SSPR Registration portal "Unauthorized User"
I'm trying to set-up the SSPR registration portal in FIM 2010 R2 but when testing I'm receiving this error:
Unauthorized User
You are not authorized to register for password reset. Please contact your help desk or system administrator. (Error 3004)
Details:
Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.NotAuthorizedException: Exception of type 'Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.NotAuthorizedException' was thrown. at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String
domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration() at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
EventData
User not in FIM Service The FIM Password Registration Portal was unable to recognize the Windows identity of a user who visited the Portal. The user's identity was: xxx\Username The user's IP address was: x.x.x.x Ensure that all users who are
eligible for Password Reset have their Active Directory Security Identifier (SID) synchronized into the FIM Service.
The FIM Service and Sync service are running on two separate servers and I'm trying to install the reset/registration portals on a third server. Users are syncing from an SQL database to AD via FIM with no problems, I ran a powershell script (I would link
to it but I'm afraid I've lost the link!) to confirm that my test users' objectSID records in AD and the portal match, they did. All the MPRs suggested in the deployment guide are enabled.
Any help would be really appreciated.
October 5th, 2012 9:07am
Resolved it at last!
For some reason, the domain in the user attribute was incorrect, reading XXX.Local instead of just XXX. Correcting and re-syncing it with AD has fixed this for my test user, now things are looking good!
Cheers.
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2012 10:23am