AD users provisioned through FIM2010 RC1 cannot access FIM Portal
I have checked that account name, domain and object SID are set and yet I get the error "You do not have permission to make this request". When installing the FIM Portal I did check the "Grant access to authenticated users" check box. So what am I missing? Any ideas?
October 1st, 2009 8:56pm

There are some MPRs missing that are probably not enabled yet....What object type is throwing the error and what operation are you performing?Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2009 9:15pm

Login as Administrator and Enable the following MPR's:1) General people can read non-administration configuration objects2) User Management: User cas read attributes of their ownDepending on what you want to user to be able to do, you may need to enable Distribution Group/Security Group/Password Reset MPR'sThanks,Sri
October 1st, 2009 9:24pm

Hi,I have the same problem; I have checked that Sharepoint rights were properly configured and that the 2 mentioned MPRs were enabled. I still have the error message.When I log on with the administrator account, no problem, either with the sync account.All other accounts synced with FIM RC1 dont work.ObjectSID, account name and DOmain are set.Please hellpppThanks
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:10pm

the 2 MPRs, objectSid, accountName, domain and *display name* are needed
October 14th, 2009 1:36pm

yep I have that.Concerning the ObjectSid, should the value be the same than Active DIrectory?Shall we do a mapping on that?I had no problem with the RC0 portal :-)Thanks for your help
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:40pm

yes, you need an inbound flow of the object's SID from AD into the FIM portal.Poulating an object's SID is a new requirement in RC1 that didn't exist in RC0.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
October 14th, 2009 1:43pm

ok, I check that and tell you in a few minutes :-)
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:50pm

YEAHHHH GROOOVYIt works finally!Thank you very much,
October 14th, 2009 1:54pm

Awesome!Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 2:45pm

Markus,Why is this not in the documentation? Espeically your use case documents??Stuff like this is what needs to be in release notes and installation docs.Specifically I am writing about the Disabled MPR's.Joe Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
December 10th, 2009 7:42pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics