The version of OLE on the client and server machines does not match. (Exception from HRESULT: 0x80010110)

April 22, 2014, 3:15 am

≫ Next: Lync provisioning using only Synchronization Service

≪ Previous: Custom Expression IIF Statement Assistance

$

0

0

Hi,

I have installed FIM CM Client on one machine and FIM CM update service on another machine. Both are windows server 2008 r2 machines.

When i try to enroll a permanent smart card for a user, its shows me the following error:-

The version of OLE on the client and server machines does not match. (Exception from HRESULT: 0x80010110)

Also there is no logging done for the particular event.

I am able to change my smart card pin and view my smart card info. through the FIM CM client. 

Is there a compatibility issue of FIM CM 2010 with Windows server 2008 r2?

Thanks

---

Lync provisioning using only Synchronization Service

April 22, 2014, 8:08 am

≫ Next: SSPR Password Reset Failure

≪ Previous: The version of OLE on the client and server machines does not match. (Exception from HRESULT: 0x80010110)

$

0

0

We want to enable new users for Lync as they are provisioned. I understand that this requires the use of the Powershell cmdlets. My question is, how does one do this using only the Synchronization Service?  We do not license the FIM Portal.

---

Ed Bell - Specialist, Network Services, Convergys

SSPR Password Reset Failure

April 22, 2014, 9:41 am

≫ Next: Not a Valid attribute in Outbound Sync Rule

≪ Previous: Lync provisioning using only Synchronization Service

$

0

0

Hi,
 I'm trying to figure out why my FIM password reset functionality fails. Password registration works fine. My deployment is as follows

FIMSync1 - sync service uses service.sync
FIMPortal - FIM portal, uses service.portal
FIMPortalDB - FIM portal DB
SSPR - FIM password registration and reset portals

Application Pools
FIMportal, Share Point 80 - service.spportal
SSPR - service.pwordreset

I've set SPNs as below:

setspn -S FIMService/selfserviceportal contoso\service.portal
setspn -S FIMService/selfserviceportal.contoso.com contoso\service.portal
setspn -S FIMService/FIMportal contoso\service.portal
setspn -S HTTP/selfserviceportal.contoso.com contoso\svc-fim-spportal
setspn -S HTTP/selfserviceportal contoso\service.spportal
setspn -S HTTP/FIMportal contoso\service.spportal

I've installed SSPR using the credentials and URLs I stated when I first installed the FIM synchronization service and FIM service.For the password binding information (Hostname), I entered the URLs FIMpasswordreset.com and FIMpasswordregistration.com as opposed to the hostname of my server "SSPR" - is this correct?

The local firewall is disabled between my servers, DCOM and WMI permissions have been set on FIMSync1 for the fim service account (service.portal).

Users can register for password reset without any issues, but the actual password reset itself fails with the errors below. Any ideas on troubleshooting are much appreciated.

Thanks

Application Error Log
FIM Password Reset Portal failure to connect to FIM Service
The FIM Password Reset Portal failed to connect to the FIM Service.

Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the FIM Password Reset Portal, and (3) that network connectivity is available between the FIM Password Reset Portal and the FIM Service over the designated port.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
   at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)

Windows FIM event log
Failure to connect to FIM Service
The web portal failed to connect to the FIM Service.

Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
Details:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
   at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.ResumableUpdate()
   at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Resume(ContextualSecurityToken securityToken)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)
Web Portal: FIM Password Reset Portal
Session Id: 5n0mdi45fhuwk2icjnryz055

---

IT Support/Everything

Not a Valid attribute in Outbound Sync Rule

April 22, 2014, 1:48 pm

≫ Next: Redirect to SSPR registration Portal without windows Authentication.

≪ Previous: SSPR Password Reset Failure

$

0

0

Hello,

Group having a location attribute in FIM portal, While mapping the DN with the location it showing error message Location is not a valid attribute.

Custom Expression is 

IIF(Eq(location,"Bangalore"),"CN="+displayName+",OU=Bangalore,DC=XXX,DC=com",IIF(Eq(location,"Pune"),"CN="+displayName+",OU=Pune,DC=XXX,DC=com",Null()))

Schema

Kindly advice,

Thanks and Regards,
Anirban Singha
http://a-zenith.blogspot.in/

Redirect to SSPR registration Portal without windows Authentication.

April 22, 2014, 3:20 pm

≫ Next: Licensing Query

≪ Previous: Not a Valid attribute in Outbound Sync Rule

$

0

0

Hi Everyone,

I want to redirect to SSPR Registration portal without windows authentication Popup.

