Error when loading FIM portal in new installation: The requestor's identity was not found.

I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:

Unable to process your request.

Please contact your help desk or system administrator.

Error processing your request: The server was unwilling to perform the requested operation.

Reason: The requester of this operation is invalid.

Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8

Details: The requestor's identity was not found.

>Go to Forefront Identity Manager home page

 

(The web page header does show the FIM logo, so the portal itself is there).

In the ForeFront logs on SPF1, I get the following:

Log Name:      Forefront Identity Manager
Source:        Microsoft.ResourceManagement
Date:          1/13/2015 5:48:08 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SPF1.testdomain.internal
Description:
GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
    <EventRecordID>523</EventRecordID>
    <Channel>Forefront Identity Manager</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
  </EventData>
</Event>

 

Log Name:      Forefront Identity Manager
Source:        Microsoft.ResourceManagement
Date:          1/13/2015 5:48:08 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SPF1.testdomain.internal
Description:
Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
    <EventRecordID>522</EventRecordID>
    <Channel>Forefront Identity Manager</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
  </EventData>
</Event>

 

 


Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal", although that's actually a NLB group between two CAS/HUB servers.
Log Name:      Application
Source:        Microsoft.ResourceManagement.ServiceHealthSource
Date:          1/13/2015 7:43:49 PM
Event ID:      12
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:     SPF1.testdomain.internal
Description:
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
    <EventID Qualifiers="0">12</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
    <EventRecordID>7581</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SPF1.testdomain.internal</Computer>
    <Security />
  </System>
  <EventData>
    <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
  </EventData>
</Event>

 

 

I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could be mistaken).

January 14th, 2015 7:07am
I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
  • Marked as answer by Gareth.T 16 hours 12 minutes ago
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2015 2:37pm
I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
  • Marked as answer by Gareth.T Tuesday, February 24, 2015 7:35 PM
February 24th, 2015 10:35pm
I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
  • Marked as answer by Gareth.T Tuesday, February 24, 2015 7:35 PM
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2015 10:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics