Hi, Busy working through http://technet.microsoft.com/en-us/library/fim_cm_test_lab_guide(WS.10).aspx We have reached the section dealing with FIM CM Exit Module and Policy Module as follows: To configure the FIM CM Exit Module and Policy Module 1. Ensure that you are logged on as User1 on SUBCA1. In the Server Manager console tree, ensure the Roles and Active Directory Certificate Services are expanded. Right-click corp-SUBCA1-CA and then click Properties. 2. In the corp-SUBCA1-CA Properties dialog box, on the Exit Module tab, click Add. 3. In the Set Active Exit Module dialog box, select FIM CM Exit Module and then click OK. 4. Select FIM CM Exit Module and then click Properties. 5. In the Configuration Properties dialog box, in Specify FIM CM database connection string, enter the connection string that you determined in the previous procedure. Integrated Security=SSPI; Persist Security Info=False;Initial Catalog=FIMCertificateManagement;Data Source=sql1.corp.contoso.com and then click OK. 6. The Microsoft FIM Certificate Management dialog box appears telling you that the Certification Authority must be restarted before the changes can take place. Click OK. 7. In the Policy Module tab, click Properties. 8. In the Configuration Properties dialog box, on the General tab, ensure that Pass non-CM requests to the default policy module for processing is selected. 9. In the Default Policy Module tab, click Properties. 10. In the Default Policy Module dialog box, ensure that Follow the settings in the certificate template if applicable. Otherwise, automatically issue the certificate is selected. 11. On the Signing Certificates tab, click Add. 12. In the Certificate dialog box, enter the thumbprint of the Agent that you obtained earlier. Click OK twice. Our problem is that after we paste the Thumbprint in (point no.12), the OK button is greyed out. We tried typing the values in, but the OK button is still greyed out. We tried typing the values in, without spaces, but the OK button is still greyed out...

We retried and retried...and again we removed all the spaces and retyped the thumbprint manually - and the OK button appeared magically. However we will only know if this will works once we start testing the smart card enrollment.

we managed to successully test the entire process to obtain a user certificate (as per http://technet.microsoft.com/en-us/library/fim_cm_test_lab_guide(WS.10).aspx) - but will not be able to test the smart card at this stage.

we managed to successully test the entire process to obtain a user certificate (as per http://technet.microsoft.com/en-us/library/fim_cm_test_lab_guide(WS.10).aspx) - but will not be able to test the smart card at this stage.

Have you tried to put the thumbprint into the related registry key HKLM\System\Current Control Set\services\CertSvc\Configuration\<CA Name>\PolicyModules\Clm.Policy\CertValidHashes. You have to ensure that this thumbprint is matches with the FIM CM's web.config value <add key="Clm.SigningCertificate.Hash" value=.....>/Matthias

Have you tried to put the thumbprint into the related registry key HKLM\System\Current Control Set\services\CertSvc\Configuration\<CA Name>\PolicyModules\Clm.Policy\CertValidHashes. You have to ensure that this thumbprint is matches with the FIM CM's web.config value <add key="Clm.SigningCertificate.Hash" value=.....>/Matthias

You have actually selected a hidden character at the front of the thumbprint. When you paste the text, it does not look like the character is there, but it is. Put your cursor at the furthest left edge, and then hit the right-arrow key. You will see that the cursor does not move until you hit it a second time. This is a known issue when copying the thumbprint. just delete the character and all should be well. You can see the character if you view the pasted string in Visual Studio's XML editor. Brian