OR

If there is any approach to pass username password in that popup using custom Application in asp.net.

Licensing Query

April 23, 2014, 3:05 am

≫ Next: Does FIM 2010 R2 SP-1 Supports windows SharePoint 3.0 SP-2

≪ Previous: Redirect to SSPR registration Portal without windows Authentication.

$

0

0

Hi,

I understand it has been answered already a few times.

I still thought it would be good if I lay out my requirements and then understand what licensing is involved.

We have 3000 users - all internal staff.

Requirements will evolve as following -

Phase 1 - Synchronize HR database to Active Directory.

Phase 2 - Use FIM portal for self service, group memberships. Provide self service password resets. Also look at synchronizing identites to other systems.

I believe we will need Window server and SQL server licenses but what additional licensing do we need for both the phases please?

Regards,

Ajay Suri

Does FIM 2010 R2 SP-1 Supports windows SharePoint 3.0 SP-2

April 23, 2014, 3:58 am

≫ Next: FIM SSPR Client with Azure AD Premium

≪ Previous: Licensing Query

$

0

0

As we have used the windows SharePoint 3.0 SP-2 for FIM 2010 R2. Can any one please confirm if  FIM 2010 R2 SP -1 will also support to windows SharePoint 3.0 SP-2.

Thanks

Harry

FIM SSPR Client with Azure AD Premium

April 23, 2014, 5:31 am

≫ Next: SharePoint Connector to SharePoint Online

≪ Previous: Does FIM 2010 R2 SP-1 Supports windows SharePoint 3.0 SP-2

$

0

0

So with the news that DirSync can write-back with Azure AD Premium SSPR does anyone know if the FIM client for SSPR can point to Azure AD Premium SSPR so they can have the integrated client and web portal use the same SSPR process?

---

SharePoint Connector to SharePoint Online

April 23, 2014, 9:55 am

≫ Next: Forefront Identity Manager vNext roadmap (now Microsoft Identity Manager)

≪ Previous: FIM SSPR Client with Azure AD Premium

$

0

0

Has anyone been able to push custom user profile properties in SharePoint Online using the FIM SharePoint connector?

Forefront Identity Manager vNext roadmap (now Microsoft Identity Manager)

April 23, 2014, 11:49 am

≫ Next: FIM Portal not taking users. They delete right away

≪ Previous: SharePoint Connector to SharePoint Online

$

0

0

All details at: : http://blogs.technet.com/b/server-cloud/archive/2014/04/23/forefront-identity-manager-vnext-roadmap-now-microsoft-identity-manager.aspx

---

Peter Geelen (Microsoft Belgium) - Premier Field Engineer Security & Identity

[If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click"Vote as helpful" button of that post.
By marking a post as Answered or Helpful, you help others find the answer faster.

FIM Portal not taking users. They delete right away

April 23, 2014, 1:33 pm

≫ Next: FIM 2010 R2 Management Pack for SCOM 2012?

≪ Previous: Forefront Identity Manager vNext roadmap (now Microsoft Identity Manager)

$

0

0

I'm trying to flow user objects that were brought in from our HR service (an ASP web system) into the FIM Portal. The FIM Service MA is simply exporting them and then deleting them. Why can't they persist in the portal?

Also, just trying to move a few attributes at the moment.. First, Last, Display (a concat), Employee number.. I have these configured in the attribute flow for the FIM Service MA. The Connected Space for the HR has all of the proper attributes and they are in the MV.

A Full Sync will have 1416 Provisioning Adds

An Export then has 1416 Adds

But then the Full Import has 1416 Deletes

FIM 2010 R2 Management Pack for SCOM 2012?

April 23, 2014, 2:35 pm

≫ Next: PCNS flow question

≪ Previous: FIM Portal not taking users. They delete right away

$

0

0

Hi,

What is the latest SCOM Management Pack for FIM?

Is there a FIM 2010 R2 Management Pack for SCOM 2012?

We're looking for a monitoring solution so that when FIM errors occur, the right people are notified - any suggestions?

Thx,

SK

PCNS flow question

April 23, 2014, 8:11 pm

≫ Next: PCNS Inclusion Group question

≪ Previous: FIM 2010 R2 Management Pack for SCOM 2012?

$

0

0

hi,

We have the following setup:

PCNS is deployed in Forest B and C, which is configured to sync passwords for Staff (Staff Group in Forest C) and Students (Student Group in Forest B) to their respective accounts in Forest A. This is working fine.

A new requirement is to have some of the Staff Forest C accounts created in Forest B. So here are some questions.

