Just installed new FIM test lab and when I go to the FIM portal I am presented with credential challenge. No matter what I enter it fails. I ran the PowerShell script to check the MPR's, and they are both Enabled.

Enabling FIM Portal Access for a Regular AD User Account. Cheers, MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Markus' link is the best place to start, especially since you just got it installed. I would only add that if you are accessing the portal from the WSS server itself and you are using a DNS alias, you may experience the behavior you describe due to loopback checking even if FIM is configured to allow you access or you are the FIM administrator. See http://support.microsoft.com/kb/896861 for more information.

MRMO - you mentioned that you have just installed the FIM portal - are there any users in the portal yet? If you have just installed it, try logging on with the user account that was used to install the FIM portal. Open IE, navigate to http://localhost/identitymanagement and when challenged, enter those same credentials. By default, the administrator account in the FIM portal is the same account that was used to install the component.

You should check Kerberos constrained Delegation and SPN configuration. When promting for user account/password again and again propably the Kerberos authentication fails. Check also the Security and System-Log for failed Logins or unresolved SPNs/Matthias

Yes. when I RDP into the Portal / Sync server (yes both on same server) I can access the Portal as the FIM-Admin. But when I try to access the portal from my own workstation using my non-proveldeged account it prompts me for credentials connecting to the server.

This article might help you verify if everything is OK regarding the Kerberos authentication part: FIM 2010: Understanding Kerberos Authentication Setuphttp://setspn.blogspot.com

I did a SETSPN -L on the services I'm using for FIM and found that I had a duplicate SPN. So I deleted all of the SPN's that were registered and then thought what the heck let's see if the portal will fire up before I re-create the SPN's, and wala - the portal is now working. I guess I'm not using Kerberose in my sandbox. Thanks for all your help...

you can do change installation of FIM portal and select the checkbox "Grant authenticated Users access to FIM portal site", it will add the right permissions to SharePoint site ... nevertheless if you want manual actions you need to go Site settings -> users and groups -> select from the right "Site Permissions" -> add Users, "NT Authority\Authenticated Users" and give them Read access. that's the SharePoint part, further more you need to import the users into FIM service with ObjectSID