Error: Unable to send a security code. Please contact your help desk for assistance
Hello,
Im testing the SSPR adding the OTP functionality.
Im presenting the error: "Unable to send security code. Please contact your help desk for assistance"
I was able to register but in this process but in the process of challenge for Password Reset after pass the security questions appear this error.
FIMService@domain.com email account exists and was added during FIM 2010 R2 installation.
Ill appreciate the help to resolve this.
Regards
July 26th, 2012 6:14pm
If you are trying to send an Email OTP, check the Forefront Identity Manager category in the FIM Service's event logs.
FIM cannot send SMS One-Time-Passwords out of the box, although a module and service to do this are available here. (Disclaimer: I wrote a good portion of it. ;) )
--Steve
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2012 12:37pm
Solved:
"The FIM Service does of course need to be able to contact the SMTP gateway (or Exchange Web Service endpoint)." - Steve Kradel
Ive validated that the FIMService has permissions on Exchange to send emails Internal and External.
From the FIM Server that has the FIM Service installed, validate that you can access:
https://mailserver/EWS/exchange.asmx, this re-direct to:
https://mailserver/EWS/Services.wsdl
The parameter of MailServer that appear in the File: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config should target the
https://mailserver/EWS/exchange.asmx address.
You need to verify that the Exchange Web Service (EWS) is accessible. You may need to add the certificate that Exchange is using to the local store on the FIM Server. There is information on
how to do this here:
http://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx - Bill M.
Thanks to Steve and Bill
August 4th, 2012 1:20pm
Thanks Steve,
Error Logs:
Application:
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the Exchange Web
Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
Forefront Identity Manager
System
-
Provider
[ Name]
Microsoft.ResourceManagement
-
EventID
3
[ Qualifiers]
0
Level
2
Task
0
Keywords
0x80000000000000
-
TimeCreated
[ SystemTime]
2012-08-02T17:45:18.000000000Z
EventRecordID
2802256390
Channel
Forefront Identity Manager
Computer
FIM01.com
Security
-
EventData
System.Web.Services: System.Net.WebException: The request failed with HTTP status 405: Method Not Allowed. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message,
WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType
FindItem1) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object
state)
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2012 2:28pm
Im trying to send an Email OTP, the detailed error:
Unable to send security code
Unable to send a security code. Please contact your help desk for assistance.
Go to
Self-Service Password Reset home page
Details:
Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.OneTimePasswordDeliveryException: ValidationError:UnableToSendSecurityCode ---> System.ServiceModel.FaultException: ValidationError:UnableToSendSecurityCode at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message
request) at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer) at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[]
authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper) at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) --- End of inner exception stack trace
--- at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl
currentGate) at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
The exchange resides in a different server, do i need to allow another port than 5725 and 5726?, ive applied the steps mentioned at:
http://technet.microsoft.com/en-us/library/hh824696(v=ws.10)
Thanks,
Elas
August 4th, 2012 5:50pm
There should be another, earlier warning/error message in the event log that details why the message couldn't be sent; the stack trace above is only informative to the extent that the service failed in an unspecified way. You do not need to open more
listening ports on the FIM Service box, but the FIM Service does of course need to be able to contact the SMTP gateway (or Exchange Web Service endpoint).
--Steve
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2012 5:56pm