FIM Password Registration Portal Error 3008

Team,

I have my FIM Service/FIM Portal in a separate server and FIM Password Registration and Password Reset portal in another server. Installation is successful. I have also followed MS docs to configure the workflows and MPRs for password reset and registration. When I login to a test machine and open the url http://passwordregistration.x.com, it prompts for username/password. Once authentication, it gives me "next" button to continue registration. When i press Next it throws error 3008 and says unable to communicate to FIM Service. Can someone please help. I am badly stuck.

Thanks,

April 8th, 2014 5:12pm

Please find the event logs from the fim sspr server.

The description for Event ID 3 from source Microsoft.CredentialManagement.RegistrationPortal cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

The error page was displayed to the user.
Details:
Title: Communication Error
Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3008)
Source:
Attributes:
Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.GenericCommunicationException: The caller was not authenticated by the service. ---> System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.LayeredChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetLoginId(String domain, String username, ClientOptionsHelper options)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration()
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId:
RequestId:
ErrorCode: 3008
CaughtTime: 04/08/2014 13:40:38

Web Portal: FIM Password Registration Portal
Session Id: wun0b4y1btw4mdj0a4kkew45
IP Address: x

Next:

The description for Event ID 3 from source Microsoft.CredentialManagement.RegistrationPortal cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.GenericCommunicationException: The caller was not authenticated by the service. ---> System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.LayeredChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetLoginId(String domain, String username, ClientOptionsHelper options)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration()
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
   at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
   at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
   at System.Web.UI.TemplateControl.OnError(EventArgs e)
   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.default_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Next:

The description for Event ID 3 from source Microsoft.CredentialManagement.RegistrationPortal cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Failure to connect to FIM Service
The web portal failed to connect to the FIM Service.

Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
Details:
System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.LayeredChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetLoginId(String domain, String username, ClientOptionsHelper options)
   at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
Web Portal: FIM Password Registration Portal
Session Id: wun0b4y1btw4mdj0a4kkew45
IP Address: x

Free Windows Admin Tool Kit Click here and download it now
April 8th, 2014 5:48pm

you have either problem with communication to your fim service host on tcp/5726 (less likely) or kerberos auth is not really working there. Check your SPNs and accounts configuration for Kerberos auth. 
April 10th, 2014 3:12pm

Best solution is ..

http://social.technet.microsoft.com/wiki/contents/articles/24629.fim-troubleshooting-sspr-registration-error-3008-an-error-occurred-while-receiving-the-http-response.aspx

     1. Download PsExec from here: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx  

     2. Open a command prompt as administrator and run the command below

     3. psexec.exe -s -d -i cmd.exe

     4. In the new command prompt window that opens, type: mmc.exe

     5. Add the Certificate snap-in, select Computer Account radio button, then select Local Computer and Finish.

     6. Expand Certificates (Local Computer)Personal, then click on the Certificates folder.

     7. Right click on ForefrontIdentityManager and select Manage Private Keys...

 

     8. Add the FIMService account and give it read permission.

     9. Restart the FIMService


Free Windows Admin Tool Kit Click here and download it now
June 24th, 2014 2:26pm

Best solution is ..

http://social.technet.microsoft.com/wiki/contents/articles/24629.fim-troubleshooting-sspr-registration-error-3008-an-error-occurred-while-receiving-the-http-response.aspx

     1. Download PsExec from here: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx  

     2. Open a command prompt as administrator and run the command below

     3. psexec.exe -s -d -i cmd.exe

     4. In the new command prompt window that opens, type: mmc.exe

     5. Add the Certificate snap-in, select Computer Account radio button, then select Local Computer and Finish.

     6. Expand Certificates (Local Computer)Personal, then click on the Certificates folder.

     7. Right click on ForefrontIdentityManager and select Manage Private Keys...

 

     8. Add the FIMService account and give it read permission.

     9. Restart the FIMService

May 26th, 2015 7:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics