Hi,im running FIM 2010 RC1 update 2,I configured the self password reset using that guide http://technet.microsoft.com/en-us/library/ee534892(WS.10).aspx- users are able to register for self-password reset.- I can reach the "new password prompt" when the correct answers are provided.- but after, the user get a message "We were unable to reset your password"...After enabling FIM service debug, I got that error: <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>3</EventID> <Type>3</Type> <SubType Name="Error">0</SubType> <Level>2</Level> <TimeCreated SystemTime="2009-12-11T12:24:41.1914184Z" /> <Source Name="Microsoft.ResourceManagement" /> <Correlation ActivityID="{391b811e-53e0-469f-9fba-295cee8a917a}" /> <Execution ProcessName="Microsoft.ResourceManagement.Service" ProcessID="4456" ThreadID="11" /> <Channel/> <Computer>SAOPAULO</Computer> </System> <ApplicationData> System.Management: System.Management.ManagementException: Access denied &#xD;&#xA; at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)&#xD;&#xA; at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()&#xD;&#xA; at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText) <System.Diagnostics xmlns="http://schemas.microsoft.com/2004/08/System.Diagnostics"> <LogicalOperationStack></LogicalOperationStack> <Timestamp>36529376603</Timestamp> <Callstack> at System.Environment.get_StackTrace()&#xD;&#xA; at System.Diagnostics.TraceEventCache.get_Callstack()&#xD;&#xA; at System.Diagnostics.XmlWriterTraceListener.WriteFooter(TraceEventCache eventCache)&#xD;&#xA; at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String format, Object[] args)&#xD;&#xA; at Microsoft.ResourceManagement.Utilities.LoggingManager.LogError(String formatString, Object[] arguments)&#xD;&#xA; at Microsoft.ResourceManagement.Utilities.LoggingManager.ReportError(Exception exception)&#xD;&#xA; at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)&#xD;&#xA; at Microsoft.ResourceManagement.Workflow.Activities.PWResetActivity.AttemptPasswordReset(Object sender, XmlDocumentValidationEventArgs e)&#xD;&#xA; at System.Workflow.ComponentModel.Activity.RaiseGenericEvent[T](DependencyProperty dependencyEvent, Object sender, T e)&#xD;&#xA; at Microsoft.ResourceManagement.Workflow.Activities.XmlInteractiveActivity.DocumentValidation(Object sender, EventArgs e)&#xD;&#xA; at System.Workflow.ComponentModel.Activity.RaiseEvent(DependencyProperty dependencyEvent, Object sender, EventArgs e)&#xD;&#xA; at System.Workflow.Activities.CodeActivity.Execute(ActivityExecutionContext executionContext)&#xD;&#xA; at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)&#xD;&#xA; at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)&#xD;&#xA; at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)&#xD;&#xA; at System.Workflow.Runtime.Scheduler.Run()&#xD;&#xA; at System.Workflow.Runtime.WorkflowExecutor.RunScheduler()&#xD;&#xA; at System.Workflow.Runtime.WorkflowExecutor.RunSome(Object ignored)&#xD;&#xA; at System.Workflow.Runtime.Hosting.SynchronizationContextWorkflowSchedulerService.Schedule(WaitCallback callback, Guid workflowInstanceId)&#xD;&#xA; at System.Workflow.Runtime.WorkflowExecutor.RequestHostingService()&#xD;&#xA; at System.Workflow.Runtime.ScheduleWork.Dispose()&#xD;&#xA; at System.Workflow.Runtime.WorkflowExecutor.EnqueueItemOnIdle(IComparable queueName, Object item, IPendingWork pendingWork, Object workItem)&#xD;&#xA; at System.Workflow.Runtime.WorkflowInstance.EnqueueItemOnIdle(IComparable queueName, Object item, IPendingWork pendingWork, Object workItem)&#xD;&#xA; at System.ServiceModel.Dispatcher.WorkflowOperationAsyncResult.DoWork(Object state)&#xD;&#xA; at System.ServiceModel.Diagnostics.Utility.WaitThunk.UnhandledExceptionFrame(Object state)&#xD;&#xA; at System.Workflow.Runtime.Hosting.SynchronizationContextWorkflowSchedulerService.SynchronizationContextPostHelper.Callback(Object state)&#xD;&#xA; at System.ServiceModel.Diagnostics.Utility.WaitThunk.UnhandledExceptionFrame(Object state)&#xD;&#xA; at System.Threading.ExecutionContext.runTryCode(Object userData)&#xD;&#xA; at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)&#xD;&#xA; at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)&#xD;&#xA; at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack)&#xD;&#xA; at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state) </Callstack> </System.Diagnostics> </ApplicationData> </E2ETraceEvent> Any suggestion would really be appreciated. Thanks.

Did you enable Password Management on the AD MA?http://www.wapshere.com/missmiis

yes, it was already enabled: AD MA > Configure Extensions > Enable password management.

