Hi,
I'm trying to figure out why my FIM password reset functionality fails. Password registration works fine. My deployment is as follows
FIMSync1 - sync service uses service.sync
FIMPortal - FIM portal, uses service.portal
FIMPortalDB - FIM portal DB
SSPR - FIM password registration and reset portals
Application Pools
FIMportal, Share Point 80 - service.spportal
SSPR - service.pwordreset
I've set SPNs as below:
setspn -S FIMService/selfserviceportal contoso\service.portal
setspn -S FIMService/selfserviceportal.contoso.com contoso\service.portal
setspn -S FIMService/FIMportal contoso\service.portal
setspn -S HTTP/selfserviceportal.contoso.com contoso\svc-fim-spportal
setspn -S HTTP/selfserviceportal contoso\service.spportal
setspn -S HTTP/FIMportal contoso\service.spportal
I've installed SSPR using the credentials and URLs I stated when I first installed the FIM synchronization service and FIM service.For the password binding information (Hostname), I entered the URLs FIMpasswordreset.com and FIMpasswordregistration.com as opposed to the hostname of my server "SSPR" - is this correct?
The local firewall is disabled between my servers, DCOM and WMI permissions have been set on FIMSync1 for the fim service account (service.portal).
Users can register for password reset without any issues, but the actual password reset itself fails with the errors below. Any ideas on troubleshooting are much appreciated.
Thanks
Application Error Log
FIM Password Reset Portal failure to connect to FIM Service
The FIM Password Reset Portal failed to connect to the FIM Service.
Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the FIM Password Reset Portal, and (3) that network connectivity is available between the FIM Password Reset Portal and the FIM Service over
the designated port.
Details:
Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute
or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.
at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)
Windows FIM event log
Failure to connect to FIM Service
The web portal failed to connect to the FIM Service.
Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
Details:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when
processing the security tokens in the message.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.ResumableUpdate()
at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Resume(ContextualSecurityToken securityToken)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)
Web Portal: FIM Password Reset Portal
Session Id: 5n0mdi45fhuwk2icjnryz055
IT Support/Everything