HiFIM 2010 RC1 password portal is published over Internet. But users are not able to reset their password using that internet link. Error is "A Service Proxy exception was encountered while running the password reset application. Error text: An unexpected error has occured. Please contact helpdesk or you administrator. Error code 40007"Password link is published through ISA 2006 reverse proxy..On ISA no error found under monitroing..Pls helpAnandk

extranet password reset is not supported at RTM. we are looking into that problem

I have similar problem, but in intranet environment. When I try to register from a XP SP3 workdtation I receive an error like this:Error mesage is:"A Service Proxy exception was encountered while running the password reset application. Error text: ReadFile failed. Error Code: 233"Did I miss any configuration?ThanksJuanCC Technology Specialist

hm... what's the IE version? for IE6 and 8, the sites needs to be in the intranet zone for IE7, it needs to be in Trusted Sites zone in both cases, Protected Mode (if IE7 and 8) needs to be disabled. Reset the zone settings to detault try againThe FIM Password Reset Blog http://blogs.technet.com/aho/

I am using IE 7, I reset zone security to default, I add FIM portal site to trusted Sites and now when I try to register from portal site I receive an error:Windows Title: FIM Password Reset RegistrationAn error occurred while processing your request. Please try again later. If problem persists please contact your system administratorIf I try to access from password reset portal I receive the same error as I access through Internet (but I recognized the site as trusted):A service proxy exception was encountered while running the Password Reset applicationError Text: An unexpected error has occurred. Please contact helpdesk or your system administrator.Error Code: 40007How could I check i f Protected Mode is Off?ThanksJuanCC Technology Specialist

How could I check i f Protected Mode is Off?Thanks The status of Protected Mode is indicated in the status bar at the bottom right of the IE Window.Paul Adare CTO IdentIT Inc. ILM MVP

On IE 7, I only see Trusted Site message. On IE 8 I see trusted site an d proteccted mode off but in both cases I receive the error messageAn error occurred while processing your request. Please try again later. If problem persists please contact your system administratorAny help?JuanCC Technology Specialist

error code here indicates there is a difference if you do "net stop FIMPasswordReset & net start FIMPasswordReset" that should solve that problem u see at logon screen. I believe the problem for IE will also be solved.The FIM Password Reset Blog http://blogs.technet.com/aho/

what's the latest news on the requirement for password reset over internet?

I'm also interested in whether Password Reset (via portal) will be accessible via the Internet in the RTM version. Secondly (if it is), what is the best practice for configuration? I'd imagine it would be having the Password Reset Portal on a separate server, but does that server need to be joined to the internal corporate domain (same as FIM Service)? I'd assume so on that as well, but possibly not (more ideal from a security standpoint, obviously). Thanks!

>>what's the latest news on the requirement for password reset over internet? we are evaluating different solutions to this problem but we don't have a timeline yet >>I'm also interested in whether Password Reset (via portal) will be accessible via the Internet in the RTM version. it's not supported in RTM yet. However, i believe you can do some magic with DirectAccess to get it to workThe FIM Password Reset Blog http://blogs.technet.com/aho/

Juan, is the XP workstation a member of a trusted domain, one that the FIM portal is in? Also, does it work from any other member workstation?Brad Turner, ILM MVP - Ensynch, Inc - www.identitychaos.com

for IE6 and 8, the sites needs to be in the intranet zonefor IE7, it needs to be in Trusted Sites zone This should be noted in the 'Before you begin' section. I fell into this little trap myself and after spending hours thinking I misconfigured my CA/certs and/or SPN's I eventually found out this Zone adjustment that should have been obvious to me...Danny Alvares, Technical Solutions Architect IAM

Finally we are able to publish Password reset facility over Internet. What we have done.. Install XP SP3 on one box/make it pasrt of domain. Install FIM 2010 Extensions on it. Install Remote Desktop Web Connection feature of XP on this XP box. Use this Link for help. Map this XP box with public IP/Public DNS name. Assign certificate to TS web access URL for security. Allow 443/3389 ports to this XP box from Internet. Now you are ready. Users can connect to this XP box from INternet & from windows login screen they can reset their passwords. You can use same box for password registration purpose as well. A very poor response on this front from Microsoft. I hope this will help all to avail this service on Internet for users.. Anandk

>>what's the latest news on the requirement for password reset over internet? we are evaluating different solutions to this problem but we don't have a timeline yet >>I'm also interested in whether Password Reset (via portal) will be accessible via the Internet in the RTM version. it's not supported in RTM yet. However, i believe you can do some magic with DirectAccess to get it to work The FIM Password Reset Blog http://blogs.technet.com/aho/ Would one not want to use ADFSv2 for this? The FIM portals being the relying parties and AD the identity provider. There is an interesting article for this but it deals with ADFSv1: Configure Web SSO authentication by using ADFS (Windows SharePoint Services): http://technet.microsoft.com/en-us/library/cc287811.aspx See: Allowing users access to your extranet Web site. Note: ADFSv2 is STILL not RTM, but is to be expected soon.Danny Alvares, Technical Solutions Architect IAM

There's a solution available now for FIM Self-Service Password Reset without using the client side extensions. It's available as part of the BlueVault Identity Suite for FIM. http://www.bluevaultsoftware.com/products/Pages/SSPR.aspx MarkMark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

Hi Mark, I took at your site ... any technical information on your product?

Anand, I'm looking for a solution to external password resets and your ID sounds interesting, but I'm assuming only one user can be in at a time then, is that correct? Our environment would require for multiple users to be in at a time, currently about 17,000 employees that could be in at any time . . . Also, have you heard anything about this utility: http://www.bluevaultsoftware.com/products/Pages/SSPR.aspx Thanks for the awesome post!

SB, Did you end up utilizing the BlueVault Solution? Thanks!

Sorry that I didn’t see SBMoore’s request for additional information. I was having some issues with the alert process. It seems to be working again. :-) Here’s a very high-level view of the BlueVault SSPR for FIM: The BlueVault SSPR for FIM 2010 is an extension of the built-in FIM SSPR functionality. It is entirely web based (SharePoint Web Parts) and does not require a domain attached workstation or the FIM client side toolset. A user can browse to a web page, authenticate and register for password reset. The user could then go to an anonymous page enter his account name, answer the challenge question and reset his password. The web parts can be installed on the same server as the FIM Portal or on a completely separate WSS / SharePoint server. They are completely interchangeable with the FIM client side tools. A user could register with the client side tools and reset via the web or register via the web and reset via the client side tools. The FIM Web Service doesn’t know the difference between the two. I hope that helps a little. Feel free to ask me more detailed questions. If I can’t answer them, I’ll get one of the developers involved. Thanks, Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

Sorry that I didn’t see SBMoore’s request for additional information. I was having some issues with the alert process. It seems to be working again. :-) Here’s a very high-level view of the BlueVault SSPR for FIM: The BlueVault SSPR for FIM 2010 is an extension of the built-in FIM SSPR functionality. It is entirely web based (SharePoint Web Parts) and does not require a domain attached workstation or the FIM client side toolset. A user can browse to a web page, authenticate and register for password reset. The user could then go to an anonymous page enter his account name, answer the challenge question and reset his password. The web parts can be installed on the same server as the FIM Portal or on a completely separate WSS / SharePoint server. They are completely interchangeable with the FIM client side tools. A user could register with the client side tools and reset via the web or register via the web and reset via the client side tools. The FIM Web Service doesn’t know the difference between the two. I hope that helps a little. Feel free to ask me more detailed questions. If I can’t answer them, I’ll get one of the developers involved. Thanks, Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com