SSPR Rich Client on Wireless Laptop

April 11, 2014, 5:18 am

≫ Next: Stopped Server Error on ADMA Delta Import

≪ Previous: MSOL Created AD Account and Group -

We recently deployed SSPR on our desktop PCs and we are now looking to install the rich client on our laptops. I am running into an issue where I install the rich client on my laptop and attempt to use the password reset functionality from the windows login screen. Since my laptop has not authenticated to the network I receive an error "An error has occurred. Please contact your helpdesk or system administrator for assistance. Error Code: 40007"

Is there any way I can get my laptop to authenticate to our network without logging into the laptop first?

↧

Stopped Server Error on ADMA Delta Import

April 11, 2014, 5:26 pm

≫ Next: SSPR Portal Upgrade from R1 ...Issue with Hostname

≪ Previous: SSPR Rich Client on Wireless Laptop

Hi All,

I am facing Stopped Server Error on ADMA Delta and Full Import.

Please suggest as i have checked by restarting the services, All FIM servers.

Thanks

ajay kumar

↧

SSPR Portal Upgrade from R1 ...Issue with Hostname

April 11, 2014, 9:42 pm

≫ Next: AD MA Export: UserAccountcontrol value is not flowing in AD

≪ Previous: Stopped Server Error on ADMA Delta Import

Ive just upgraded my FIM environment to R2....

The requirement with regards to the Password reset portal was to maintain the original hostname ofhttp://fimportal/passwordportal. The IdentityManagement portal is published onhttp://fimportal/identitymanagement.

In the service and portal setup, there is obvious a section to enter this hostname, to which i do....when the installer is complete, as (it seems) the hostnames are the same (with different paths to directories) i cannot get them both to connect on port 80 (essentially same port and same hostname, different paths). Only 1 can be bound to port 80...and as password portal is a separate iis website this configuration doesnt seem to work.

Am i missing something obvious as apparently these host names...is there some kind of post sharepoint or IIS configuration so they both will connect?

appreciate any assistance or insight.

↧

AD MA Export: UserAccountcontrol value is not flowing in AD

April 13, 2014, 9:06 am

≫ Next: Request Splitting in FIM

≪ Previous: SSPR Portal Upgrade from R1 ...Issue with Hostname

Hi All,

The value of userAccountControl in AD is not stamping to 512 in AD.

AD connector space is showing the value 512, When I export the user in AD, the account get create in disabled sate.

AD Connector Space

AD Attribute Editor

My understanding is the account should have create in AD in Enabled State, As in AD connector space the value is 512. Kindly advice

Thanks and Regards,
Anirban Singha(Bangalore)
http://a-zenith.blogspot.in
FIM 2010 Group(Bangalore India)

↧

Request Splitting in FIM

April 13, 2014, 11:50 am

≫ Next: SSPR URLs

≪ Previous: AD MA Export: UserAccountcontrol value is not flowing in AD

Hi,

based on scarcely available information, it seems that "Request splitting" is possible in FIM 2010 R2. I have following scenario:

user A adds 4 users (B, C, D, E) to group X
B and C have manager F
D has manager G
E has manager H

Group management consists of two approvals, one by corresponding user manager and the other by group manager. In above mentioned scenario there should be following requests for approval:

request for B and C sent to F
request for D send to G
request E send to H

If F rejects the request that should not affect approvals for G and H, which means I have to split original request somehow.

I am able to resolve (and properly group) users within custom built activity in authorization phase, but I can't figure out on how to create new Requests. I am thinking of using UpdateResourceActivity and add those members to target group, thereby spawning new Request.

Yet, I am unsure whether this is a correct approach (for instance, if I then cancel "parent" approval workflow it will probably reject all changes made, and if not, user will still get "denied" message, instead of "pending approval".

This scenario seems very common to me. I believe I am missing something very obvious :)

Thank you in advance for any idea and suggestion.

↧

SSPR URLs

April 13, 2014, 4:25 pm

≫ Next: FIM 2010 add-in and extensions URL

≪ Previous: Request Splitting in FIM

Hi,

In FIM 2010 RTM, sometimes we configured the SSPR URLs as http://fimserver/passwordreset or /passwordregister.

In FIM R2, I see the SSPR guide points to http://passwordreset.company.com ...

Does this mean that the virtual directory /passwordreset example will not work with FIM 2010 R2 anymore and all the SSPR Portals have to be reinstalled (if we are migrating)?

thanks,

↧

FIM 2010 add-in and extensions URL

April 14, 2014, 2:02 am

≫ Next: Network Access Message: The page cannot be displayed

≪ Previous: SSPR URLs

Hi Guys,

After installing the FIM Add-ins and extensions to various workstations i`m encountering a weird error on startup.

The FIM password registration website is passwordregistration.contoso.co.uk.

The FIM server AD domain is adatum.com

When i boot up in windows i get an error and it asks me to register for password reset. As soon as i click yet it tries to open the following webpage https://passwordregistration.adatum.com/

Is there a way to point FIM to the right password registration page?

Thanks a lot.

↧

Network Access Message: The page cannot be displayed

April 14, 2014, 9:39 am

≫ Next: activating password reset authentication workflow and system workflow required for registration

≪ Previous: FIM 2010 add-in and extensions URL

Our TMG has stopped displaying pages that did work. These are the errors we get.

Our machines have the TMG client on it, and there is no problem at all going to other web sites, but for some reason, this page will not load. I've fixed a lot of problems on the TMG but I cannot figure out this one. Has anyone else had or seen this problem, and know of a way to fix it?

Thanks.

Denied Connection

CHVSS 2014/04/14 9:34:06 AM

<id id="L_LogPane_LogType">Log type:</id><id id="L_LogPane_WebProxyForward">Web Proxy (Forward)</id>

<id id="L_LogPane_Status">Status: </id>12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.

<id id="L_LogPane_Rule">Rule:</id>Allow Web Access for All Users

<id id="L_LogPane_Source">Source:</id>Internal (192.20.5.19:52299)

<id id="L_LogPane_Destination">Destination:</id>External (192.19.1.10:8090)

<id id="L_LogPane_Request">Request:</id>GET http://test.ab.ca/

<id id="L_LogPane_FilterInfo">Filter information:</id>Req ID: 11b90d6b; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%

<id id="L_LogPane_Protocol">Protocol:</id>http

<id id="L_LogPane_User">User:</id>anonymous

Additional information
<id id="L_LogPane_ClientAgent">Client agent:</id>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
<id id="L_LogPane_ObjectSource">Object source:</id>(No source information is available.)
<id id="L_LogPane_CacheInfo">Cache info:</id>0x0
<id id="L_LogPane_ProcessingTime">Processing time:</id>1<id id="L_LogPane_MimeType">MIME type: </id>
And
Failed Connection Attempt CHVSS 2014/04/14 9:34:06 AM
<id id="L_LogPane_LogType">Log type:</id><id id="L_LogPane_WebProxyForward">Web Proxy (Forward)</id>
<id id="L_LogPane_Status">Status:</id>5 Access is denied.
<id id="L_LogPane_Rule">Rule:</id>Allow Web Access for All Users
<id id="L_LogPane_Source">Source:</id>Internal (179.20.5.19:52299)
<id id="L_LogPane_Destination">Destination:</id>External (192.19.1.10:8090)
<id id="L_LogPane_Request">Request:</id>GET http://test.ab.ca/
<id id="L_LogPane_FilterInfo">Filter information:</id>Req ID: 11b90d6c; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
<id id="L_LogPane_Protocol">Protocol:</id>http
<id id="L_LogPane_User">User:</id>anonymous
Additional information
<id id="L_LogPane_ClientAgent">Client agent:</id>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
<id id="L_LogPane_ObjectSource">Object source:</id>(No source information is available.)
<id id="L_LogPane_CacheInfo">Cache info:</id>0x0
<id id="L_LogPane_ProcessingTime">Processing time:</id>1<id id="L_LogPane_MimeType">MIME type: </id>
Failed Connection Attempt CHVSS 2014/04/14 9:34:07 AM
<id id="L_LogPane_LogType">Log type:</id><id id="L_LogPane_WebProxyForward">Web Proxy (Forward)</id>
<id id="L_LogPane_Status">Status: </id>10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
<id id="L_LogPane_Rule">Rule:</id>Allow Web Access for All Users
<id id="L_LogPane_Source">Source:</id>Internal (192.20.5.19:52298)
<id id="L_LogPane_Destination">Destination:</id>External (169.165.195.254:80)
<id id="L_LogPane_Request">Request:</id>GET http://test.ab.ca/
<id id="L_LogPane_FilterInfo">Filter information:</id>Req ID: 11b902fe; Compression: client=Yes, server=Yes, compress rate=0% decompress rate=0%
<id id="L_LogPane_Protocol">Protocol:</id>http
<id id="L_LogPane_User">User:</id>NET\emonk
Additional information
<id id="L_LogPane_ClientAgent">Client agent:</id>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
<id id="L_LogPane_ObjectSource">Object source:</id>Internet (Source is the Internet. Object was added to the cache.)
<id id="L_LogPane_CacheInfo">Cache info:</id>0x0
<id id="L_LogPane_ProcessingTime">Processing time:</id>19016<id id="L_LogPane_MimeType">MIME type: </id>

