Fim 2010 R2 RC - PasswordRgistration Issue
Hi,
I am getting the following error when I try to register from the passwordregistration page.Please help on this where i am wrong.
I have been enable all reuired mpr for password registration and all the setting which are required.
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
Details: System.InvalidOperationException: HttpContext.Current.User.Identity.Name is Null or Empty at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.GetDomainAndUserName(String& domain, String& userName) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration()
at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Regards
Anil Kumar
March 8th, 2013 4:06am
1. Check if on IIS application you have windows auth configured
2. If yes, go to windows auth advanced propertied and disable kernel mode auth. This is assuming that you have standard configuration and application pool is working with specific account identity Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2013 4:45am
1. Check if on IIS application you have windows auth configured
2. If yes, go to windows auth advanced propertied and disable kernel mode auth. This is assuming that you have standard configuration and application pool is working with specific account identity Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
March 8th, 2013 12:39pm
Why are you still using a release candidate build? That is extremely old and unsupported.My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2013 1:22pm
Hi Tomasz,
Thank's for reply.
I am not using window based password reset functionality,only installed FIM 2010 R2 web based functionality.(Client AddIns is not installed on PC,is it mandatory to installed on my pc or not for FIM 2010 R2 Web based SSPR Please confirm this point.)
because client wants only web base SSPR 2010 R2 not window based SSPR 2010 R2
Regards
Anil Kumar
March 9th, 2013 1:20am
The answer is again Tomasz's #1. Read it again carefully :)
Free Windows Admin Tool Kit Click here and download it now
March 9th, 2013 4:40am
Hi!
If you are installing the AD, fim and password reset portal on different machines then most probably this error is due to ports. You can check which ports should open for both side of communication.
And if all components are on same machine then this is the SPN's problem.
Setspn s http/passwordregistration.domainname.com domain\machinename$
And also check if you add A or AAA record in DNS.
I hope so it will start to work. If still its not working please let me explain your environment.
M. Irfan
March 11th, 2013 10:23am
Hi!
If you are installing the AD, fim and password reset portal on different machines then most probably this error is due to ports. You can check which ports should open for both side of communication.
And if all components are on same machine then this is the SPN's problem.
Setspn s http/passwordregistration.domainname.com domain\machinename$
And also check if you add A or AAA record in DNS.
I hope so it will start to work. If still its not working please let me explain your environment.
M. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2013 10:23am
Hi Again,
Please check these links also
http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/jj134295%28v=ws.10%29.aspx
Regards,M. Irfan
March 11th, 2013 10:27am
Hi Irfan,
Thank's for response.
still i am facing same problem that mention above.
i fallowed these links as you given
http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx.
actually i have two server one for AD,ForeFornt Identity manager 2010 R2 and SQL Server 2008(Installed on this)
and second for FIM SSPR 2010 R2(Password Registration and Password Reset portal) when we hit this URL
https://passwordregistration.fimr2.com/
then page is display but we click on Next Button then gives this error.
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page.
when we hit https://passwordreset.fimr2.com/ for password reset then gives this Error.
Access Denied
Ensure you enter your user name correctly. If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)
Please suggest what we do?
Regards
Anil Kumar.
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2013 8:26am
Hi Again!
I am wondering if you check the ports which link I send you before. Please download the port query tool from Microsoft and check if all ports are open for both side communication.
And if all are open then check the MA if the password option is checked?
One more thing when you was installing if it was on internet or intranet option you select?
And are you trying to open the page on server? It would be better if you access the page or install the add-in at client machine.
Recheck all MPR's
If you follow all the steps as it is, it should not a problem. And I hope you also don't forget the delegation part.
After doing all these please let me know if still problem is there.
Regards,
M. Irfan
March 13th, 2013 4:38am
go to IIS and disable Anonymous Auth for the SSPR Registration Portal
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2013 5:23am
Hi Irfan,
I did fallow all the steps as you suggest me but still same problem is coming.
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page,so please suggest me what i do.
Regards
Anil Kumar
March 18th, 2013 2:11am
Hi Anil!
Sorry You are facing problem.
Please let me know few information.
1. In the sets, password reset set can see some users?
2. What is SPN for Password registration portal?
3. FIM Service have the password reset group membership?
4. IIS settings what is the authentication mode?
5. AD MA did you check the check box for Password?
And if you let me know these steps and will check every thing is ok. And if every thing will be OK then we have to go through all the steps again from start.
RegardsM. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2013 1:51am
Hi Anil!
Sorry You are facing problem.
Please let me know few information.
1. In the sets, password reset set can see some users?
2. What is SPN for Password registration portal?
3. FIM Service have the password reset group membership?
4. IIS settings what is the authentication mode?
5. AD MA did you check the check box for Password?
And if you let me know these steps and will check every thing is ok. And if every thing will be OK then we have to go through all the steps again from start.
RegardsM. Irfan
March 19th, 2013 8:45am
Hi Anil!
I think I know why you have this problem.
The user which you are using to register for password reset registration, that user is not allow.
And reason I already mention you before couple of times. I tested this with one user to confirm this.
1. User which you are login on machine, is in theFIM portal?
2. User have sid in the FIM portal?
3. User which you are login, in password reset set?
Make sure user which you are login on machine, this user will try to access the password registration portal by default. When service check this user, this user is not exist.
I hope now your problem should resolve.
Regards, M. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2013 5:03pm
Hi Irfan,
Thank's for response.
still i am facing same problem.I have been check all the setting which you mention in your response
1. In the sets, password reset set can see some users?:All users are present in this set.
2. What is SPN for Password registration portal?:setspn.exe -s http/passwordregistration.fimr2.com fimr2\FIMPWD$,setspn.exe -s http/passwordreset.fimr2.com fimr2\FIMPWD$
3. FIM Service have the password reset group membership?:Yes Fimservice account member of FIMSyncPasswordSet and FIMSyncBrowse group.
4. IIS settings what is the authentication mode?:Anonymous Authentication
5. AD MA did you check the check box for Password?:Yes it is checked
1. User which you are login on machine, is in theFIM portal? :Yes all users in fim portal
2. User have sid in the FIM portal?:Yes User have sid in fim portal.
3. User which you are login, in password reset set?:Yes All users present in password reset set .
so please suggest me where i am wrong. this requirement is very urrgent boss,please provide the solution.i am waiting for your response.
Regards
Anil Kumar
April 9th, 2013 3:31pm
As i mentioned earlier
>> go to IIS and disable Anonymous Auth for the SSPR Registration Portal
You need Basic Auth or Windows Authentication (with correct Kerberos settings)The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 4:31am
Hi Anthony,
when i disable Anonymous Auth for the SSPR Registration Portal then comes this Error.One more thing Window Authentication is not appear in IIS Authentication,so i am seeing only four Authentication in FIM SSPR Registration Portal Server.
1.Anonymous Authentication:disabled
2.ASP.Net Imperonation:Disabled
3.Digest Authentication:Disabled
4.Form Authentication:Disabled
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Module IIS Web Core Requested URL
https://passwordregistration.fimr2.com:443/
Notification AuthenticateRequest Physical Path C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal
Handler StaticFile Logon Method Not yet determined
Error Code 0x80070005 Logon User Not yet determined
Regards
Anil Kumar
April 10th, 2013 8:23am
Please install Windows Authentication and Basic Auth
Server Manager -> Roles -> Web Server -> Add Role Services Then in the treeview it is: Internet Information Services -> World Wide Web Services -> SecurityThe FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 8:27am
Hi Anthony,
I have been installed Window Authentication and Basic Auth.After this i did Anonymous Authentication Disabled and Window Authentication Enabled.
and try to access URL of SSPR Registration Portal that gives popup for Credentials,i provide the Credentials then gives this Error.
Not Authorized
HTTP Error 401. The requested resource requires user authentication
Regards
Anil Kumar
April 10th, 2013 12:27pm
try to disable Windows Auth and just enable Basic Auth
if that works, that means your Kerberos configuration is not correct.The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 5:57pm
Hi Anthony,
Thank's for response.
When i Disabled Window Authentication and Enabled Basic Authentication then try to access the SSPR Registration Portal then gives the fallowing Error:
Please tell me how to check Kerberos configuration is correct or not correct.
Unrecognized User
The current user account is not recognized by Forefront Identity Manager. Please contact your help desk or system administrator. (Error 3003)
Go to Self-Service Password Registration home page
Regards
Anil Kumar
April 11th, 2013 12:51am
have you sync the user from AD to FIM with all the required attributes?The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2013 4:47am
Hi Anthony,
Thank's for help.
My problem has been resolved as above disscused.
But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but
FIM Password Registration site is not working that gives fallowing Error:
This web site can not be started.Another web site may be using the same port.
when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site.
Regards
Anil Kumar
April 17th, 2013 6:16am
Hi Anthony,
Thank's for help.
My problem has been resolved as above disscused.
But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but
FIM Password Registration site is not working that gives fallowing Error:
This web site can not be started.Another web site may be using the same port.
when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site.
Regards
Anil Kumar
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2013 1:09pm
Hi Anthony,
Thank's for help.
My problem has been resolved as above disscused.
But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but
FIM Password Registration site is not working that gives fallowing Error:
This web site can not be started.Another web site may be using the same port.
when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site.
Regards
Anil Kumar
April 17th, 2013 1:09pm
Hi All,
Any update mention above query,please reply ASAP.
Regards
Anil Kumar
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2013 6:05am
try not to overload the same thread with multiple questions. that will get u faster response
if you do a netstat /? that will let u know what's using the port
April 29th, 2013 3:36pm