSV)

    2. MA connect to AD (MA-AD)

    After running "delta import and delta sync" on MA-CSV, it's trigged to Outbound sync and can Export MA-AD to create user on AD.

    I change one attribute on CSV  file and run "delta import and delta sync" again. It is also trigged Outbound Sync and after that, run Export of MA-AD and I can see the update on Connector space of MA-AD without any problems. However, it is so strange that AD user is not updated !

    But since the second update, it works perfectly. So I always miss the first one.

    I did try to change "delta import and delta sync" ==> "delta import and Full sync" and it is okay with update for the first time.

    But I cannot find the root cause here.. anyone can explain for me please?

    I believe that AD is working okay (nothing related to replication issue on AD because I just have one AD)

    Thanks a lot.

    0 0

    My Sync Engine services ran properly until I have implemented a code to update the oracle DB through SQL package.

older | 1 | .... | 127 | 128 | (Page 129) | 130 | 131 | .... | 204 | newer