Hello, When I installed FIM CM server : I could select the Enterprise CA that I want to use with FIM in the list using the configuration wizard. Now, if I try to edit the certificate template associated to a FIM CM profile template (let say for eg. the "FIM CM Sample Smart Card Logon Profile Template") : I can't see my CA under the "Certification Authority" list. I can see all my certificate templates in the list bellow that, but I can't select any of them (since I can't select the CA to use. FYI : * I have FIM CM installed on a server separate from the CA * I have re-checked all the permissions required for the FIM CM service accounts. * I have two Enterprise CAs but as I configured FIM CM : I want to use it only with one of them Can any one help me with this please ? Thanks in advance. Cheers,

have you specified the connection string in the Exit Module in the CA?

Thanks for your reply, Yes I have "Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=FIMCM_DB_NAME;Data Source=sql_server.mydomain.com\SQLInstance" Where : * FIMCM_DB_NAME : is the name of the FIM CM Database * sql_server.mydomain.com : is the DNS name of my SQL server * SQLInstance : is the name of the SQL instance Is this ok ?

But isn't the exit module used only for certificate requests ? My problem occurs before that : it's at the profile template - certificate template configuration. Thanks

But isn't the exit module used only for certificate requests ? My problem occurs before that : it's at the profile template - certificate template configuration. Thanks can you use clmUtil to make sure the CA is registered in CLM?

But isn't the exit module used only for certificate requests ? My problem occurs before that : it's at the profile template - certificate template configuration. Thanks can you use clmUtil to make sure the CA is registered in CLM? Can you tell me how to do that please ?

i agree with anthony, your ca is probably not registered with fim cm. configure db connection in clmutil.exe.config by copying the database string from web.config and then run clmutil -listca, or you can look in certificateauthority table. if not ca registered then check if you have a security login in your db with your domain\ca$ with proper rights. mihail

Thanks mihail and anthony, I checked both using clmutil and certifcateauthority table : my CA is not listed in the DB. Indeed, the security login with my domain\ca$ (ca being my CA's hostname) was missing. I created it, assigned rights to the FIM database, restarted the FIM Server : but I still can't see my CA. Do you have any idea how to procede ? Thanks a lot !

you need to restart the CA it's registered at the start of the CA

Yes that was it ! Thanks a lot everyone !

FIM CM Log has no errors, just Information messages. Can you elaborate on "register SPNs"? or give me URL to docs describing it. I have followed TechNet CM setup procedure on the FIM infrastructure that was setup by someone else. the CA computer login is created on SQL server and asigned correct security role. i have even tryed to make him a member of 'DBO' role to make sure that permissions are not an issue. /****** Object: Login [EXTPOC\vacswdepoc07$] Script Date: 07/02/2011 09:31:42 ******/ CREATE LOGIN [EXTPOC\vacswdepoc07$] FROM WINDOWS WITH DEFAULT_DATABASE=[FIMCertificateManagement], DEFAULT_LANGUAGE=[us_english] GO CREATE USER [extpoc\vacswdepoc07$] FOR LOGIN [EXTPOC\vacswdepoc07$] WITH DEFAULT_SCHEMA=[dbo] GO

I have the same problem. I followed all the steps described in this post and CA still does not register. Please help! are there any logs that contain anything useful? so far i looked at all of the events and nothing there gave me any clues. thanks

Look at the FIM CM log (under application logs) The typical reason is a failure to register SPNs or to create a login for the CA computer account and assign the necessary security roles to the FIM CM database Brian