The PW reset tries to reset the password directly in AD (so AD complexity rules apply) but it uses the account configured in the AD MA (so the permissions of that account must include the ability to reset passwords). Otherwise I can't think what it might be...http://www.wapshere.com/missmiis

the FIMService service account needs to be a member of FIMSyncPasswordSet group i highly suspect it is not... after that, you need to restart Sync and then restart FIMService (in that order) The FIM Password Reset Blog http://blogs.technet.com/aho/

fimsvc: account for the fim servicefimmaadds: account for the ADDS management agent.For the FIMSync memberships:- FIMSyncAdmins: Administrator, fimmaadds, fimsvc- FIMSyncBrowse: fimmaadds, fimsvc- FIMSyncJoiners:- FIMSyncOperators:- FIMSyncPasswordSet: fimmaadds, fimsvcRegarding the password reset permissions: for the account fimmaadds, on the OU containing the user im trying to reset its password:- Descendant user objects: List content, Read All properties, Read permissions- Descendant ... : read lockouttime, write lockout time- Descendant...: read UAC, write UAC- Descendant...: Reset password- Descendant...: Change passwordAll the memberships and permissions seems correct according to the step-by-step password reset guide...Is there anything wrong in what is written above?Cheers.

are FIMService and FIMSync installed on different machines? to eliminate some permission, would u mind try adding FIMSvc as local admin on the FIMSync box? then disable firewall then restart Sync and FIMService (in that order), and try again?The FIM Password Reset Blog http://blogs.technet.com/aho/

they're running on the same computer.i added fimsvc as a local admin.Now i get the following error when trying to reset the password:- PWReset Activity could not connect to the directory.and when i started the services, I got: "XmlInteractiveActivity 'authenticationGateActivity1.xmlInteractiveActivity1' running in WorkflowInstance 'b3ec4137-e1cd-4da1-95b1-ea1e12976e37' timed out waiting for response."I however disabled the firewall (altough i double checked the firewall rules..)any further ideas?btw great CP on your blog!

I also got these errors:- Windows logs > Application FIMSync: " The server encountered an unexpected error while performing an operation for a management agent."BAIL: MMS(2064): ma.cpp(370): 0x80040154 (Class not registered)BAIL: MMS(2064): ma.cpp(7621): 0x80040154 (Class not registered)BAIL: MMS(2064): ma.cpp(7518): 0x80040154 (Class not registered)Forefront Identity Manager 4.0.2574.0"- Applications and Services logs > Forefront Identity Manager:" PWReset Activity could not connect to the directory."Please note im running FIM RC1 update 2.

I followed the steps mentionned in your other post: http://social.technet.microsoft.com/Forums/en/ilm2/thread/b2d07c59-9e1a-4d1c-86c9-a6cd96a40aabAll the steps 1 to 13 runs successfully.Step 14:- Method executed successfully,- BUT: RETURN VALUE = call-failure:0x80040154I also have the sameparameters forthe AD MA: - Connect to forest- sign and encyrpt YES- Extension - Pwd Mgmt YES require secure YES retry 10 interval 60- I ran a repair on the FIM Setup, the errors message kept appearing and password reset still does not work.About the registry keys:HKEY_CLASSES_ROOT\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}Default: ADMAHKEY_CLASSES_ROOT\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}\InprocServer32Default - REG_SZ - C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\mmsmaad.dllInprocServer32 - REG_MULTI_SZ - ?{+p]bozQ@Cs1(enXoLyAD<ThreadingModel - REG_SZ - BothHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}Default - ADMAHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}\InprocServer32Default - REG_SZ - C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\mmsmaad.dllInprocserver32 - REG_MULTI_SZ - ?{+p]bozQ@Cs1(enXoLyAD<ThreadingModel - REG_SZ - BothHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\ManagementAgentsAD - {86A0B533-53B1-458D-8AD4-DEE4C4A42208}...FIM - {1644FEE7-D816-4FF6-9101-234F14990F75}You wrote the bug was correct.What steps should I achieve to correct that bug?Cheers

Finally it's happened to someone else. :)Sorry I still haven't found the fix myself, but glad to know it's not just me....

ok, that's some progress. You were having permission issue when FIMSvc tries to search for the user using WMI. Have u followed the DCOM/WMI section in the step-by-step? also, if u follow the setup guide 100%, it will suggest u to decline Network Access for FIMService and FIMSyncService service accounts. Since you are using All-in-One, that won't work. For the timeout, that's just caused by previously active WF, you can ignore that...The FIM Password Reset Blog http://blogs.technet.com/aho/

let's keep this thread as to troubleshooting the permission issue Let's leave the "Class not registered" error in the other thread :)The FIM Password Reset Blog http://blogs.technet.com/aho/

I have also experienced this problem. Will post my finding as I troubleshoot this issue. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Noticed this error in the event log: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} to the user MYDOMAIN\fimSvc SID (S-1-5-21-2638804994-1901297949-932415521-1619) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Am I missing any group memberships? Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

nope in the Introduction to Pwd Reset there are a few sections around DCOM/WMI settings. Make sure you have followed those sectionsThe FIM Password Reset Blog http://blogs.technet.com/aho/

I was able to resolve this error. I just had to add the FIM Svc account to the FIMSyncPasswordSet group. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

I did everything as said before, in my application event viewer i get the following error code Log Name: Application Source: FIMSynchronizationService Date: 11/8/2010 8:26:09 PM Event ID: 6306 Task Category: Server Level: Error Keywords: Classic User: N/A Computer: FIMSRV01.fim.sogeti.local Description: The server encountered an unexpected error while performing an operation for the client. "BAIL: MMS(3080): server.cpp(7910): 0x80070005 (Access is denied.) Forefront Identity Manager 4.0.3531.2" Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="FIMSynchronizationService" /> <EventID Qualifiers="49152">6306</EventID> <Level>2</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-11-08T19:26:09.000000000Z" /> <EventRecordID>4915</EventRecordID> <Channel>Application</Channel> <Computer>FIMSRV01.fim.sogeti.local</Computer> <Security /> </System> <EventData> <Data>BAIL: MMS(3080): server.cpp(7910): 0x80070005 (Access is denied.) Forefront Identity Manager 4.0.3531.2</Data> </EventData> </Event>

same answer the FIMService service account needs to be a member of FIMSyncPasswordSet group i highly suspect it is not... after that, you need to restart Sync and then restart FIMService (in that order)The FIM Password Reset Blog http://blogs.technet.com/aho/