Hi Im trying to setup a test lab for FIM 2010 R2 SP1 following will be my windows server 2008 r2 sp1 VMs
1. FIMDC --- server for domain controller
2. FIMPORTAL-- server for Fim portal server with fim service
3. FIMSYNC ---server for fim sync service
4.FIMSSPR --- server for Fim Self service portals
5.FIMEX --- server for exchange 2010
6.FIMDB --- server for fim sync and fim service databases
The service accounts are as follows
1. fimportaladmin for Fim portal in sharepoint foundation 2010
2. fimserviceadmin for FIM service
3. fimdbadmin for sql services
4. fimsyncadmin for fim synchronization service.
i have configured following SPNs and delegation but i can get the identity management portal to view itself.
Setspn.exe –S HTTP/FIMPORTAL testlab\fimportaladmin
Setspn.exe –S HTTP/fimportal.testlab.com testlab\fimportaladmin
Setspn.exe –S FIMService/fimportal testlab\fimserviceadmin
Setspn.exe –S FIMService/fimportal.testlab.com testlab\fimserviceadmin
Setspn –S MSSQLsvc/fimdb.testlab.com:1433 testlab\fimdbadmin
Setspn –S MSSQLsvc/fimdb:1433 testlab\fimdbadmin
I have delegated sharepoint (fimportaladmin) account to Fim service(fimserviceadmin) and fimserviceadmin to fimservice
I have used sharepoint app pool to use the service account (fimportaladmin) and configured machine.config to use useapppoolcredentials to true.
I disabled the custom error module in portal and seems the security token is not properly created.
I checked with kerbtray tool and no kerberos tickets were generated.
Could you please point me in right way since i am unable to view the portal itself.
Im not sure of the SPNs i have configured.
Also is there any wrong in the choosen setup like one more server for fim service.
-Dhayanandh