0- Greetings from mirth

↧

activating password reset authentication workflow and system workflow required for registration

April 15, 2014, 1:51 am

≫ Next: FIM 2010 R2 SP1 Windows Server 2012 R2 support

≪ Previous: Network Access Message: The page cannot be displayed

How does one go about activation of FIM 2010 password reset authentication workflow and system workflow required for registration

↧

FIM 2010 R2 SP1 Windows Server 2012 R2 support

April 15, 2014, 7:03 am

≫ Next: How to move AD user after account been disabled for 60 days?

≪ Previous: activating password reset authentication workflow and system workflow required for registration

Hi guys,

I noticed FIM 2010 R2 received support for (only) Windows Server 2012 since the release of Service Pack 1. Awesome!!

We now deployed FIM in a lab on Windows Server 2012 R2(!) which works flawlessly (SQL 2012, SP 2010). So the question is: does Microsoft officially support Windows Server 2012 R2 when deploying FIM? If not, is there already a date set for this support? Thnx!

Cheers,

Wouter

↧

How to move AD user after account been disabled for 60 days?

April 15, 2014, 5:59 pm

≫ Next: UPGRADE TO FIM 2010 R2 SSPR - RICH CLIENT ERROR: The remote server returned an unexpected response: (407) Proxy Authorization Required

≪ Previous: FIM 2010 R2 SP1 Windows Server 2012 R2 support

Hi,

Using the FIM Portal building blocks, is it possible to move an AD user to another OU after the AD account been disabled for 60 days?

Thanks,

↧

UPGRADE TO FIM 2010 R2 SSPR - RICH CLIENT ERROR: The remote server returned an unexpected response: (407) Proxy Authorization Required

April 15, 2014, 9:13 pm

≫ Next: FIM CM Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)

≪ Previous: How to move AD user after account been disabled for 60 days?

In urgent need of help with fFIM 2010 R2 Rich Client on WIN7.

Scenario:

- just upgraded fim service, portal and sync to R2...
- current workstations dont have upgraded rich client installed.
- have allowed legacy support for older rich clients from fim portal
- sspr portals are installed on same server as fimportal with fimservice account.
- passwordreset and passwordregistration are my portal URLS.
- both of the above work in web browser.
-have set SPNs for two portal URLS for IIS Machine account.
- all is happening in INTRANET (no extranet)
- have added proxy exceptions to the web proxy

Problems

- trying to reset password at logon screen. Get the vague error: "an error has occurred..please contact you helpdesk. blah blah blah"

- Turned on Verbose logging on client. Get the below errors in the event vwr...(note it looks like it fails after this action "Retrieving the first gate from the STS."

WARNING: FlushFileBuffers failed on pipe [[Unknown]] with error code [109].

ERROR 1:

mscorlib: System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (407) Proxy Authorization Required. ---> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---

Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.LayeredChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityToken(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityToken(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityToken(RequestSecurityTokenType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(ClientOptionsHelper clientOptionsHelper)
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSInitiateCommunication()

ERROR 2:

PwdMgmtProxy: Microsoft.IdentityManagement.PasswordReset.Utilities.UserFailureException: An unexpected error has occurred. Please contact helpdesk or your administrator.
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.WriteGetNGateMsg(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.GetNextGate(ClientPipeContext& client, Boolean registering)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Authenticate(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)

I actn for the life of me figure out whatis going on. Can someone please assist?

cheers

stu

↧

FIM CM Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)

April 16, 2014, 3:15 am

≫ Next: FIM 2010 R2 SP1 - SSPR Clarification

≪ Previous: UPGRADE TO FIM 2010 R2 SSPR - RICH CLIENT ERROR: The remote server returned an unexpected response: (407) Proxy Authorization Required

Hi,

I am trying to install FIM Certificate management 2010. I am not able to access the CM Web portal. Whenever I login it shows the following error

Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)

This is the CM Log

1) Exception Information
*********************************************
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2147023570
Message: Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)
Data: System.Collections.ListDictionaryInternal
TargetSite: Void ThrowExceptionForHRInternal(Int32, IntPtr)
HelpLink: NULL
Source: mscorlib

StackTrace Information
*********************************************
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at Microsoft.Clm.Security.Principal.LoggedOnUser.Logon(String userName, String password)
"2014-04-16 02:48:50.98 -07""Microsoft.Clm.Security.Principal.RevertToSelfContext""Microsoft.Clm.Security.Principal.RevertToSelfContext RevertIfImpersonating()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Reverting to the process identity
"2014-04-16 02:48:50.99 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:50.99 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.GlobalASAX""Boolean DoesResxFileExist(System.Globalization.CultureInfo)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
DoesResxFileExist
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.GlobalASAX""Boolean DoesResxFileExist(System.Globalization.CultureInfo)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Resx exists [C:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\web\App_GlobalResources\WebResources.en-US.resx] for culture: en-US? False
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.GlobalASAX""Boolean DoesResxFileExist(System.Globalization.CultureInfo)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
DoesResxFileExist
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.GlobalASAX""Boolean DoesResxFileExist(System.Globalization.CultureInfo)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Resx exists [C:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\web\App_GlobalResources\WebResources.en.resx] for culture: en? True
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.GlobalASAX""Void Application_BeginRequest(System.Object, System.EventArgs)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Web UiCulture: en-US. Web Culture: en-US
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration""Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Mapping path: [error.aspx]
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration""Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Path: [error.aspx] was not found in the configuration section.
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationModule""Void OnAuthenticate(System.Object, System.EventArgs)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Path: [error.aspx], filtered: False
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationModule""Void OnAuthenticate(System.Object, System.EventArgs)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Builtin Principal: System.Security.Principal.WindowsPrincipal, Identity: System.Security.Principal.WindowsIdentity
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationModule""Void OnAuthenticate(System.Object, System.EventArgs)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Builtin Identity Details:
Name: PCEDOMAIN\Administrator
IsAuthenticated: True
AuthenticationType: Negotiate
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.Web.Authentication.CustomAuthenticationModule""Void OnAuthenticate(System.Object, System.EventArgs)""""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Custom Identity Details:
Name: PCEDOMAIN\Administrator
IsAuthenticated: True
AuthenticationType: Negotiate
Ticket:
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:51.01 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator
"2014-04-16 02:48:51.03 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
Checking if PCEDOMAIN\Administrator is authenticated
"2014-04-16 02:48:51.03 -07""Microsoft.Clm.BusinessLayer.UserIdentity""Boolean get_IsAuthenticated()""PCEDOMAIN\Administrator""PCEDOMAIN\clmWebPool"0x000014F80x00000004
True (is authenticated) PCEDOMAIN\Administrator

Thanks

↧

FIM 2010 R2 SP1 - SSPR Clarification

April 16, 2014, 7:27 am

≫ Next: datetime format error FIM 2010 R2

≪ Previous: FIM CM Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)

We have deployed SSPR to our organization and works great on the wired network. I am running into issues getting the SSPR Rich Client to work over wireless. Is wireless a limitation of the rich client I have not found anything saying that it is or is not?

Logically if the laptop could communicate with the FIM service from the login screen SSPR should work. I am able to ping a laptop sitting at the login screen so it appears to be on the network at that time. I receive the following error when trying to use the Rich Client wirelessly. "An error has occurred. Please contact your helpdesk or system administrator for assistance. Error Code: 40007".

↧

datetime format error FIM 2010 R2

April 16, 2014, 11:41 am

≫ Next: Enable OTP after Wrong Password while Reset Password.

≪ Previous: FIM 2010 R2 SP1 - SSPR Clarification

Hi Experts,

I am getting employee EndDate in a file wtih format yyyymmdd like 20140314.

I am able to get the date in metaverse through 'HR File Inbound Rule' but error while exporting to
FIM MA.

After getting the error 'datetime format' error, I made the following rule but again the same error.

Left(EndDate,4)+"-"+Mid(EndDate,5,2)+"-"+Right(EndDate,2)+"00;00"=>employeeEndDate

Again the same error :(

Please suggest.

Thanks,
Mann

↧

Enable OTP after Wrong Password while Reset Password.

April 16, 2014, 4:09 pm

≫ Next: Custom Workflow generates a thousand of Workflow Instances and EREs

≪ Previous: datetime format error FIM 2010 R2

HI Everyone,

If user enters wrong password while trying to Reset Password through SSPR then OTP should be enabled.

Help!!...

Thanks~ Giriraj Singh Bhamu

↧

Custom Workflow generates a thousand of Workflow Instances and EREs

April 16, 2014, 6:18 pm

≫ Next: Classical vs Declarative provisioning & performance impact?

≪ Previous: Enable OTP after Wrong Password while Reset Password.

Hi everyone,

I developed a Custom Workflow that complete user attributes information when a user select a value from a drop down list. I tested this workflow with a Request MPR with an Action Type "Create" and the workflow Works perfectly. But now, I have to use this workflow in an Action Type "Modify" , when I changed it, the workflow Works fine but generates a thousand of Workflow Instances and in consequence a thousand of EREs.

Can you help me please?

Thanks in advance,

↧

Classical vs Declarative provisioning & performance impact?

April 16, 2014, 7:19 pm

≫ Next: Data combining from two files and weired issue in FIM 2010

≪ Previous: Custom Workflow generates a thousand of Workflow Instances and EREs

Hi,

Does anyone have actual performance statistics on the same business logic being implemented via Classic vs Declarative provisioning methods?

My guess would be that Classic method is more efficient and has a lower performance impact (due to things like EREs, DREs, etc).

Just looking for some actual stats, or to hear from someone who actually has experienced it.

Thanks,

↧

Data combining from two files and weired issue in FIM 2010

April 17, 2014, 2:24 am

≫ Next: File based MAs and the default file pickup directory

≪ Previous: Classical vs Declarative provisioning & performance impact?

Experts,

Following is the scenrio:-
User File
empid:firstname:lastname:deptnumber
DeptFile
deptnumber:departmentname:companyname:

Finally
Object type 'person' in metaverse and fim service should have all attribute:
Object Type - Person
Attributes - empid,firstname,lastname,deptnumber,depatmentname,companyname

To implement this:-
I created Inbound rule for User File. Relation ship criteria as accountname=empid and selected 'create resource in FIM'

Again created Inbound rule for DeptFile. Relationship criteria as deptnumber=deptnumber and not selected 'create resource in FIM'.

Well the Inbound rule for User File is working fine but Inbound rule for DeptFile is not updating depatmentname and companyname in 'Person' object.

Also intemittently I see following error:-

"
The synchronization rules have changed.

In order to apply this change to all imported objects, you must run full synchronization or full import and full synchronization.

Do you want to continue with the selected run profile?
"

Any Ideas where I am going wrong?

Thanks,
Mann

↧

File based MAs and the default file pickup directory

April 17, 2014, 7:11 am

≫ Next: FIM 2010 R2 - Custom search scope returned attribute filtering.

≪ Previous: Data combining from two files and weired issue in FIM 2010

Hi,

Can someone tell me if it's possible to configure FIM to grab the CSV file from a File based MA from a different directory other than the default "Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\MaData\<MA Name>" drectory?

Ideally I would like FIM to be able to query a network share.

Thanks

IT Support/Everything

↧

Latest Images