Password Reset Failing
Im having a problem when trying to register for password reset either from the portal or mspwdregistration.exe I've ensured that users are in the password reset set. Ive also ensured that the client workstations are pointing to http://fimserver:5725 If I log in as a normal user on a workstation, the forefront client asks me to register. I can click next, and answer the 3 questions, and then an error is displayed saying "an error was encountered, please call helpdesk or system administrator for further assistance" If I try to register from the portal I get exactly the same problem. I've enabled the error logging, which has become rather big but is as followsIf anyone has any ideas I'd really appreciate it Client is win7 with office sp2. Server is 2008 r2 I have enabled logging, but cant paste the full thing here as it is too long.
June 4th, 2010 6:22pm

Does anyone have any ideas about this?
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 10:25am

try this one http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/The FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 11:22am

Thank you. I have looked at that thread, but it isnt the same problem. Im not running the RTM version, and I'm not getting the same errors in my log as the person in that post. Im also not getting different errors based on where I register for password reset (portal or application), the error is always the same for me.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 11:37am

u have to look at the error on the FIMService event log this is pretty much the only error possible in that phase or would you post the error from FIMService? thanksThe FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 11:43am

u have to look at the error on the FIMService event log this is pretty much the only error possible in that phase or would you post the error from FIMService? thanks The FIM Password Reset Blog http://blogs.technet.com/aho/ The event log is at the following URL, I was unable to paste it directly due to its size; http://www.heypasteit.com/clip/KGJ Many thanks again.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2010 11:54am

again, this trace is from the client side. i need the one from FIMService (server side)The FIM Password Reset Blog http://blogs.technet.com/aho/
June 7th, 2010 7:44pm

I have looked at the event log (Forefront Identity Manager), and one error which seems to be appearing when password reset fails is as follows; Log Name: Forefront Identity Manager Source: Microsoft.ResourceManagement Date: 04/06/2010 16:12:40 Event ID: 3 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ForefrontILM.staff.blackburn.local Description: System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---> System.InvalidOperationException: The SamlAssertion could not be serialized to XML. Please see inner exception for details. ---> System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement() at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) --- End of inner exception stack trace --- at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token) at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken) --- End of inner exception stack trace --- at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken) at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims, Nullable`1& currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]& currentChallenges) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage) Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft.ResourceManagement" /> <EventID Qualifiers="0">3</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-06-04T15:12:40.000000000Z" /> <EventRecordID>855</EventRecordID> <Channel>Forefront Identity Manager</Channel> <Computer>ForefrontILM.staff.blackburn.local</Computer> <Security /> </System> <EventData> <Data>System.ServiceModel: System.Xml.XmlException: There was an error serializing the security token. Please see the inner exception for more details. ---&gt; System.InvalidOperationException: The SamlAssertion could not be serialized to XML. Please see inner exception for details. ---&gt; System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle&amp; safeProvHandle, SafeKeyHandle&amp; safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.Tokens.SamlAssertion.System.IdentityModel.ICanonicalWriterEndRootElementCallback.OnEndOfRootElement(XmlDictionaryWriter dictionaryWriter) at System.IdentityModel.SamlDelegatingWriter.OnEndOfRootElement() at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) --- End of inner exception stack trace --- at System.IdentityModel.Tokens.SamlAssertion.WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.IdentityModel.Tokens.SamlAssertion.WriteTo(XmlWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) at System.ServiceModel.Security.WSSecurityJan2004.SamlTokenEntry.WriteTokenCore(XmlDictionaryWriter writer, SecurityToken token) at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken) --- End of inner exception stack trace --- at System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter writer, SecurityToken inToken) at Microsoft.ResourceManagement.WebServices.WSTrust.RequestSecurityTokenResponseType.SetRequestedSecurityToken(SamlSecurityToken samlSecurityToken) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.TokenIssuer.IssueSecurityToken(Message requestMessage, Object request, Claim[] claims) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims, Nullable`1&amp; currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]&amp; currentChallenges) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody) at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityTokenResponse(Message requestMessage)</Data> </EventData> </Event>
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2010 10:58am

right, so my original reply still holds try this one http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/The FIM Password Reset Blog http://blogs.technet.com/aho/
June 9th, 2010 11:24am

I should have listened to you first time around! Worked perfect, thank you so much.
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2010 12:29pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics