FIM 2010 RC1 CM: event id 5059 when using the wizard configuration
Hi all,I am setting up a platform of Forefront Identity Manager 2010 RC1 Certificate Management.The configuration wizard enrolls the CM Signing template. When it tries toimport this key, an event id 5059 appears in theWindows Logs > Security (failed logins) ---------------------------------- Key migration operation. ... Cryptographic Parameters:Provider Name:Microsoft Software Key Storage ProviderAlgorithm Name:RSA ...Additional Information:Operation:Import of persistent cryptographic key.Return Code:0x80090029 ----------------------------------As a consequence, I am unable to perform any enrollment execution. Here are the other errors: Consequences: When performing an enroll request: Data at the root level is invalid. Line 1, position 1 When executing a software certificate enroll: Invalid provider type specified. When executing a smart card certificate enroll: Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Automation server can't create object-------------------Any help would be really appreciated. According to the technet documentation, I only have to enroll 3 users on 3 certificates, but I assume this is not the only thing I have to do, if I want to try to manually perform CM agents enrollments, right?
November 1st, 2009 2:44pm

Itwasn'tclear if you were able to install the signing certificate. Make sure it is installed at the required certificate store. If it failed during the installation of the signing certificate then you could begin looking at the CA logs if the CA issued the Enrollment Agent (signing certificate). Let us know what you find. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2009 11:00am

FIM CM does not support v3 certificate templates (you are attempting to use the Microsoft Software Key Storage Provider, which is a CNG provider).Switch to a v2 certificate template using the RSA and AES Enhanced Provider and you should start workingBrian
December 3rd, 2009 12:54am

Hello, i have the same error when performing a certificate enroll for someone (at the wizard's end) (Data at the root level is invalid. Line 1, position 1)Is someone can help me? I use V2 certificates template, no Security Log errors and also try to use RSA and AES provider...but always the following error:Event code: 3005 Event message: Une exception non gérée s'est produite. Event time: 21/12/2009 16:00:59 Event time (UTC): 21/12/2009 15:00:59 Event ID: 614213b00ffb4820af2318cea53d009d Event sequence: 468 Event occurrence: 9 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT/CertificateManagement-1-129058785612040992 Trust level: Full Application Virtual Path: /CertificateManagement Application Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\web\ Machine name: FIM-CM Process information: Process ID: 2228 Process name: w3wp.exe Account name: contoso\clmWebPool Exception information: Exception type: XmlException Exception message: Données non valides au niveau racine. Ligne 1, position 1. Request information: Request URL: http://fim-cm.contoso.groupe.local/CertificateManagement/content/common/requests/DisplayRequestStatus.aspx?ID=bb893e7cc34540d3a0781b027b1cef7d Request path: /CertificateManagement/content/common/requests/DisplayRequestStatus.aspx User host address: 192.168.0.2 User: contoso\adminpki Is authenticated: True Authentication Type: Negotiate Thread account name: contoso\clmWebPool Thread information: Thread ID: 6 Thread account name: contoso\clmWebPool Is impersonating: False Stack trace: à System.Xml.XmlTextReaderImpl.Throw(Exception e) à System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace() à System.Xml.XmlTextReaderImpl.ParseDocumentContent() à System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) à System.Xml.XmlDocument.Load(XmlReader reader) à System.Xml.XmlDocument.LoadXml(String xml) à Microsoft.Clm.BusinessLayer.DataEncryption.DecryptUsingAES(String encryptedDataBlob, X509Certificate2 certificateToUse) à Microsoft.Clm.BusinessLayer.DataEncryption.Decrypt(String encrypted) à Microsoft.Clm.BusinessLayer.DefaultSecretProvider.ReadXml(String xml) à Microsoft.Clm.BusinessLayer.DefaultSecretProvider.GetSecrets(Request request) à Microsoft.Clm.BusinessLayer.SecretsUtility.GetNumberOfSecrets(UserProfile profileTemplate, Request clmRequest) à Microsoft.Clm.BusinessLayer.CheckClmOperations.CanCurrentUserDistributeSecretsOnClmRequest(UserProfile profileTemplate, Request clmRequest) à Microsoft.Clm.Web.Modules.OneTimePasswordUserControl.Page_Load(Object sender, EventArgs e) à System.Web.UI.Control.OnLoad(EventArgs e) à System.Web.UI.Control.LoadRecursive() à System.Web.UI.Control.LoadRecursive() à System.Web.UI.Control.LoadRecursive() à System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Custom event details:
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2009 6:09pm

Other information maybe for helping me: My clmagent, clmKRAgent and clmEnrollAgent certificates are v3 templates based... any issue possible with that ?EDIT: OK I have to use v2 templates... http://social.technet.microsoft.com/Forums/en/ilm2/thread/a283598b-02ff-43aa-ad53-7bfb97daa2dd
December 21st, 2009 8:01pm

As I stated earlier in this thread <G>Brian
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2009 9:22pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics