Hello, I have deployed FIM CM 2010 for a customer, as a service for managing certificates on smart cards. Everything was working fine for a few months, and then, without any obvious reason message "Certificate was not found in the MY store of the FIM CM Agent user" appears every time when enrollment is initiated. All accounts that FIM CM uses were created automatically during config wizard, so I can not log on as clmAgent and check if certificate is really there. All configuration seems to be fine. What can I do? Run Config wizard again? That looks like a last solution for me. Is there any other way? Can I reset password on clmAgent account, try to log on locally and see if certificate is there? Please help. Thanks in advance. DamirDamir

On Thu, 21 Apr 2011 10:52:49 +0000, damird [MVP] wrote: Can I reset password on clmAgent account, try to log on locally and see if certificate is there? Yes. Reset the password in Active Directory for the account and then on each FIM CM server run the following command: ClmUtil ?setacctpwd agent NewPassword Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Command: Statement presented by a human and accepted by a computer in such a manner as to make the human feel as if he is in control.

On Thu, 21 Apr 2011 15:58:42 +0000, Paul Adare wrote: ClmUtil ?setacctpwd agent NewPassword ClmUtil -setacctpwd agent NewPassword Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Command: Statement presented by a human and accepted by a computer in such a manner as to make the human feel as if he is in control.

Hi Paul, Thanks very much for your help. I did this, and logged on as clmAgent, and looked in Personal store. Certificate wasn't there and I really have no idea how it disappeared. Anyway, I enrolled for new certificate (from same template as it was earlier), updated FIM CA Policy Module with new certificate hash as well as web.config file for FIM CM Portal. I tried to enroll for a certificate, and didn't get same error. However, all process went well up to the point where certificate is requested from CA. Execution was stopped with error "Invalid algorithm specified (HRESULT : 0x80090008)" and cannot proceed from here. It might be worth to mention that customer added one new CA, and I redirected FIM CM to this new CA for enrollment. Certificate templates are in AD, and same template is used as before, just from new CA (new CA is same version as old one - Windows Server 2003 R2). FIM CM is installed on Windows Server 2008. Can you help please? Thanks, DamirDamir

It sounds like you selected Server 2008 or V3 certificates. The three agent certificates must be based on V2 certificate templates The other possibility is that the CA was installed using a SHA2 signing algorithm. It looks lie FIM CM may only work with SHA1 certificates Brian

Hi Brian, No, I'm not using v3 certificates since all CAs are Windows Server 2003. All three agent certificates are issued from Windows Server 2003 RootCA and from v2 templates. New CA is not installed using SHA2 algorithm. Thanks, DamirDamir