Get FIM CM to send email notification with OTP for certificat renewal
Hi,
I am deploying FIM CM 2010 with MS ADCS 2008 R2 and want my users to get email notification with OTP to renew their certificats when
approching expiration date.
I followed this article in order to get this workflow work: http://technet.microsoft.com/en-us/library/ee534907(v=ws.10).aspx
In order to test my workflow, I manually modify the value of the cert_renew date
of an active certificate in the Certificates table to some time
in the past, as described in the article, then restarted the service Forefront Identity Manager CM Update Service, but my user test dont get any email notification and the renewal workflow is not initiated. I also restarted FIM CM server, nothing.
First, I taught it was an issue of a FIM CM extended permissions since Microsoft dont give any information of what permissions are needed, so I gave
full control to the service account of the five extended permissions. The workflow still dont work.
Second, I taught it was an issue related to the user account in the database associated to my service account, so I gave the right sysadmin to my database
user account. The workflow still dont work.
Last, I opened a connection to the FIM CM Portal with the service account, and tried to launch manually the renewal workflow. In this case, my test user
gets the email notification with the OTP.
My conclusion is that the issue concerns the service Forefront Identity Manager CM Update Service who is even not able to check that the certificate need
to be renewed (from the database), or to initiate the renewal workflow.
Have you already encountered such an issue?
Is there another configuration step to perform in order to get this workflow work?
Thank you!
October 17th, 2012 11:42am