Fim 2010 R2 RC - PasswordRgistration Issue
Hi, I am getting the following error when I try to register from the passwordregistration page.Please help on this where i am wrong. I have been enable all reuired mpr for password registration and all the setting which are required. An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Details: System.InvalidOperationException: HttpContext.Current.User.Identity.Name is Null or Empty at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.GetDomainAndUserName(String& domain, String& userName) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration() at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Regards Anil Kumar
March 8th, 2013 4:06am

1. Check if on IIS application you have windows auth configured 2. If yes, go to windows auth advanced propertied and disable kernel mode auth. This is assuming that you have standard configuration and application pool is working with specific account identity Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2013 4:45am

1. Check if on IIS application you have windows auth configured 2. If yes, go to windows auth advanced propertied and disable kernel mode auth. This is assuming that you have standard configuration and application pool is working with specific account identity Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
March 8th, 2013 12:39pm

Why are you still using a release candidate build? That is extremely old and unsupported.My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2013 1:22pm

Hi Tomasz, Thank's for reply. I am not using window based password reset functionality,only installed FIM 2010 R2 web based functionality.(Client AddIns is not installed on PC,is it mandatory to installed on my pc or not for FIM 2010 R2 Web based SSPR Please confirm this point.) because client wants only web base SSPR 2010 R2 not window based SSPR 2010 R2 Regards Anil Kumar
March 9th, 2013 1:20am

The answer is again Tomasz's #1. Read it again carefully :)
Free Windows Admin Tool Kit Click here and download it now
March 9th, 2013 4:40am

Hi! If you are installing the AD, fim and password reset portal on different machines then most probably this error is due to ports. You can check which ports should open for both side of communication. And if all components are on same machine then this is the SPN's problem. Setspn s http/passwordregistration.domainname.com domain\machinename$ And also check if you add A or AAA record in DNS. I hope so it will start to work. If still its not working please let me explain your environment. M. Irfan
March 11th, 2013 10:23am

Hi! If you are installing the AD, fim and password reset portal on different machines then most probably this error is due to ports. You can check which ports should open for both side of communication. And if all components are on same machine then this is the SPN's problem. Setspn s http/passwordregistration.domainname.com domain\machinename$ And also check if you add A or AAA record in DNS. I hope so it will start to work. If still its not working please let me explain your environment. M. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2013 10:23am

Hi Again, Please check these links also http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/jj134295%28v=ws.10%29.aspx Regards,M. Irfan
March 11th, 2013 10:27am

Hi Irfan, Thank's for response. still i am facing same problem that mention above. i fallowed these links as you given http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx. actually i have two server one for AD,ForeFornt Identity manager 2010 R2 and SQL Server 2008(Installed on this) and second for FIM SSPR 2010 R2(Password Registration and Password Reset portal) when we hit this URL https://passwordregistration.fimr2.com/ then page is display but we click on Next Button then gives this error. An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page. when we hit https://passwordreset.fimr2.com/ for password reset then gives this Error. Access Denied Ensure you enter your user name correctly. If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001) Please suggest what we do? Regards Anil Kumar.
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2013 8:26am

Hi Again! I am wondering if you check the ports which link I send you before. Please download the port query tool from Microsoft and check if all ports are open for both side communication. And if all are open then check the MA if the password option is checked? One more thing when you was installing if it was on internet or intranet option you select? And are you trying to open the page on server? It would be better if you access the page or install the add-in at client machine. Recheck all MPR's If you follow all the steps as it is, it should not a problem. And I hope you also don't forget the delegation part. After doing all these please let me know if still problem is there. Regards, M. Irfan
March 13th, 2013 4:38am

go to IIS and disable Anonymous Auth for the SSPR Registration Portal
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2013 5:23am

Hi Irfan, I did fallow all the steps as you suggest me but still same problem is coming. An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page,so please suggest me what i do. Regards Anil Kumar
March 18th, 2013 2:11am

Hi Anil! Sorry You are facing problem. Please let me know few information. 1. In the sets, password reset set can see some users? 2. What is SPN for Password registration portal? 3. FIM Service have the password reset group membership? 4. IIS settings what is the authentication mode? 5. AD MA did you check the check box for Password? And if you let me know these steps and will check every thing is ok. And if every thing will be OK then we have to go through all the steps again from start. RegardsM. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2013 1:51am

Hi Anil! Sorry You are facing problem. Please let me know few information. 1. In the sets, password reset set can see some users? 2. What is SPN for Password registration portal? 3. FIM Service have the password reset group membership? 4. IIS settings what is the authentication mode? 5. AD MA did you check the check box for Password? And if you let me know these steps and will check every thing is ok. And if every thing will be OK then we have to go through all the steps again from start. RegardsM. Irfan
March 19th, 2013 8:45am

Hi Anil! I think I know why you have this problem. The user which you are using to register for password reset registration, that user is not allow. And reason I already mention you before couple of times. I tested this with one user to confirm this. 1. User which you are login on machine, is in theFIM portal? 2. User have sid in the FIM portal? 3. User which you are login, in password reset set? Make sure user which you are login on machine, this user will try to access the password registration portal by default. When service check this user, this user is not exist. I hope now your problem should resolve. Regards, M. Irfan
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2013 5:03pm

Hi Irfan, Thank's for response. still i am facing same problem.I have been check all the setting which you mention in your response 1. In the sets, password reset set can see some users?:All users are present in this set. 2. What is SPN for Password registration portal?:setspn.exe -s http/passwordregistration.fimr2.com fimr2\FIMPWD$,setspn.exe -s http/passwordreset.fimr2.com fimr2\FIMPWD$ 3. FIM Service have the password reset group membership?:Yes Fimservice account member of FIMSyncPasswordSet and FIMSyncBrowse group. 4. IIS settings what is the authentication mode?:Anonymous Authentication 5. AD MA did you check the check box for Password?:Yes it is checked 1. User which you are login on machine, is in theFIM portal? :Yes all users in fim portal 2. User have sid in the FIM portal?:Yes User have sid in fim portal. 3. User which you are login, in password reset set?:Yes All users present in password reset set . so please suggest me where i am wrong. this requirement is very urrgent boss,please provide the solution.i am waiting for your response. Regards Anil Kumar
April 9th, 2013 3:31pm

As i mentioned earlier >> go to IIS and disable Anonymous Auth for the SSPR Registration Portal You need Basic Auth or Windows Authentication (with correct Kerberos settings)The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 4:31am

Hi Anthony, when i disable Anonymous Auth for the SSPR Registration Portal then comes this Error.One more thing Window Authentication is not appear in IIS Authentication,so i am seeing only four Authentication in FIM SSPR Registration Portal Server. 1.Anonymous Authentication:disabled 2.ASP.Net Imperonation:Disabled 3.Digest Authentication:Disabled 4.Form Authentication:Disabled HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers. Module IIS Web Core Requested URL https://passwordregistration.fimr2.com:443/ Notification AuthenticateRequest Physical Path C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal Handler StaticFile Logon Method Not yet determined Error Code 0x80070005 Logon User Not yet determined Regards Anil Kumar
April 10th, 2013 8:23am

Please install Windows Authentication and Basic Auth Server Manager -> Roles -> Web Server -> Add Role Services Then in the treeview it is: Internet Information Services -> World Wide Web Services -> SecurityThe FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 8:27am

Hi Anthony, I have been installed Window Authentication and Basic Auth.After this i did Anonymous Authentication Disabled and Window Authentication Enabled. and try to access URL of SSPR Registration Portal that gives popup for Credentials,i provide the Credentials then gives this Error. Not Authorized HTTP Error 401. The requested resource requires user authentication Regards Anil Kumar
April 10th, 2013 12:27pm

try to disable Windows Auth and just enable Basic Auth if that works, that means your Kerberos configuration is not correct.The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 5:57pm

Hi Anthony, Thank's for response. When i Disabled Window Authentication and Enabled Basic Authentication then try to access the SSPR Registration Portal then gives the fallowing Error: Please tell me how to check Kerberos configuration is correct or not correct. Unrecognized User The current user account is not recognized by Forefront Identity Manager. Please contact your help desk or system administrator. (Error 3003) Go to Self-Service Password Registration home page Regards Anil Kumar
April 11th, 2013 12:51am

have you sync the user from AD to FIM with all the required attributes?The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2013 4:47am

Hi Anthony, Thank's for help. My problem has been resolved as above disscused. But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but FIM Password Registration site is not working that gives fallowing Error: This web site can not be started.Another web site may be using the same port. when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site. Regards Anil Kumar
April 17th, 2013 6:16am

Hi Anthony, Thank's for help. My problem has been resolved as above disscused. But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but FIM Password Registration site is not working that gives fallowing Error: This web site can not be started.Another web site may be using the same port. when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site. Regards Anil Kumar
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2013 1:09pm

Hi Anthony, Thank's for help. My problem has been resolved as above disscused. But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but FIM Password Registration site is not working that gives fallowing Error: This web site can not be started.Another web site may be using the same port. when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site. Regards Anil Kumar
April 17th, 2013 1:09pm

Hi All, Any update mention above query,please reply ASAP. Regards Anil Kumar
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2013 6:05am

try not to overload the same thread with multiple questions. that will get u faster response if you do a netstat /? that will let u know what's using the port
April 29th, 2013 3:36pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics