Hello,
I have an issue with FIM where I can access the fim portal in it's entirety on the fim server itself using my domain admin credentials, but if I try to connect in from another server I can get the FIM homepage, but clicking through various menus I receive a "service could not be contacted error".
I've setup fim as shown below:
http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx
vm-fim08-01 --- fim service + portal (uses SharePoint foundation 2010)
DNS Alias "fimportal" for vm-fim08-01
SharePoint - 80 application account: service.spportal
FIM service account - service.fim
vm-fim-sync -- fim sync service + sql 2008 R2
vm-fim-sql08 -- contains SQL 2008 R2 DB for fim service
SPNs configured as shown below (setspn -l):
service.fim
FIMService/fimportal
FIMService/fimportal.domaina.local
mssqlsvc/vm-fim-sql-01:1433
service.spportal
HTTP/fimportal.domaina.local
HTTP/fimportal
Delegation setup as shown in the pics on the two service accounts only.
http://fimportal/IdentityManagement/default.aspxfrom the fim portal server (vm-fim08-01) works OK without a login prompt for full portal access (I don't received the service could not be contacted message). Using the fqdn fimportal.domaina.local from the same server this time asks for a login prompt, I enter my current Windows credentials, get the home page, but I soon receive "The FIM service could not be contacted".
Using a different server with the fqdn I'm prompted for a login (using the alias logs me in immediately). Either way, whenever I use a different server other than the fim portal server I soon receive "The FIM service could not be contacted".
On the fim portal server's application event logs I see
"
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly. The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service."
I'm pretty sure this is down to an authentication failure, but changing delegation settings have not helped (I've tried setting my service accounts and computer accounts to delegate for any service, but it didn't help). I've checked my SPNs which look right to me. Any advice is much appreciated.
Thanks in advance