FIM password reset error during Registration (Network Steve Forum)

FIM password reset error during Registration

Hy.I am getting during Password Reset Registration: An error was encountered. Please call help desk.... In event viewer I am getting following error:Log Name: Forefront Identity ManagerSource: Microsoft.ResourceManagementDate: 15.4.2010 13:05:11Event ID: 3Task Category: NoneLevel: ErrorKeywords: ClassicUser: N/AComputer: DGU-ILM-01.dgu.localDescription:System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---> System.InvalidOperationException: The SamlAssertion could not be serialized to XML. Please see inner exception for details. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement() at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) --- End of inner exception stack trace --- at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token) at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token) --- End of inner exception stack trace --- at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token) at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims, Nullable`1& currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]& currentChallenges) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage)Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft.ResourceManagement" /> <EventID Qualifiers="0">3</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-04-15T11:05:11.000Z" /> <EventRecordID>560</EventRecordID> <Channel>Forefront Identity Manager</Channel> <Computer>DGU-ILM-01.dgu.local</Computer> <Security /> </System> <EventData> <Data>System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---> System.InvalidOperationException: The SamlAssertion could not be serialized to XML. Please see inner exception for details. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement() at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) --- End of inner exception stack trace --- at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token) at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token) --- End of inner exception stack trace --- at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken token) at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims, Nullable`1& currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]& currentChallenges) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage)</Data> </EventData></Event> I found on this forum that this could be certificate related problem. I have ForefrontIdentityManager in Personal and in Trusted People, but i can't see if FIM service account has rights for that because when i click on certificate->All tasks->Manage Private Keys i get and error Access is denied...Please help, I am stucked here and don't know what to do?Domagoj

April 15th, 2010 2:12pm

http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/ did u patch ur build from previous built? like RTM Update 3?

Free Windows Admin Tool Kit Click here and download it now

April 15th, 2010 5:34pm

No, I am still using FIM 2010 Rc1 Update 3. So, this is known bug in RC1 Update 3 or in RTM version?

April 16th, 2010 12:04am

known issue in RTM after patchingThe FIM Password Reset Blog http://blogs.technet.com/aho/

Free Windows Admin Tool Kit Click here and download it now

April 16th, 2010 2:02am

Ok, so what to do in that case? Change installation and change self signed certificate to my own certificate? Domagoj

April 16th, 2010 11:29am

http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/See this post. :)

Free Windows Admin Tool Kit Click here and download it now

April 16th, 2010 11:32am

Ok, thank you. So with psexec.exe -s -d -i cmd.exeI will solve Access Denied problem that I'm geting when clicking on Manage Private Keys?

April 16th, 2010 11:59am

u have to do the following steps in order 1. psexec.exe -s -d -i cmd.exe2. mmc.exe3. add Cert snap-in -> local machine -> computer account4. Personal store --> right click the cert --> all tasks -->manage private key5. grant FIMService service account read permission.

Free Windows Admin Tool Kit Click here and download it now

April 16th, 2010 12:02pm

This topic is archived. No further replies will be accepted.