Password Reset Failing
Im having a problem when trying to register for password reset either from the portal or mspwdregistration.exe
I've ensured that users are in the password reset set. Ive also ensured that the client workstations are pointing to
http://fimserver:5725
If I log in as a normal user on a workstation, the forefront client asks me to register. I can click next, and answer the 3 questions, and then an error is displayed saying "an error was encountered, please call helpdesk or system administrator for
further assistance"
If I try to register from the portal I get exactly the same problem. I've enabled the error logging, which has become rather big but is as followsIf anyone has any ideas I'd really appreciate it
Client is win7 with office sp2. Server is 2008 r2
I have enabled logging, but cant paste the full thing here as it is too long.
June 4th, 2010 6:22pm
Does anyone have any ideas about this?
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 10:25am
try this one
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/The FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 11:22am
Thank you.
I have looked at that thread, but it isnt the same problem. Im not running the RTM version, and I'm not getting the same errors in my log as the person in that post. Im also not getting different errors based on where I register for password
reset (portal or application), the error is always the same for me.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 11:37am
u have to look at the error on the FIMService event log
this is pretty much the only error possible in that phase
or would you post the error from FIMService?
thanksThe FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 11:43am
u have to look at the error on the FIMService event log
this is pretty much the only error possible in that phase
or would you post the error from FIMService?
thanks
The FIM Password Reset Blog http://blogs.technet.com/aho/
The event log is at the following URL, I was unable to paste it directly due to its size;
http://www.heypasteit.com/clip/KGJ
Many thanks again.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 11:54am
again, this trace is from the client side. i need the one from FIMService (server side)The FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 7:44pm
I have looked at the event log (Forefront Identity Manager), and one error which seems to be appearing when password reset fails is as follows;
Log Name: Forefront Identity Manager
Source: Microsoft.ResourceManagement
Date: 04/06/2010 16:12:40
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ForefrontILM.staff.blackburn.local
Description:
System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---> System.InvalidOperationException: The SamlAssertion could not be serialized to XML. Please see inner exception
for details. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement()
at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
--- End of inner exception stack trace ---
at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token)
at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken)
--- End of inner exception stack trace ---
at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken)
at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims,
Nullable`1& currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]& currentChallenges)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-04T15:12:40.000000000Z" />
<EventRecordID>855</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Computer>ForefrontILM.staff.blackburn.local</Computer>
<Security />
</System>
<EventData>
<Data>System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---> System.InvalidOperationException: The SamlAssertion could not be serialized
to XML. Please see inner exception for details. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter)
at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement()
at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
--- End of inner exception stack trace ---
at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer)
at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token)
at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken)
--- End of inner exception stack trace ---
at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken)
at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims,
Nullable`1& currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]& currentChallenges)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody)
at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage)</Data>
</EventData>
</Event>
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2010 10:58am
right, so my original reply still holds
try this one
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/The FIM Password Reset Blog http://blogs.technet.com/aho/
June 9th, 2010 11:24am
I should have listened to you first time around!
Worked perfect, thank you so much.
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2010 12:29pm