Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

This forum is for IT Professionals who have questions/issues or other feedback about Forefront Identity Manager (FIM) 2010 suite

older | 1 | .... | 55 | 56 | (Page 57) | 58 | 59 | .... | 204 | newer

    0 0
  • 04/25/14--06:01: Sharepoint 3.0 SP-2
  • Hi,

    we are trying to install the FIM 2010 R2 on SharePoint 3.0 SP-2. SharePoint is installed successfully. However, when we open the  file applicationHost.config  to add (” As per the  FIM 2010 R2 test guide lab, there should be ” added.  Two of the instances will have
    useKernelMode=”false” already present.
    so total are  5 - windowsAuthentication enabled=”true”.But in our environment, there are only 3 -windowsAuthentication enabled=”true” . Please help us to resolve the issue. It seems due to this, FIM portal is not successfully installed. FIM Installation is   roll backing automatically.



    0 0

    We have FIM Password Reset Client Service 4.1.3508 installed on Windows 7 SP2 machines connecting to the FIM Server and at the Ctrl-Alt-Del it does not pass the Default Logon Domain dictated in Group Policy.

    We have 2 Forest Domains in a Full Forest Trust where the Win7 computers and the FIM 2008 R2 Servers are in one Domain (DomainAComp) and the Users are in another (DomainBUsers).

    On the Win7 workstations (DomainAComp), there is a Group Policy that defines the Default Logon Domain as the Users domain (DomainBUsers).

    Administrative Templates/System/Logon
    Assign a default domain for logon = Enabled 
    Default Logon domain: = DomainBUsers

    FIM DOESN'T WORK When at the Ctrl-Alt-Del Logon screen - Users enter the following:

    Username - usernameA
    Password - (don't enter anything)
    Domain (preset by policy) as DomainBUsers

    Reset Password Link - Launches FIM Password Reset Client Service  - Error - Users does not exist or doesn't have rights to change password.

    DOES WORK - When at the Ctrl-Alt-Del Logon screen Users enter the following:

    Username - DomainBUsers\usernameA
    Password - (don't enter anything)
    Domain DomainBUsers

    The domain is a long one and users do not have to enter it to logon so they are not used to entering it. FIM should pass the default domain but it doesn't. There is nothing in the client settings to specify anything and we have the latest hotfix 3508.

    Any other suggestions?


    0 0


    I have two tables:-


    A SQL view combines this two tables and I am importing data through SQL MA and inbound synch rule.
    All attributes are coming except manager. I have choose manager as 'Reference' in SQL MA. I am sure employee exists.

    All attributes are getting imported except manager.


    0 0
  • 04/28/14--04:51: FIM Web Service not starting
  • Hello,

    Recently our FIM web service quit starting in our dev environment. I notice the change when the domain controllers were re-ip'd. When we try to start them manually we receive the following error.

    "The Forefront Identity Manager Service service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

    I am baffled at this point as we did not reference the IPs of AD when we configured our dev-environment, so nothing should have changed. At this point I'm not really sure where to begin looking; would this be an issue with the SharePoint configuration, access for the service account on the server, or something else. I have validated that the service account we are using is unlocked and it has the correct password. Unfortunately there is nothing in event viewer when the error is thrown.

    0 0

    Is it possible to add web links or text or even tool tip texts to parts of FIM?

    For example, I would like to add a compliance statement for photos in the FIM portal so that when users choose to upload their own photos, they're prompted with a statement about acceptable and professional photos. I haven't seen any customization examples of this - please advise.


    0 0

    We are currently using FIM to provision mailboxes and mail contacts in Exchange. We are currently on Exchange 2010 SP3. When we originally set up Exchange interrelation with FIM, we used this information found here:

    We enabled Kerberos and set up FIM to use the load balanced name of our CAS array. 

    When we go to Exchange 2013, what do we need to change on the FIM side?  I know we will need to change the provisioning database, but what else is required?  I notice Exchange 2013 is not available in the drop down menu on the ADMA agent.  I read you just leave that as Exchange 2010.

    0 0


    We have an issue with the SharePoint_Config_log.LDF file continually growing on both our FIM Portal servers. It has taken quite a while to get as big as it is (21gb) and since it never reduces and only grows, the disk is slowing filling up.

    WSS_Content_log.LDF has the same issue but it only 5gb for now so not as big a concern to me. Both files live here:


    I found this post about the issue in the SharePoint legacy forums:

    I am not sure how to run the suggested commands as there is no SQL engine on either of the Portal servers-- so I am not sure how to even access these databases. Should SQL be installed? I do not have a lot of SQL knowledge (or SharePoint really).

    Has anyone else had this problem and how did you resolve it? Our FIM version is 2010 (not R2) and its running on Server 2008 R2.

    Thanks :)

    0 0

    I have a fresh installation of FIM 2010 R2. After installation I am able to see FIM portal through account used for installation.
    however in evenvwr I am continously getting below error. During instllation EXCHANGE team provided the address '' as the address and I selected
    all option like SSL and pooling on installation screen.

    Below error seems related with Exchagne but I am not able to undserstand what should I demand from exchange team.
    Kindly suggest.

    System.Web.Services: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
       --- End of inner exception stack trace ---
       at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
       at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)


    0 0
  • 04/29/14--01:10: Mailflow approvals portal
  • i have proble in outlook 2013 , if i approve any portal requests it is taking me to configure new microsoft email id instead existing company  outlook as default .   is there any settings for 2013 outlook for approvals .

    thanks . any advise please .


    0 0

    I need DropDownList with list of Exchange Mailbox databases in "Configuration for User Editing" RCDC.
    So I bind ItemSource of DropDownList to MailboxDatabase.LocalizedAllowedValues in RCDC.
    And fill validation string pattern of "MailboxDatabase" attrbute with following regex:
    If regex contains only letters, digits and "_" as above it works great, but...
    If regex contains dashes or special characters it doesn't work.
    Something like ^(base|base-2)?$ or ^(base|base%2)?$ just doesn't work, drop-down list is empty.
    I tried screen dashes and special characters with backslash - no success.
    Is there any way to see dash in FIM drop-down list through LocalizedAllowedValues?

    0 0
  • 04/29/14--05:09: Group synchronization
  • Hello, 

    I want to synchronise in FIM portal only Security Group from AD , but i want to permit the synchronization of distribution group in ADAM. 

    How can i filter this to permit only security group export to FIM portal. 

    I added a filter in FIM MA but i have error connector-filter-rule-violation how can i bypass the displaying of the error in FIM operation log. 


    0 0


    When i installed FIM 2010 R2 Portal in my Machine then i enter the mail server location EX1.FIMR2.COM,but i want change this mail server location to UPM.FIMR2.COM so please tell me how can we change the mail server location .


    Anil Kumar

    0 0


    My Exchange Server 2010 on one machine and FIM 2010 Portal on second machine and FIM SSPR on thired machine.

    so any one can tell me.

    is it mandatory for email notification exchange server 2010 console management installed on FIM 2010 R2 Portal


    Anil Kumar

    0 0

    In my distribution groups I have added some member via owner approval and that member appears added to me when i view that group from FIM admin portal but when i look at the same DG from Owner's FIM portal then user does not appear! strange ! 

    Any suggestion pls why is this happening?

    0 0


    if I have to reinstall FIM (using only Sync Service) und I have no backup. How is the correct way to rejoin the objects?

    I have two Management Agents. Import from MA A and Export Objects to MA B. Object Deletion Rule is: Delete Objects if disconnected from MA A.

    My plan would be:

    1. Full Import MA A

    2. Full Import MA B

    3. Full Sync MA A

    4. Full Sync MA B

    In Test Env I did this but I got thousands of errors when executing Step 3 (object already exists) and in step 4 disconnects. in MV there is no object created.


    0 0


    I am unable to access FIM IDM URL https://MachineName/identitymanagement/default.aspx,, /

    I have four machine one for FIM 2010 Portal,second database,thired Exchange Server and fourth FIM 2010 SSPR

    All URL is working fine within machine and one to another but i want to access these url outside it is not working for me.

    can any one tell me why this heppning.


    Anil Kumar

    0 0

    I am seeing the following error when starting the SharePoint 2013 User Profile Synchronization service.

    The FIM service runs under the spfarm account and the farm account is a local administrator on the web and app server.

    Also, the account has logon locally rights, does not belong to any groups in the deny logon locally permission set.

    The user has Replicate Directory Permissions on AD set as well.

    The error message displayed is:

    UserProfileApplication.SynchronizeMIIS: Failed to configure MOSS initial MAs, will attempt during next rerun. Exception: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied     at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime)     at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)     at Microsoft.Office.Server.UserProfiles.Synchronization.MVConfiguration..ctor(Guid resourceIdentifier)     at Microsoft.Office.Server.UserProfiles.Synchronization...

    The error occurs just after logging the following message in the ULS log:

    ILM Configuration: The ExportMiisEncryptionKey process completed successfully

    I can see http 500 messages in Fiddler after OWSTimer makes wcf calls to http://<servername>:5725/ResourceManagementService/Resource

    When using MIISCient, the ILMMA appears but then stops within a few minutes.

    Has anyone seen this and does anyone know what permissions are needed to deal with this permission denied exception?

    0 0

    I have a configuration where we are trying to use SCSM 2012 R2,  but when we install FIM 2010 R2 SP1 we get an error that we need to install the KB2561430 hotfix on the FIM Portal/Service server.  The KB2561430 hotfix is for SCSM 2010 not SCSM 2012 or even SCSM 2012 R2.

    So is SCSM 2012 R2 support with FIM 2010 R2 SP1?  Is there another hotfix for this issue? 



    0 0


    I have been Successfully registered with emailid in FIM 2010 R2 Password Registration Portal.but when go in FIM 2010 R2 Password Reset Portal and gives all right answers of questions after this gives fallowingerror:Unable to send a security code. Please contact your help desk for assistance.


    Anil kumar

    0 0

    Hi all, I am confused.

    I am looking for How to enable logging for the webservices connector.

    The Wiki article: How to enable logging for the webservices connector ( explains how to enable Web Service Configuration Tool, not Web Service Connector. I follow these instructions and log only the web Service Configuration tool usage, not Web Service Connector.

    In Microsoft documentation point to logging.xml, but this file has GALSYNC log configuration, I did no t findLogging level section:

    <setting name="LoggingLevel" serializeAs="String">



    Someone can explain me how to enable logging for WEB Service Connector?

    Thanks in advanced

    Best Regards

    JuanCC Technology Specialist

older | 1 | .... | 55 | 56 | (Page 57) | 58 | 59 | .... | 204 | newer