1. Could we now setup PCNS in Forest C to also sync passwords to Forest B (for some of these new Staff accounts)?
2. When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A; however, since PCNS in Forest B only monitors the Student AD Group (in order to synchronize to Forest A), any password changes to Staff members (not part of the Student AD Group) will be ignored. Is this correct?
3. What if PCNS inclusion group was "Domain Users" in Forest B. When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A - would PCNS in Forest B be triggered for Staff again and password sync again to Forest A?

Thank you,

sk

PCNS Inclusion Group question

April 23, 2014, 8:51 pm

≫ Next: Unable to process your request in FIM 2010 R2.

≪ Previous: PCNS flow question

$

0

0

Hi,

To ensure PCNS works correctly, I assume you have to be part of the Inclusion Group at the time of your password change?

The scenario I am thinking of is where FIM manages the membership of the Inclusion Group...and the user changes their password before a FIM export updates their Group membership...I guess PCNS won't magically start working once they enter the correct Inclusion Group?

just some wishful thinking ;)

Unable to process your request in FIM 2010 R2.

April 23, 2014, 9:52 pm

≫ Next: FIM Reporting Services Port requirements

≪ Previous: PCNS Inclusion Group question

$

0

0

Hi,

Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.

This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message Unable to process your request .

NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.

Regards

Anil Kumar  

---

FIM Reporting Services Port requirements

April 24, 2014, 3:46 am

≫ Next: FIM Reporting Services Installation Failed

≪ Previous: Unable to process your request in FIM 2010 R2.

$

0

0

Hi ,

Can anybody let me know what are the communication ports required for deploying fim reporting services.

I am unable to complete the installation.any help would be greatly appreciated.

Regards

Dushyant singh

FIM Reporting Services Installation Failed

April 24, 2014, 3:57 am

≫ Next: Is it possible to install FIM SharePoint portal into a subsite collection?

≪ Previous: FIM Reporting Services Port requirements

$

0

0

Hi,

I am trying to install FIM Reporting Service in our environment. I have followed the technet guide for doing so.

But my installation is encountering problems and it  fails and rolls back.

After some troubleshooting , i found that the installation fails because of intermittent connection between scsm console in FIM Service server and SCSM server.

Whenever the installation fails , the connection also fails between scsm console in FIM Service server and SCSM server and i am also not able to telnet  port 5724 at that time.

But after some secs again the connection happens successfully and i am able to telnet.I have checked with network team in this regard.they have confirmed no issues in the network.

Please could anybody suggest any thing on this regard.Any help will be greatly appreciated.

---

shakti

Is it possible to install FIM SharePoint portal into a subsite collection?

April 24, 2014, 10:23 am

≫ Next: FIM Password registration is successful but password reset is fails

≪ Previous: FIM Reporting Services Installation Failed

$

0

0

If we have a Site collection called FIM Portal, how do you install the FIM portal in a sub site collection. I tried and while it sorta worked, it installed itself in SP.Com\sites\FIMPortal\IdentityManagement none of the links on the portal home page worked. e.g. The password reset links point SP.com\IdentityManagment. It dropped out the \sites\FIMPortal\ part of the URL.

And if you know off hand of a Visio doc that shows the Best Practice Install I'd be interested. I'm sort of confused on the naming of the different parts and where they should sit and why. And the service accounts main location. EG. In the docs it says create a FIMMA account of type user and not service. But I am not exactly sure of its purpose because I don't recall seeing it used again later in the instructions.

FIM Password registration is successful but password reset is fails

April 24, 2014, 2:45 pm

≫ Next: forefront and dirsync stop working after server reboot or service restart

≪ Previous: Is it possible to install FIM SharePoint portal into a subsite collection?

$

0

0

We have installed FIM password registration and password reset portals on different server. The Sync engine & FIM service is already installed on one server. We are getting below error while performing password reset for a user.

Error:"An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)".

Let me know if you require any more information.

forefront and dirsync stop working after server reboot or service restart

April 25, 2014, 2:54 am

≫ Next: Sharepoint 3.0 SP-2

≪ Previous: FIM Password registration is successful but password reset is fails

$

0

0

Dirsync install perfectly and works perfectly until you ever restart the server then the Azure and dirsync service both fail to start.

running dirsync config again will not fix the services,have to completely remove dirsync from add/remove programs and then reinstall where it resets itself and starts working again.Service accounts logon always look the same So completely at a loss as to why they never restart.

very frustrating having to reinstall dirsync all the time

have support ticket with office365 but all they could suggest was reinstall the whole server which was not exactly practical.

Any help appreciated