Installing HA Fim SSPR

Similar Messages

• Exchange console is Madatory for FIM SSPR email notification

  Hi,
  We  are trying to trigger a mail once user reset his successfully. would like to confirm, is it Mandatory to install the exchange console on FIM server only for email notification in case of successful password reset and OTP on email.
  If exchange console is mandatory to be installed on FIM server, How does FIM interacts with exchange console to trigger a email?
  Thanks
  Harry

  Hello Harry,
  Note that it is not required to install the Exchange management console on FIM in order to send notification emails. You should be able to send emails from within your workflow activity by purely editing it and adding a "notification" activity. (Assuming
  your FIM instance is configured correctly).
  The only reason for ever installing the Exchange Console on a FIM server was related to Exchange 2007 provisioning within older versions of FIM. 
  HTH
  Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
  faster.]

• How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR

  Hi,
  How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
  Regards
  Anil Kumar

  Hello there Anil,
  A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
  maybe 60 days to so, watch the DB size).
  To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
  In your search scope you can use the following XPath to play with.
  - All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
  - All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
  You can play with the "RequestStatus".
  Hope this helps.
  Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
  faster.]

• Error 3001 in FIM SSPR all of sudden

  Hi Experts,
  We have deployed FIM SSPR on two servers and managed the load via load balancer.
  Till yesterday, we were able to do password reset and registration. But all of sudden, we were getting Error 3001 while attempting password reset and Session time out in Password Registration. I did checked everything was in place.
  The application pool identity being used has all SPN configured.
  Enabling verbose mode revealed this error:
  Microsoft.ResourceManagement Error: 3 : The error page was displayed to the user.
  Details:
  Title: Access denied.
  Message: Error processing your request: The operation was rejected because of access control policies.
  Source: The supplied request content violates system rules.
  Attributes: 
  Details: The Request contains changes that violate system constraints.
  CorrelationId: e0b2d32c-7bae-4e36-be5b-0b8e527e3e3a
  RequestId: 
  ErrorCode: 3001
  CaughtTime: 12/12/2014 02:04:41
  Any suggestion will be appreciated.
  Thanks and Regards, Siva Kumar Balaguru

  Check your MPR's associated with Password reset. Oh wait, I think this one is related to FIM Service not trusting SSPR account?
  The data above this text is pseudorandom, brace yourselves.

• Installing HA Fim Service

  Hi All 
  im following this guide to install FIM portal and Service with load balancing
  http://www.harbar.net/articles/fimportal.aspx 
  All went well, after modifying some of the scripts, but now the question is when i install the FIMservice on the second node do i create a new DB or i reuse the existing one ?
  Also when installing the password reg and res portals, inorder to make them externally accessible all i need to do is just specify the external names only ?
  Thanks in advance
  Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

  Thanks for your answer, but i am now struggling to get the portal up in the first place
  below is what i am doing 
   Configured LB for the 2 fim portal/service machines
  Deployed SPF 2013 and configure all the special settings and joined the second machine 
  Install fim service and portal on the 1st node 
  install fim service on the second node 
  All of the above goes successful until i try to login i get service unavailable in a forefront page
  any ideas if i am doing something wrong ?
  Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer

• BHOLD FIM Integration install failed with Null Pointer Exception

  Hi,
     I started BHOLD installation and completed Core and FIM Provisioning installs successfully. However, FIM Integration install keeps on failing while running FIMCustomization.exe with the following error:
  Unhandled Exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Object reference not set to an instance of an object. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose
  value is:
  System.NullReferenceException: Object reference not set to an instance of an object.   
  at Microsoft.ResourceManagement.ObjectModel.RmAttributeValue.ToString() in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\Microsoft.ResourceManagement.ObjectModel\RmAttributeValue.cs:line 146  
  at WorkFlowProviderForFIM2010.WorkFlowProvider.TransformFimToXml(RmResource aFIMobject, Boolean asDirty) in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\WorkFlowProviderForFIM2010\WorkFlowProvider.cs:line 957   
  at WorkFlowProviderForFIM2010.WorkFlowProvider.QueryObjects(String objectType, String attributeName, String dn, String[] attributes) in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\WorkFlowProviderForFIM2010\WorkFlowProvider.cs:line
  890   
  at BHOLD.RoleExchangePoint.BHOLDRoleExchangePoint.QueryObjectsX(String objectType, String attributeName, String dn, String...).
  I was able to generate the error when I run FIMCustomization.exe from command prompt. "C:\Program Files (x86)\BHOLD\FIM\FIM Customization\FimCustomization.exe" /apply "BHOLD-customization.xml" server MyComputer:5151
  The account running the install is part of FIM Administrators.
  What might be the issue?

  Hi Saurabh,
  FimCustomization.exe keeps crashing for me as well. I figured out it is all about the accounts that you are using. I have wrote a blog post that shows the scenario that worked for me. Hope it will help you.
  http://social.technet.microsoft.com/wiki/contents/articles/22621.fim-2010-installing-bhold-fim-integration.aspx

• Error Installing FIM Reporting in FIM 2010 R2 with SP1 - SCSM 2012 [CheckFIMWebSiteorSolutionPackExisting]

  I am running into the below issue. I am installing FIM 2010 R2 SP1 Reporting with SCSM 2012 [SCSM successfully installed].
  FIM R2 Reporting installation is failing with both Wizard and Command line.
  Command line captures below error: Can some one help on this?
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
  Property name = 'SHAREPOINT_URL', value = 'http://myurl.
  Property name = 'UILevel', value = '2'.
  CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
  Action ended 0:27:20: INSTALL. Return value 3.
  In below link, the above question is unanswered. Kindly help.
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/37b1af85-aef0-422b-9417-7364d51d0df4/installing-fim-reporting-in-fim-2010-r2-with-sp1?forum=systemcenterservicemanager

  Hi All,
  Though we use SCSM 2012, the FIM 2010 Reporting (R2 SP1) installation throws the alert to run
  KB2561430 hotfix (when run throght console) and above error (when run through commnad line).This is actually a bug and MS have fixed that in one of its FIM hotfix rollup. I could move out of the above error by applying the FIM hotfix mentioned
  in the below link.
  http://blogs.technet.com/b/steady/archive/2013/06/12/fim-2010-r2-sp1-reporting-failure-scsm-2012-sp1-you-must-apply-patch.aspx
  Aswathy Raj

• Error 25009 Install FIM Synchronization

  Hello,
  i try to install FIM Sync and i have a remote sql server but i have this error
  Product: Forefront Identity Manager Synchronization Service -- Error 25009.The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. OLEDB Provider Information:
  Description = 'Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.'
  Failure Code = 0x80004005
  Minor Number = 18452
  <hr=0x80230406>
  Any idea ?
  Thanks

  Yes i tried with a domain account but nothing.
  Actually the installation of FIM portal is OK but not FIM synchronization !!!
  it's ok now, it was an error on permission configuration for fim service account
  Hi,
  I don't suppose you could please elaborate on which permission configuation error was encountered, and how it was resolved?
  I'm running into the same issue while trying to install the FIM sync service component.
  Thanks in advance!
  Farrell

• Installing FIM 2010 Add-ins and Extensions via GPO

  Hi,
  I have been trying to install the FIM Client using Group Policy software installation using the following link : http://social.technet.microsoft.com/wiki/contents/articles/2236.how-to-prepareexecute-installation-of-fim-2010-add-ins-and-extensions-via-gpo.aspx
  The crucial section missing on this page is what property to add/modify using Orca so that the install can proceed silently using an MST file which provides the registration_portal_url, RMS_location and addlocal properties for the FIM client install.
  If I install the client manually using the following command, msiexec /i "Add-ins and extensions.msi" transforms=client.mst /q, the client install proceeds silently which is what I expect.
  The UILevel=2 property is supposed to tell Windows installer to proceed silently as per http://msdn.microsoft.com/en-us/library/aa372096%28v=vs.85%29.aspx, however when I set this property in Orca for the transform file and then I execute the msiexec command,
  the UI still comes up and prompts me for selecting the different options for installing the client.
  Has anybody successfully deployed FIM client through group policy?
  Thanks!

