FIM Password Reset Portal OTP Options

Similar Messages

• Allow Anonymous Access to the Password Reset Portal

  How do I go about enabling Anonymous Access to the Password Reset Portal?
  The following instructions don't seem accurate anymore.  Has this setting changed with Sharepoint Services 3.0 SP2?
  When I click on "Settings" in Step 4 the only option displayed is "Permission Levels".
  Allow Anonymous Access to the password reset portal
  In this procedure you will configure the portal to allow Anonymous Access to users who need to reset their passwords.
  To allow anonymous access to the password reset portal
  Log on to the password portal (http://<portal hostname/PasswordPortal) as an administrator.
  On the top right hand side of the portal homepage click Site Actions, and then click Site Settings.
  Under Users and Permissions click Advanced Permissions.
  On the Permissions page, click Settings, and then select Anonymous Access.
  Under Anonymous users can access, select Entire Web site, and then click OK.

  Yes, that was very helpful.  Thanks! 
  Just in case that site dissapears and someone else needs this info, here it is:
  If you don’t see the “Anonymous Access” menu option in the “Settings” menu, it might not be turned on in Central Admin/IIS. You can manually navigate to “_layouts/setanon.aspx” if you want, but the options will be grayed out if it hasn’t been enabled in IIS
  First get to your portal. Then under “My Links” look for “Central Administration” and select it.
  In the Central Administration site select “Application Management” either in the Quick Launch or across the top tabs
  Select “Authentication Providers” in the “Application Security” section
  Click on the “Default” zone (or whatever zone you want to enable anonymous access for)
  Under “Anonymous Access” click the check box to enable it and click “Save”
  NOTE: Make sure the “Web Application” in the menu at the top right is your portal/site and not the admin site.
  You can confirm that anonymous access is enabled by going back into the IIS console and checking the Directory Security properties.
  Now the second part is to enable anonymous access in the site.
  Return to your sites home page and navigate to the site settings page. In MOSS, this is under Site Actions – Site Settings – Modify All Site Settings. In WSS it’s under Site Actions – Site Settings.
  Under the “Users and Permissions” section click on “Advanced permissions”
  On the “Settings” drop down menu (on the toolbar) select “Anonymous Access”
  Select the option you want anonymous users to have (full access or documents and lists only)
  Now users without logging in will get whatever option you allowed them.
  A couple of notes about anonymous access:
  You will need to set up the 2nd part for all sites unless you have permission inheritance turned on
  You must do both setups to enable anonymous access for users, one in IIS and the other in each site

• FIM password registration portal failure to connect to FIM

  getting event ID 52   FIM password registration portal failure to connect to FIM

  Please post more information like
  Event ID error message ?
  When does it occur (installation of SSPR, when user logs in to SSPR etc) ?
  Your FIM Topology

• OSX Server password reset portal doesn't communicate password requirements

  Here's the story:
  We are migrating our users to a new fileserver running OSX Server 2.2.2 on 10.8 from an existing 10.4 server.  We have prepopulated the user accounts with the same login names as our old server, and set temporary passwords for each user that they will need to reset.  The plan was to have each user set their custom password via the built in web portal.  We've got Windows and Mac Users, so we are expecting at least the windows users will have to set their passwords this way, as the Mac users can be forced to reset their password at first login.
  The issue is that we are are implementing stronger password requirements on the new server, but the password reset portal doesn't seem to communicate that at all.  When entering the existing password, and a new password that is not strong enough, we get the error:  "Your password could not be changed.  Please retype your old password and try again" which is misleading because it is an issue with the new password being too weak, not the old password being incorrect.
  Is this normal behavior for this reset portal?  It's pretty basic, so I wouldn't be surprised if that's just the way it is, but we are looking for a way to keep it as simple as possible for our users, and to avoid unnecessary confusion.
  For the record, our password requirements are:
  password minimum length = 8 characters
  passwords must contain:
  at least one letter
  at least one number
  at least one special character
  differ from last 5 passwords used
  be reset on first login

  Another helpful forum user said:
  Then you might try this procedure to create a new administrator account:
  http://osxdaily.com/2010/08/10/forgot-mac-password-how-to-reset-mac-password/
  Which i tried. I ran through the help link above which all seemed to work until the end... and i got this error...
  Which means i couldn't get to the part that sets up a new user. :-(

• Password History in FIM Password Reset

  Hello
  We have a problem no one seem to be able to fix. 
  We have a register/reset portal up n running and everything works great. Users can register and then change passwords.
  The problem is the password History, they can change back to old passwords. I have tryed all thinkable solutions but we cant seem to handle the history. We have policys on group level that applies this rules.
  Anyone with a solution or that have similar problem?

  Hi Tobias,
  Make sure you have the following configuration: 
  FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• FIM password reset through token

  Experts,
  I am working on FIM design.
  Through documentation I see that FIM has capability to reset user password by providing challenge questions and answers.
  My requirement is that if same can be done by providing some kind of soft token information.
  User just provide soft token and FIM either allows user to reset password or send password on mobile.
  Any suggestion please.
  Thanks,
  Mann

  At the very least FIM SSPR will first ask for a username.  If the user initiates SSPR too many times without completing the process (e.g., FIM sends five SMS OTPs but the user never chooses a new password) then the SSPR Lockout Gate will apply.  So
  there is some built-in mitigation of an attacker trying to bombard a legitimate user with SSPR PINs.
  In general it is a good practice to require the user to enter some kind of challenge question before the OTP gate.  Perhaps not as rigorous a set of questions if you're relying on OTP, but enough to serve as an initial screen.
  Steve Kradel, Zetetic LLC

• FIM Password Reset Client Service error 1053 when starting service - what is the minimum permissions set?

  Hi,
  I've installed Password Reset Client Service on a machine with locked down GPO settings. Now, service, running under NETWORK_SERVICE account doesn't start (Service Control Manager reports error 1053 after waiting 30 seconds for the service to respond during
  start).
  If I change service account to some other account (i.e. domain account), service runs fine and I am able to reset password successfully, so there is no issues with password reset infrastructure, firewall, etc..). Problem is only with NETWORK SERVICE not
  having enough permission to do its job.
  Unfortunately, there is no event log entries in neither of relevant event logs (Application, Security, System, Forefront Identity Manager) that would provide additional information on why service doesn't start. ProcessMonitor tracing revealed only, that
  service cannot access some of the registry entries. After granting permissions, service still refuses to start.
  What I'd like to know is there a list of permissions, configuration entries, that NETWORK SERVICE needs in order to run normally?
  If that is not available, does anybody have any idea, how to find out what is preventing NETWORK SERVICE account from running that service?
  Thank you and best regards,
  P

  Fatih,
  The above often solves it because this disabled CRL checking for the account running the service. As the service is the network service, it has no scope off of the box, so the machine account is typically used and many shops have policies in place that prevent
  this. If the above entry doesn't help, try using your account as the service account. If that works, then its probably a syntax problem with above entry. If it fails with your account too then its most likely not CRL checking.  There is
  a registry key that can be configured that could assist:
  [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control]
  ServicesPipeTimeout = 30000
  Try setting this to another value higher than 30000. This value is milliseconds. I would also look at network capture and verify if we are indeed attempting to go to the Internet during service startup.

• How to up the timeout setting to solve password reset portal error "Authentication gate timed out waiting for a challenge response"?

  Hi Everyone,
  We have the password portal up and running on one box and another server with FIM R2 and SharePoint 2010.  All is good with the exception that our end users typically get distracted during the password registration and/or reset process and receive:
  "An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) ".  The timeout kicks in after 5 minutes of inactivity in the browser.
  The FIM Service log shows the following:
  "Authentication gate timed out waiting for a challenge response".
  I have confirmed that the default password portal web.config setting is <add key="SessionTimeoutInMinutes" value="20" />.  
  We have also updated Microsoft.ResourceManagement.Service.exe.config per this
  article to the following but with no luck:
  <resourceManagementClient resourceManagementServiceBaseAddress="myAddress" timeoutInMilliseconds="600000" />
    <resourceManagementService externalHostName="myHost" dataReadTimeoutInSeconds="600" dataWriteTimeoutInSeconds="600"/> 
  We did not update the Windows SharePoint Servicesweb.config setting per the article about since we are on SharePoint 2010.  
  There is no NLB or firewall in front on this server.
  If anyone has any solution to how to solve this on FIM R2/SharePoint 2010 please let me know.
  Cheers!

  FIM_Admin,
  You could try changing the receiveTimeoutInSeconds parameter of the resourceManagementService node in your Microsoft.ResourceManagement.Service.exe.config file. However, you are warned not to do this unless instructed to by MS customer support. 
  http://msdn.microsoft.com/en-us/library/windows/desktop/ee652424(v=vs.100).aspx
  http://technet.microsoft.com/en-us/library/ff800821(v=ws.10).aspx

• Customize Password Reset Portal -linebreaks

  Hi
  I need to display password policy in text to the user when he enters a new password in SSPR. Is it possible to get line breaks in the text that is put inside the value tag? Or can I do it anotherway? 
  <data name="FinishingDescription" xml:space="preserve">
      <value> Some text </value>
  /Mikael

  Hi,
  I had the same requirement in one of My earlier projects and I tried everything to add new line or <br/> tags but everytime i got nothing.
  Then , I tried few things and I was able to show text in new lines.
  First of all never copy paste text in between <value> tags. Write text all by yourself.
  Then, I used a lots of "&nbsp" into "FinishingDescription" and also into "Resetting Password for {0}".
  And I was able to achieve this:
  I hope this will help you.
  Thanks~
  Giriraj Singh Bhamu

• Password Reset Portal SMS Gate Not Working

  trying Microsoft code to enable One-Time Password with SMS Gate, no luck to make it work. Anyone can advise what's wrong of this code? 
  Customer sms gateway requires POST method with 3 parameters: "password", "hp" and "smsmessage"
  namespace Microsoft.IdentityManagement.Samples
      using System;
      using System.Collections.Generic;
      using System.Globalization;
      using System.Net;
      using System.Text;
      using Microsoft.IdentityManagement.SmsServiceProvider;
      using System.Web;
      using System.Security.Cryptography;
      using System.IO;
      public class SmsServiceProvider : ISmsServiceProvider
          public void SendSms(string mobileNumber,
                              string message,
                              Guid requestId,
                              Dictionary<string, object> deliveryAttributes)
              mySMSProvider.SendSms(mobileNumber, message);
      class mySMSProvider
          static string RequestURL = "http://smsgw.abc.com/smsgateway/smsforad.php";
          mySMSProvider()
          public static int SendSms(string userMobileNumber, string message)
              WebClient wc = new WebClient();
              string requestData;
              requestData = Microsoft.IdentityManagement.Samples.mySMSProvider.GetRequestData(userMobileNumber, message);
              byte[] postData = Encoding.ASCII.GetBytes(requestData);
              byte[] response = wc.UploadData(mySMSProvider.RequestURL, postData);
              string result = Encoding.ASCII.GetString(response);  // result contains the error text
              int returnValue = System.Convert.ToInt32(result.Substring(0, 6), NumberFormatInfo.InvariantInfo);
              return returnValue;
          public static string GetRequestData(string mobile, string message)
              string myrequestData;
              myrequestData = "password=" + "password123"
                   + "&hp=" + System.Web.HttpUtility.UrlEncode(mobile)
                   + "&smsmessage=" + System.Web.HttpUtility.UrlEncode(message);
              return myrequestData;
  Jason

  There is some "well known" issue if you put more than one class into the dll. Try to insert all the logic to the SmsServiceProvider class.
  Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

• Linking of Public URLS to FIM PORTAL & Registration Portal & Reset Portal

  As we all Know we have 3 Portal
  We have
  1) FIM Portal on port-80 :
      Internal URL- http://<appserver name>/IdentityManagement/default.aspx
  2) FIM Password Registration Portal- Port 8080
      Internal URL- http://<appserver name>:8080/default.aspx 
  3) FIM Password Reset Portal- Port 8081
       Internal URL- http://<appserver name>:8081/default.aspx 
  I want these URLs to connect to Public Urls
  1) fimportal.com
  2) fimregportal.com
  3) fimresportal.com
  I have tried for FIM PORTAL- Alternate MAPPING USING DNS -- but it's goin to TEAM SITE and then we provide Credentials >> then All SITE CONTENT >> then Microsoft Forefront Identity
  Then we have the portal.
  We want whenever user browse "fimportal.com" >> goes to http://<appserver name>:8080/default.aspx  url >> ask for credentials >> Fim Portal.
  Please suggest.

  FIM Password Registration Portal :
  Open the 8080 Port.
  Add a “A” Record for http://<appserver name>:8080/default.aspx in
  DNS and pointing it to Public IP.
  FIM Password Reset Portal :
  Open the 8081 Port.
  Add a “A” Record for  http://<appserver name>:8081/default.aspx  in
  DNS and pointing it to Public IP.
  FIM Portal:
  We can Redirect to the FIM Portal.

• SSPR Password Reset failure

  Hello everyone!
  Im trying to figure out why password reset is failing all the time. We have two servers in our environment. 1 for FIMSync and service, and 1 for SSPR. There is no firewall on, DCOM and WMI is verified, SPN is all setup, SSPR registration is working fine.
  When we try to reset a pwd we reach the SSPR portal just fine, type in username, receive a OTP on SMS, type in new password twice and then hit an error. From the event log on SSPR server this is the only thing going on: (There is no event on the FIMSync
  server).
  Failure to connect to FIM Service
  The web portal failed to connect to the FIM Service.
  Ensure that (1) the FIM Service is running, (2) the FIM Service server address is correct in the web.config file on the web portal, and (3) that network connectivity is available between the web portal and the FIM Service over the designated port.
  Details:
  System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException:
  An error occurred when processing the security tokens in the message.
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
     at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]: 
     at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.PerformUpdate()
     at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.ResumableUpdate()
     at Microsoft.ResourceManagement.WebServices.Client.UninitializedResource.Resume(ContextualSecurityToken securityToken)
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.ResetPassword(SecureString newPassword, ChallengeContext& gateChallengeResponse)
  Web Portal: FIM Password Reset Portal
  Session Id: XX
  IP Address: xx.xx.xx.xx
  Anyone seen this before?
  Regards, Remi www.iamblogg.com

  Hi, 
  You can try following, It helped me once to resolve the similar issue:
  Click on this link
  I hope this will help you.
  If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu

• SSPR password Reset issue

  Hi Techies,
  I am facing a issue in resetting the password of the users. The user is able to register the password on the registration portal by giving all the answers but when trying to reset the password from the FIM password reset portal, giving the user name as
  Domain Name\Username
  and after providing all the answers which were used while registering the user for password reset,i get to the next page and able to enter the new password and confirm password. But just a click on Next, I receive the following error
  An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
  working on FIM 2010R2 SP1.
  PLease help in this.
  Thanks in advance
  Varun

  Have a look at the following posts. May be you'll be able to troubeshoot the error.
  http://blogs.msdn.com/b/ms-identity-support/archive/2013/01/18/fim-troubleshooting-sspr-error-3000.aspx
  http://technet.microsoft.com/en-us/library/jj134289%28v=ws.10%29.aspx
  https://social.technet.microsoft.com/Forums/en-US/69ac3bbb-e66f-4a2e-a01e-2f3490fe5ef4/facing-issues-with-sspr-in-fim-2010-r2?forum=ilm2
  If you are working on Windows Server 2012, there may be additional things related to Cryptography Algorithms you might need to disable.
  Regards Furqan Asghar

• Password Reset Webpart

  Good Evening TechNet Experts,
  I found a ton of out-dated material on this but was looking for something more updated, thorough, and well instructed. Need instructions/guide on setting up a Password Reset Portal for end-users on the SCSM portal
  WITHOUT Orchestrator.
  1. This will need to work with SharePoint 2010, SCSM 2012, and ADFS.
  2. Users need to be able to enter their email / username and click reset to send the password reset link / temporary password to the users email.
  3. Users need this function BEFORE logging in.... I will link to the web part right on my login page. I have seen many "Request Offering" reset pages... this doesn't make sense to me
  as the user must be able to login before resetting... defeating the purpose and rendering this useless.
  Thanks in advance, look forward to reading your thoughts on this.

  Thomas! Hello again :)
  What country do you live in? If I ever visit I promise to buy you dinner :D
  Thanks for your reply. I see what your saying, I spoke to management and we made a decision to ditch the approach of giving the customer complete control over a reset - the only easy solution is FIM and this costs too much.
  We decided to use a web-part that would require the user to login with a temporary password provided by our helpdesk analysts, then click on the password reset web-part to undergo the reset. I looked at the tool you provided but am not 100% sure how to deploy
  it - I am not yet too familiar with this stuff. I also looked at a web-part provided by ITaCS (http://changepassword.codeplex.com/) but this didn't work and ran into a bug. Currently in contact with the developer
  to see if they can get it fixed but meanwhile, how would I go about deploying the solution you posted?
  To test it anyways, I extracted the files to my IIS directory and added the site as a .Net 4.0 Integrated Pipeline App Pool. I also configured the site to connect as a domain admin user. However, when I launch I kept running to an authentication/permissions
  error.
  Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.
  Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to 'C:\inetpub\wwwroot\wss\VirtualDirectories\PassCore'.
  I added permissions on that folder for the domain account running the web app but still same error.
  I disabled authentication completely under system.web/authentication and still solved the permissions issue but I got this compilation error:
  Server Error in '/' Application.
  Compilation Error
  Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
  Compiler Error Message: CS0234: The type or namespace name 'Helpers' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  Source Error:
  Line 17: using System.Net;
  Line 18: using System.Web;
  Line 19: using System.Web.Helpers;
  Line 20: using System.Web.Security;
  Line 21: using System.Web.UI;
  Source File: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs Line: 19
  c:\windows\system32\inetsrv> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\assembly\dl3\2cf2a65a\931a5703_0a51d001\Unosquare.PassCore.Web.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_global.asax.3xi7t_sv.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll" /out:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.dll" /D:DEBUG /debug+ /optimize- /w:4 /nowarn:1659;1699;1701;612;618 /warnaserror- "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs" "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.1.cs"
  Microsoft (R) Visual C# Compiler version 4.0.30319.33440
  for Microsoft (R) .NET Framework 4.5
  Copyright (C) Microsoft Corporation. All rights reserved.
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(19,22): error CS0234: The type or namespace name 'Helpers' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(22,22): error CS0234: The type or namespace name 'WebPages' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(23,22): error CS0234: The type or namespace name 'Mvc' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(24,22): error CS0234: The type or namespace name 'Mvc' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(25,22): error CS0234: The type or namespace name 'Mvc' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\a5249b39\150dcacd\App_Web_index.cshtml.a8d08dba.y7qkeipi.0.cs(29,61): error CS0234: The type or namespace name 'Mvc' does not exist in the namespace 'System.Web' (are you missing an assembly reference?)
  Finally, I switched to connect as an Application user (pass-through authentication) but now the site just keeps loading forever and nothing happens. I checked event log for issues but it seems I'm not generating any errors after this final configuration
  attempt... Not sure where to go from here.
  Thanks a million for your help Thomas!

• Password Reset Failed

  My password reset portal is using SMS gate, it has been working and recently has problem. 
  FIM Portal Server eventlog shows PermissionDeniedException:
  Requestor: urn:uuid:b0b36673-d43b-4cfa-a7a2-aff14fd90522
  Correlation Identifier: f0f5c811-a595-4f1b-984d-3e2d8d61dee2
  Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException: SystemConstraint
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteInitialAuthentication(RequestType request)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAuthentication(RequestType request)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey,
  Boolean isRedispatch)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
     at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest(RequestType request)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
  Anyone has any idea for this issue?
  Jason

  SPN:
  Registered ServicePrincipalNames for CN=FIMSPService,OU=Service Accounts,DC=abc,DC=com:
          HTTP/fimportal.devresource.abc.com
          HTTP/fimportal
  Registered ServicePrincipalNames for CN=FIMPWService,OU=Service Accounts,DC=abc,DC=com:
          HTTP/register.devresource.abc.com
          HTTP/reset.devresource.abc.com
  Registered ServicePrincipalNames for CN=FIMService,OU=Service Accounts,DC=abc,DC=com:
          FIMService/ResFIMSvr-Dev.devresource.abc.com
          FIMService/ResFIMSvr-Dev
          FIMService/fimportal
          FIMService/fimportal.devresource.abc.com
  Delegation:
  Group:
  FIMService is member of FIMSyncBrowse and FIMSyncPasswordSet
  ADMA permission:
  temporary gave Domain Admins right, issue persist
  Jason