I've installed FIM 2010 RC1 with the following configuration on one test machine:- Windows 2008 64 Bit- Active Directory- SQL 2008- WSS in a farm configurationThe portal and the synchronization engine run without any errors with one exception:when I try to access the FIM portal with a normal user account (no admin) I get a unexpected Sharepoint error site. In the Forefront Eventlog I can see the following:GetCurrentUserFromSecurityIdentifier: No such user ADS08\sad, S-1-5-21-2769997165-2922986935-1018998194-1124What I've did so far:Granting Authenticated Users Sharepoint read permissions during the installation of the portalEnable the both MPRs as documented in the installation guide to give normal users access to the portalPopulate the the portal with a ISR from Active Directory. The domain is ADS08 and the account name is sad.Did I miss anything? Any hint is appreciated. Thanks in advance Thomas

Did you also populate the user's objectSid in the portal? I don't know what you mean by ISR. The steps to follow are in two documents. It sounds like you followed these anyway but just in case... From InstallationGuide.docx: Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} FIM Portal Access Every user who accesses the FIM Portal must have an Account in Active Directory and a resource in the FIM Service database with the ObjectSID, Domain, and Accountname attributes representing the user in Active Directory. From Introduction to Configuring the FIM Portal.docx: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} table.ProcedureTable {mso-style-name:"Procedure Table\,pt"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-unhide:no; margin-left:.25in; mso-padding-alt:0in 0in 0in 0in; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Arial","sans-serif"; mso-bidi-font-family:"Times New Roman";} Permission Required for a User to See the Basic Portal Administrator needs to enable two Management Policy Rules (MPRs) to grant an end user permission to view the portal in addition to the steps outlined in the Install Guide section FIM Portal Access. This is a one-time task. For more information about MPRs and how to use it to grant permission to resources please see Introduction to Management Policy Rules document. To enable the “User management: Users can read attributes of their own” and “General: Users can read non-administrative configuration resources” MPRs 1. Log on to the FIM Portal as Administrator. 2. On the Navigation Bar, click Management Policy Rules . 3. On the Management Policy Rules page, enter User management in the search box and click search icon. 4. In the results page from above search, click User management: Users can read attributes of their own . 5. In the General tab, make sure to uncheck Disabled . 6. Click OK, then click Submit. Repeat these steps for the General: Users can read non-administrative configuration resources MPR. http://www.wapshere.com/missmiis

Hi Carol,thanks for the quick response.ISR means Inbound Synchronization Rule, and indeed I forgot to sync the objectSID to the portal. After modyfing my ISR it works.Thanks again Thomas