Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 54 | 55 | (Page 56) | 57 | 58 | .... | 204 | newer

    0 0


    I have installed FIM CM Client on one machine and FIM CM update service on another machine. Both are windows server 2008 r2 machines.

    When i try to enroll a permanent smart card for a user, its shows me the following error:-

    The version of OLE on the client and server machines does not match. (Exception from HRESULT: 0x80010110)

    Also there is no logging done for the particular event.

    I am able to change my smart card pin and view my smart card info. through the FIM CM client. 

    Is there a compatibility issue of FIM CM 2010 with Windows server 2008 r2?


    0 0

    We want to enable new users for Lync as they are provisioned. I understand that this requires the use of the Powershell cmdlets. My question is, how does one do this using only the Synchronization Service?  We do not license the FIM Portal.

    Ed Bell - Specialist, Network Services, Convergys

    0 0
  • 04/22/14--09:41: SSPR Password Reset Failure
  • Hi,
     I'm trying to figure out why my FIM password reset functionality fails. Password registration works fine. My deployment is as follows

    FIMSync1 - sync service uses service.sync
    FIMPortal - FIM portal, uses service.portal
    FIMPortalDB - FIM portal DB
    SSPR - FIM password registration and reset portals

    Application Pools
    FIMportal, Share Point 80 - service.spportal
    SSPR - service.pwordreset

    I've set SPNs as below:

    setspn -S FIMService/selfserviceportal contoso\service.portal
    setspn -S FIMService/ contoso\service.portal
    setspn -S FIMService/FIMportal contoso\service.portal
    setspn -S HTTP/ contoso\svc-fim-spportal
    setspn -S HTTP/selfserviceportal contoso\service.spportal
    setspn -S HTTP/FIMportal contoso\service.spportal

    I've installed SSPR using the credentials and URLs I stated when I first installed the FIM synchronization service and FIM service.For the password binding information (Hostname), I entered the URLs and as opposed to the hostname of my server "SSPR" - is this correct?

    The local firewall is disabled between my servers, DCOM and WMI permissions have been set on FIMSync1 for the fim service account (service.portal).

    Users can register for password reset without any issues, but the actual password reset itself fails with the errors below. Any ideas on troubleshooting are much appreciated.


    Application Error Log
    FIM Password Reset Portal failure to connect to FIM Service
    The FIM Password Reset Portal failed to connect to the FIM Service.

    Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the FIM Password Reset Portal, and (3) that network connectivity is available between the FIM Password Reset Portal and the FIM Service over the designated port.
    Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
       at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)

    Windows FIM event log
    Failure to connect to FIM Service
    The web portal failed to connect to the FIM Service.

    Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
    System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
       --- End of inner exception stack trace ---

    Server stack trace:
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.ResumableUpdate()
       at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Resume(ContextualSecurityToken securityToken)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)
    Web Portal: FIM Password Reset Portal
    Session Id: 5n0mdi45fhuwk2icjnryz055

    IT Support/Everything

    0 0


    Group having a location attribute in FIM portal, While mapping the DN with the location it showing error message Location is not a valid attribute.

    Custom Expression is 



    Kindly advice,

    Thanks and Regards,
    Anirban Singha

    0 0

    Hi Everyone,

    I want to redirect to SSPR Registration portal without windows authentication Popup.


    If there is any approach to pass username password in that popup using custom Application in

    0 0
  • 04/23/14--03:05: Licensing Query
  • Hi,

    I understand it has been answered already a few times.

    I still thought it would be good if I lay out my requirements and then understand what licensing is involved.

    We have 3000 users - all internal staff.

    Requirements will evolve as following -

    Phase 1 - Synchronize HR database to Active Directory.

    Phase 2 - Use FIM portal for self service, group memberships. Provide self service password resets. Also look at synchronizing identites to other systems.

    I believe we will need Window server and SQL server licenses but what additional licensing do we need for both the phases please?


    Ajay Suri

    0 0

    As we have used the windows SharePoint 3.0 SP-2 for FIM 2010 R2. Can any one please confirm if  FIM 2010 R2 SP -1 will also support to windows SharePoint 3.0 SP-2.



    0 0

    So with the news that DirSync can write-back with Azure AD Premium SSPR does anyone know if the FIM client for SSPR can point to Azure AD Premium SSPR so they can have the integrated client and web portal use the same SSPR process?

    0 0

    Has anyone been able to push custom user profile properties in SharePoint Online using the FIM SharePoint connector?

    0 0

    All details at: :

    Peter Geelen (Microsoft Belgium) - Premier Field Engineer Security & Identity

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or clickAnswered"Vote as helpful" button of that post.
    By marking a post as Answered or Helpful, you help others find the answer faster.

    0 0

    I'm trying to flow user objects that were brought in from our HR service (an ASP web system) into the FIM Portal. The FIM Service MA is simply exporting them and then deleting them. Why can't they persist in the portal?

    Also, just trying to move a few attributes at the moment.. First, Last, Display (a concat), Employee number.. I have these configured in the attribute flow for the FIM Service MA. The Connected Space for the HR has all of the proper attributes and they are in the MV.

    A Full Sync will have 1416 Provisioning Adds

    An Export then has 1416 Adds

    But then the Full Import has 1416 Deletes

    0 0


    What is the latest SCOM Management Pack for FIM?

    Is there a FIM 2010 R2 Management Pack for SCOM 2012?

    We're looking for a monitoring solution so that when FIM errors occur, the right people are notified - any suggestions?



    0 0
  • 04/23/14--20:11: PCNS flow question
  • hi,

    We have the following setup:

    PCNS is deployed in Forest B and C, which is configured to sync passwords for Staff (Staff Group in Forest C) and Students (Student Group in Forest B) to their respective accounts in Forest A. This is working fine.

    A new requirement is to have some of the Staff Forest C accounts created in Forest B. So here are some questions.

    1. Could we now setup PCNS in Forest C to also sync passwords to Forest B (for some of these new Staff accounts)?
    2. When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A; however, since PCNS in Forest B only monitors the Student AD Group (in order to synchronize to Forest A), any password changes to Staff members (not part of the Student AD Group) will be ignored. Is this correct?
    3. What if PCNS inclusion group was "Domain Users" in Forest B. When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A - would PCNS in Forest B be triggered for Staff again and password sync again to Forest A?

    Thank you,


    0 0


    To ensure PCNS works correctly, I assume you have to be part of the Inclusion Group at the time of your password change?

    The scenario I am thinking of is where FIM manages the membership of the Inclusion Group...and the user changes their password before a FIM export updates their Group membership...I guess PCNS won't magically start working once they enter the correct Inclusion Group?

    just some wishful thinking ;)

    0 0


    Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.

    This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message Unable to process your request .

    NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.


    Anil Kumar  

    0 0

    Hi ,

    Can anybody let me know what are the communication ports required for deploying fim reporting services.

    I am unable to complete the installation.any help would be greatly appreciated.


    Dushyant singh

    0 0


    I am trying to install FIM Reporting Service in our environment. I have followed the technet guide for doing so.

    But my installation is encountering problems and it  fails and rolls back.

    After some troubleshooting , i found that the installation fails because of intermittent connection between scsm console in FIM Service server and SCSM server.

    Whenever the installation fails , the connection also fails between scsm console in FIM Service server and SCSM server and i am also not able to telnet  port 5724 at that time.

    But after some secs again the connection happens successfully and i am able to telnet.I have checked with network team in this regard.they have confirmed no issues in the network.

    Please could anybody suggest any thing on this regard.Any help will be greatly appreciated.


    0 0

    If we have a Site collection called FIM Portal, how do you install the FIM portal in a sub site collection. I tried and while it sorta worked, it installed itself in SP.Com\sites\FIMPortal\IdentityManagement none of the links on the portal home page worked. e.g. The password reset links point\IdentityManagment. It dropped out the \sites\FIMPortal\ part of the URL.

    And if you know off hand of a Visio doc that shows the Best Practice Install I'd be interested. I'm sort of confused on the naming of the different parts and where they should sit and why. And the service accounts main location. EG. In the docs it says create a FIMMA account of type user and not service. But I am not exactly sure of its purpose because I don't recall seeing it used again later in the instructions.

    0 0

    We have installed FIM password registration and password reset portals on different server. The Sync engine & FIM service is already installed on one server. We are getting below error while performing password reset for a user.

    Error:"An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)".

    Let me know if you require any more information.

    0 0

    Dirsync install perfectly and works perfectly until you ever restart the server then the Azure and dirsync service both fail to start.

    running dirsync config again will not fix the services,have to completely remove dirsync from add/remove programs and then reinstall where it resets itself and starts working again.Service accounts logon always look the same So completely at a loss as to why they never restart.

    very frustrating having to reinstall dirsync all the time

    have support ticket with office365 but all they could suggest was reinstall the whole server which was not exactly practical.

    Any help appreciated

older | 1 | .... | 54 | 55 | (Page 56) | 57 | 58 | .... | 204 | newer