Sharepoint 3.0 SP-2

April 25, 2014, 6:01 am

≫ Next: FIM 2010 password reset client service 4.1.3508 does NOT recognize/pass Default Domain?

≪ Previous: forefront and dirsync stop working after server reboot or service restart

$

0

0

Hi,

we are trying to install the FIM 2010 R2 on SharePoint 3.0 SP-2. SharePoint is installed successfully. However, when we open the  file applicationHost.config  to add (” As per the  FIM 2010 R2 test guide lab, there should be ” added.  Two of the instances will have
useKernelMode=”false” already present. so total are  5 - windowsAuthentication enabled=”true”.But in our environment, there are only 3 -windowsAuthentication enabled=”true” . Please help us to resolve the issue. It seems due to this, FIM portal is not successfully installed. FIM Installation is   roll backing automatically.

Thanks

Anil

---

FIM 2010 password reset client service 4.1.3508 does NOT recognize/pass Default Domain?

April 25, 2014, 3:18 pm

≫ Next: importing manager attribute in FIM

≪ Previous: Sharepoint 3.0 SP-2

$

0

0

We have FIM Password Reset Client Service 4.1.3508 installed on Windows 7 SP2 machines connecting to the FIM Server and at the Ctrl-Alt-Del it does not pass the Default Logon Domain dictated in Group Policy.

We have 2 Forest Domains in a Full Forest Trust where the Win7 computers and the FIM 2008 R2 Servers are in one Domain (DomainAComp) and the Users are in another (DomainBUsers).

On the Win7 workstations (DomainAComp), there is a Group Policy that defines the Default Logon Domain as the Users domain (DomainBUsers).

Administrative Templates/System/Logon
Assign a default domain for logon = Enabled 
Default Logon domain: = DomainBUsers

FIM DOESN'T WORK When at the Ctrl-Alt-Del Logon screen - Users enter the following:

Username - usernameA
Password - (don't enter anything)
Domain (preset by policy) as DomainBUsers

Reset Password Link - Launches FIM Password Reset Client Service  - Error - Users does not exist or doesn't have rights to change password.

DOES WORK - When at the Ctrl-Alt-Del Logon screen Users enter the following:

Username - DomainBUsers\usernameA
Password - (don't enter anything)
Domain DomainBUsers

The domain is a long one and users do not have to enter it to logon so they are not used to entering it. FIM should pass the default domain but it doesn't. There is nothing in the client settings to specify anything and we have the latest hotfix 3508.

Any other suggestions?

---

lforbes

importing manager attribute in FIM

April 28, 2014, 3:56 am

≫ Next: FIM Web Service not starting

≪ Previous: FIM 2010 password reset client service 4.1.3508 does NOT recognize/pass Default Domain?

$

0

0

Experts,

I have two tables:-

users:-
employeeid:firstname:lastname:deptnumber
department
deptnumber:deptname:manager

A SQL view combines this two tables and I am importing data through SQL MA and inbound synch rule.
All attributes are coming except manager. I have choose manager as 'Reference' in SQL MA. I am sure employee exists.

All attributes are getting imported except manager.

Thanks,
Mann

FIM Web Service not starting

April 28, 2014, 4:51 am

≫ Next: Adding web links into FIM pages

≪ Previous: importing manager attribute in FIM

$

0

0

Hello,

Recently our FIM web service quit starting in our dev environment. I notice the change when the domain controllers were re-ip'd. When we try to start them manually we receive the following error.

"The Forefront Identity Manager Service service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

I am baffled at this point as we did not reference the IPs of AD when we configured our dev-environment, so nothing should have changed. At this point I'm not really sure where to begin looking; would this be an issue with the SharePoint configuration, access for the service account on the server, or something else. I have validated that the service account we are using is unlocked and it has the correct password. Unfortunately there is nothing in event viewer when the error is thrown.

