AD users provisioned through FIM2010 RC1 cannot access FIM Portal
I have checked that account name, domain and object SID are set and yet I get the error "You do not have permission to make this request". When installing the FIM Portal I did check the "Grant access to authenticated users" check box. So what am I missing? Any ideas?
October 1st, 2009 8:56pm
There are some MPRs missing that are probably not enabled yet....What object type is throwing the error and what operation are you performing?Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2009 9:15pm
Login as Administrator and Enable the following MPR's:1) General people can read non-administration configuration objects2) User Management: User cas read attributes of their ownDepending on what you want to user to be able to do, you may need to enable Distribution Group/Security Group/Password Reset MPR'sThanks,Sri
October 1st, 2009 9:24pm
Hi,I have the same problem; I have checked that Sharepoint rights were properly configured and that the 2 mentioned MPRs were enabled. I still have the error message.When I log on with the administrator account, no problem, either with the sync account.All other accounts synced with FIM RC1 dont work.ObjectSID, account name and DOmain are set.Please hellpppThanks
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:10pm
the 2 MPRs, objectSid, accountName, domain and *display name* are needed
October 14th, 2009 1:36pm
yep I have that.Concerning the ObjectSid, should the value be the same than Active DIrectory?Shall we do a mapping on that?I had no problem with the RC0 portal :-)Thanks for your help
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:40pm
yes, you need an inbound flow of the object's SID from AD into the FIM portal.Poulating an object's SID is a new requirement in RC1 that didn't exist in RC0.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
October 14th, 2009 1:43pm
ok, I check that and tell you in a few minutes :-)
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 1:50pm
YEAHHHH GROOOVYIt works finally!Thank you very much,
October 14th, 2009 1:54pm
Awesome!Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 2:45pm
Markus,Why is this not in the documentation? Espeically your use case documents??Stuff like this is what needs to be in release notes and installation docs.Specifically I am writing about the Disabled MPR's.Joe
Joe Stepongzi - Identity Management Consultant - ILM MVP - www.microsoftIdM.com,ilmXframework.codeplex.com
December 10th, 2009 7:42pm