I'm quite sure it's a bug in MIM 2016 sp1. I don't know about MIM 2016 RTM.
Using the PowerShell commandlet this way the request fails:
- Import-Module mimpam
- $r = Get-PAMRoleForRequest -DisplayName "Enterprise Admins"
- New-PAMRequest -Justification t1 -Role $r -Verbose
But, using it this way the request worksjust fine
- Import-Module mimpam
- $r = Get-PAMRoleForRequest -DisplayName "Enterprise Admins"
- New-PAMRequest -Justification t1 -Role $r -Verbose -RequestedTime (get-date).AddMilliseconds(3000)
Using the PAM-Portal to schedule the request for a minute later through the GUI also returns no error.
In my environment the REST API portal and the ACTIVATION PORTAL are separated.
So, do we really have a bug here?
There's a few posts already on the net regarding just that:
https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-service-details
https://social.technet.microsoft.com/Forums/en-US/2d20dbd9-16c2-4506-b6f8-a76376e7b3c7/mim2016-installing-pam-server?forum=ilm2
https://forums.iis.net/t/1228060.aspx?HTTP+Error+500+19+Internal+Server+Error+FIM+PAM+portal
GH