SSPR Registration Failing
I'm not sure what to make of this one. This is a multi-domain environment. I've triple checked everything from the TechNet Install Guide. I'm not sure whether or not the two issues below are related or not. I see the same thing
in the svclog when attempting to register from the ILM/Portal/Service Server (with the x64 Add-In Installed) as I do when making the attempt from an XP client. I don't see anything in the Event Viewer. I'm really looking for troubleshooting next
steps.
User 1:
A member of the same domain as ILM. I can see in the svclog that PwdMgmt is able to successfully lookup the User and Workflows and then is "Starting Registration" and sends Put.Enter and Put.Exit Requests (looks like step 6 in the process described
here:
http://blogs.technet.com/b/aho/archive/2009/11/09/forefront-identity-manager-credential-management-part-4.aspx). Then I get the following error:
"PwdMgmtProxy: Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The registration workflow did not start. The FIM Service is not properly configured.
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.StartRegistration()"
User 2:
This user is in a different domain than FIM (same Forest). I see in the svclog the XPath to lookup the user. This looks correct to me, and I've copied to the Portal as a Set filter, to confirm that it works. However, I get the following
error:
"The user could not be found in the database."
Any thoughts or suggestions are appreciated.
Thanks!
-Ryan
October 13th, 2010 2:21am
User1:
search all the requests from portal. you should see an update request that corresponding to /Put[ResetPassword = true]. What's the status of that?
User2:
Can you go to the portal as User2?
The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2010 5:13am
User1:
There is a completed Request for that user (and requested by that user) with a Remove and an Add for Attribute: AuthN Workflow Registered referencing the Password Reset AuthN Workflow. That is the only request that is created.
User2:
Does not have access to the Portal.
Also, a bit more information.... The error is coming up after the initial Password Registration screen appears, when I click "Next". The error comes up almost immediately (contact your helpdesk, etc). I am getting the same result using Mspwdregistration
-all as well as from the Portal using the Authentication Workflow Registration (for user1 only).
Thanks Anthony!
October 13th, 2010 6:38pm
there are
AuthN WF "System Workflow Required for Registration"
and
MPR "General workflow: Registration initiation for authentication activity"
have you touched them in any sense at all?
Free Windows Admin Tool Kit Click here and download it now
October 13th, 2010 8:57pm
Thanks for pointing these out! After reviewing the MPR, it was relying on the "All Active Users" Set which did not contain the correct users. After correcting that, I ran into this issue:
http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/
Lucky for me you had already solved it. SSPR now up-and-running. Thanks for your help Anthony!
-Ryan
October 14th, 2010 11:32pm
i am curious why "All Active Users" doesn't cover your user.The FIM Password Reset Blog http://blogs.technet.com/aho/
Free Windows Admin Tool Kit Click here and download it now
October 16th, 2010 4:12am