Adding web links into FIM pages

April 28, 2014, 6:03 am

≫ Next: Upgrading to Exchange 2013 This Summer - What to Change in FIM?

≪ Previous: FIM Web Service not starting

$

0

0

Is it possible to add web links or text or even tool tip texts to parts of FIM?

For example, I would like to add a compliance statement for photos in the FIM portal so that when users choose to upload their own photos, they're prompted with a statement about acceptable and professional photos. I haven't seen any customization examples of this - please advise.

Thanks

Upgrading to Exchange 2013 This Summer - What to Change in FIM?

April 28, 2014, 4:59 pm

≫ Next: SharePoint_Config_log.LDF file on Fim Portal Servers growing large

≪ Previous: Adding web links into FIM pages

$

0

0

We are currently using FIM to provision mailboxes and mail contacts in Exchange. We are currently on Exchange 2010 SP3. When we originally set up Exchange interrelation with FIM, we used this information found here: http://social.technet.microsoft.com/wiki/contents/articles/2189.how-to-configure-the-exchange-2010-rps-uri.aspx

We enabled Kerberos and set up FIM to use the load balanced name of our CAS array. 

When we go to Exchange 2013, what do we need to change on the FIM side?  I know we will need to change the provisioning database, but what else is required?  I notice Exchange 2013 is not available in the drop down menu on the ADMA agent.  I read you just leave that as Exchange 2010.

SharePoint_Config_log.LDF file on Fim Portal Servers growing large

April 28, 2014, 5:37 pm

≫ Next: The underlying connection was closed error FIM 2010

≪ Previous: Upgrading to Exchange 2013 This Summer - What to Change in FIM?

$

0

0

Hello,

We have an issue with the SharePoint_Config_log.LDF file continually growing on both our FIM Portal servers. It has taken quite a while to get as big as it is (21gb) and since it never reduces and only grows, the disk is slowing filling up.

WSS_Content_log.LDF has the same issue but it only 5gb for now so not as big a concern to me. Both files live here:

C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data

I found this post about the issue in the SharePoint legacy forums:

http://social.technet.microsoft.com/Forums/en-US/5055ecb8-7d9a-40c5-aeb7-8da5d7984760/sharepointconfiglogldf-file-is-14-gig?forum=sharepointadminlegacy

I am not sure how to run the suggested commands as there is no SQL engine on either of the Portal servers-- so I am not sure how to even access these databases. Should SQL be installed? I do not have a lot of SQL knowledge (or SharePoint really).

Has anyone else had this problem and how did you resolve it? Our FIM version is 2010 (not R2) and its running on Server 2008 R2.

Thanks :)

The underlying connection was closed error FIM 2010

April 28, 2014, 11:38 pm

≫ Next: Mailflow approvals portal

≪ Previous: SharePoint_Config_log.LDF file on Fim Portal Servers growing large

$

0

0

I have a fresh installation of FIM 2010 R2. After installation I am able to see FIM portal through account used for installation.
however in evenvwr I am continously getting below error. During instllation EXCHANGE team provided the address 'outlook.company.in' as the address and I selected
all option like SSL and pooling on installation screen.

Below error seems related with Exchagne but I am not able to undserstand what should I demand from exchange team.
Kindly suggest.

Error
***
System.Web.Services: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
   at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems)
   at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)
**

Thanks,
Mann

---

Mailflow approvals portal

April 29, 2014, 1:10 am

≫ Next: FIM 2010R2 regular expression restrictions for drop-down list

≪ Previous: The underlying connection was closed error FIM 2010

$

0

0

i have proble in outlook 2013 , if i approve any portal requests it is taking me to configure new microsoft email id instead existing company  outlook as default .   is there any settings for 2013 outlook for approvals .

thanks . any advise please .

---

IT

FIM 2010R2 regular expression restrictions for drop-down list

April 29, 2014, 4:06 am

≫ Next: Group synchronization

≪ Previous: Mailflow approvals portal

$

0

0

I need DropDownList with list of Exchange Mailbox databases in "Configuration for User Editing" RCDC.
So I bind ItemSource of DropDownList to MailboxDatabase.LocalizedAllowedValues in RCDC.
And fill validation string pattern of "MailboxDatabase" attrbute with following regex:
^(base|base_2)?$ 
If regex contains only letters, digits and "_" as above it works great, but...
If regex contains dashes or special characters it doesn't work.
Something like ^(base|base-2)?$ or ^(base|base%2)?$ just doesn't work, drop-down list is empty.
I tried screen dashes and special characters with backslash - no success.
Is there any way to see dash in FIM drop-down list through LocalizedAllowedValues?

Group synchronization

April 29, 2014, 5:09 am

≫ Next: Exchange Server Configuration in FIM 2010 R2

≪ Previous: FIM 2010R2 regular expression restrictions for drop-down list

$

0

0

Hello, 

I want to synchronise in FIM portal only Security Group from AD , but i want to permit the synchronization of distribution group in ADAM. 

How can i filter this to permit only security group export to FIM portal. 

I added a filter in FIM MA but i have error connector-filter-rule-violation how can i bypass the displaying of the error in FIM operation log. 

Thanks

Exchange Server Configuration in FIM 2010 R2

April 29, 2014, 6:37 am

≫ Next: is it mandatory for email notification exchange server 2010 console management installed on FIM 2010 R2 Portal

≪ Previous: Group synchronization

$

0

0

Hi,

When i installed FIM 2010 R2 Portal in my Machine then i enter the mail server location EX1.FIMR2.COM,but i want change this mail server location to UPM.FIMR2.COM so please tell me how can we change the mail server location .

Regards

Anil Kumar

is it mandatory for email notification exchange server 2010 console management installed on FIM 2010 R2 Portal

April 29, 2014, 11:50 am

≫ Next: Memebers of group not appear to Group Owner at FIM portal

≪ Previous: Exchange Server Configuration in FIM 2010 R2

$

0

0

Hi,

My Exchange Server 2010 on one machine and FIM 2010 Portal on second machine and FIM SSPR on thired machine.

so any one can tell me.

is it mandatory for email notification exchange server 2010 console management installed on FIM 2010 R2 Portal

Regards

Anil Kumar

Memebers of group not appear to Group Owner at FIM portal

April 30, 2014, 12:46 am

≫ Next: How to rejoin correctly after CS and MV Deletion

≪ Previous: is it mandatory for email notification exchange server 2010 console management installed on FIM 2010 R2 Portal

$

0

0

In my distribution groups I have added some member via owner approval and that member appears added to me when i view that group from FIM admin portal but when i look at the same DG from Owner's FIM portal then user does not appear! strange ! 

Any suggestion pls why is this happening?

How to rejoin correctly after CS and MV Deletion

April 30, 2014, 1:31 am

≫ Next: unable to access FIM IDM URL,FIM PasswordRegistration and FIM PasswordReset

≪ Previous: Memebers of group not appear to Group Owner at FIM portal

$

0

0

Hi,

if I have to reinstall FIM (using only Sync Service) und I have no backup. How is the correct way to rejoin the objects?

I have two Management Agents. Import from MA A and Export Objects to MA B. Object Deletion Rule is: Delete Objects if disconnected from MA A.

My plan would be:

1. Full Import MA A

2. Full Import MA B

3. Full Sync MA A

4. Full Sync MA B

In Test Env I did this but I got thousands of errors when executing Step 3 (object already exists) and in step 4 disconnects. in MV there is no object created.

Thanks

---

unable to access FIM IDM URL,FIM PasswordRegistration and FIM PasswordReset

April 30, 2014, 1:44 am

≫ Next: User Profile Synchronization Service issue

≪ Previous: How to rejoin correctly after CS and MV Deletion

$

0

0

Hi,

I am unable to access FIM IDM URL https://MachineName/identitymanagement/default.aspx,

https://PasswordRegistration.fimr2.com/,

https://PasswordReset.fimr2.com /

I have four machine one for FIM 2010 Portal,second database,thired Exchange Server and fourth FIM 2010 SSPR

All URL is working fine within machine and one to another but i want to access these url outside it is not working for me.

can any one tell me why this heppning.

Regards

Anil Kumar

User Profile Synchronization Service issue

April 30, 2014, 4:31 am

≫ Next: Is there Support for SCSM 2012 R2 with FIM 2010 R2 SP1?

≪ Previous: unable to access FIM IDM URL,FIM PasswordRegistration and FIM PasswordReset

$

0

0

I am seeing the following error when starting the SharePoint 2013 User Profile Synchronization service.

The FIM service runs under the spfarm account and the farm account is a local administrator on the web and app server.

Also, the account has logon locally rights, does not belong to any groups in the deny logon locally permission set.

The user has Replicate Directory Permissions on AD set as well.

The error message displayed is:

UserProfileApplication.SynchronizeMIIS: Failed to configure MOSS initial MAs, will attempt during next rerun. Exception: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied     at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime)     at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)     at Microsoft.Office.Server.UserProfiles.Synchronization.MVConfiguration..ctor(Guid resourceIdentifier)     at Microsoft.Office.Server.UserProfiles.Synchronization...

The error occurs just after logging the following message in the ULS log:

ILM Configuration: The ExportMiisEncryptionKey process completed successfully

I can see http 500 messages in Fiddler after OWSTimer makes wcf calls to http://<servername>:5725/ResourceManagementService/Resource

When using MIISCient, the ILMMA appears but then stops within a few minutes.

Has anyone seen this and does anyone know what permissions are needed to deal with this permission denied exception?

Is there Support for SCSM 2012 R2 with FIM 2010 R2 SP1?

April 30, 2014, 7:42 am

≫ Next: Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2

≪ Previous: User Profile Synchronization Service issue

$

0

0

I have a configuration where we are trying to use SCSM 2012 R2,  but when we install FIM 2010 R2 SP1 we get an error that we need to install the KB2561430 hotfix on the FIM Portal/Service server.  The KB2561430 hotfix is for SCSM 2010 not SCSM 2012 or even SCSM 2012 R2.

So is SCSM 2012 R2 support with FIM 2010 R2 SP1?  Is there another hotfix for this issue? 

Thanks

Laurin

Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2

April 30, 2014, 8:03 am

≫ Next: Logging for the webservices connector

≪ Previous: Is there Support for SCSM 2012 R2 with FIM 2010 R2 SP1?

$

0

0

Hi,

I have been Successfully registered with emailid in FIM 2010 R2 Password Registration Portal.but when go in FIM 2010 R2 Password Reset Portal and gives all right answers of questions after this gives fallowingerror:Unable to send a security code. Please contact your help desk for assistance.

Regards

Anil kumar

Logging for the webservices connector

April 30, 2014, 12:38 pm

≫ Next: A few Questions about FIM setup

≪ Previous: Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2

$

0

0

Hi all, I am confused.

I am looking for How to enable logging for the webservices connector.

The Wiki article: How to enable logging for the webservices connector (http://social.technet.microsoft.com/wiki/contents/articles/12427.fim2010-how-to-enable-logging-for-the-webservices-connector.aspx) explains how to enable Web Service Configuration Tool, not Web Service Connector. I follow these instructions and log only the web Service Configuration tool usage, not Web Service Connector.

In Microsoft documentation point to logging.xml, but this file has GALSYNC log configuration, I did no t findLogging level section:

<setting name="LoggingLevel" serializeAs="String">

<value>0</value>

</setting>

Someone can explain me how to enable logging for WEB Service Connector?

Thanks in advanced

Best Regards

---

JuanCC Technology Specialist