  I still cannot get the FIM client to install through GPO. To confirm that a silent install of the FIM client works (because that is exactly what the GPO software install is doing), I ran the following command on my Windows XP computer
  msiexec /i "Add-ins and extensions.msi" /q
  Immediately, after running this command, I got an error in the application log
  "Product: Forefront Identity Manager Add-ins and Extensions -- You must specify FIM Service server address."
  So it looks like there is no way to install the client through GPO without specifying the FIM service server, and that cannot be done without an MST file.....
  So I will have to play around with the MST file and see if I can get it installed

• Unable to process your request in FIM 2010 R2.

  Hi,
  Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
  This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
  Unable to process your request .
  NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
  Regards
  Anil Kumar  

  I make the changes in the  web.config file at location
   C:\inetpub\wwwroot\wss\VirtualDirectories\80  on FIM server and added  the
  requireKerberos=”true”  as per the FIM installation
  document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint  URL is working fine.
  Please help me to resolve the issue.
  Anil

• Self Service Password Registration Page taking more time for loading in FIM 2010 R2

  Hi,
  I have beeen successfullly installed FIM 2010 R2 SSPR and it is working fine
  but my problem is that Self Service Password Registration Page taking more time for loading when i provide Window Credential,it is taking approximate 50 to 60 Seconds for loading a page in FIM 2010 R2
  very urgent requirement.
  Regards
  Anil Kumar

  Double check that the objectSid, accountname and domain is populated for the users in the FIM portal, and each user is connected to their AD counterparts
  Check here for more info:
  http://social.technet.microsoft.com/wiki/contents/articles/20213.troubleshooting-fim-sspr-error-3003-the-current-user-account-is-not-recognized-by-forefront-identity-manager-please-contact-your-help-desk-or-system-administrator.aspx

• Load balance the SSPR Site

  Hi,
   How can I load balance my FIM SSPR servers? I'd like to run the SSPR service on separate servers to the FIM sync, FIM service and FIM portal servers.
  I've ran through the SSPR installer on a single server, but never in a load balanced setup. How do I achieve this?
  Thanks
  IT Support/Everything

  It is pretty simple.
  You install SSPR on two servers separately - make sure in IIS settings (bindings) that both are accessible on the same name, for example
  sspr.domain.com. Then you just create NLB that has two nodes - those two servers. Please remember to use session stickness just to make sure one session is served by one node only.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• SSPR with OTP Email is not working

  Hi Everyone,
  I am facing issue with FIM SSPR OTP Email based with one of My FIM Deployments. First of All I explain environment:
  We have two different type of Users: For One Type of users We need QA Gate based Password Reset and For Other set of Users We need OTP email based Password Reset.
  NOTE: FIM Portal, Service & SSPR are in HA.
  What Approach I have followed:
  1) For QA Type User, I kept one Default "Anonymous User Can reset their Password" and in target resources selected "Specific Set for those Users" and In requester I kept "Anonymous User".
  2) For OTP Mail Type Users, I created a new MPR and Password Auth Workflow(Read Only OTP Activity) and Action workflow (Active Directory Password Reset Activity). And In MPR, in target resources selected "Set for this Type Of Users". and In requester
  I kept "Anonymous User".
  This approach was working in My personal Test lab which was not in HA. But now In HA, QA Based Password Reset is working fine and OTP based Password reset is throwing error. I am getting OTP mail but after entering reset Password, My process is unable to
  process successfully. On FIM Portal, in search request: This requeste is getting PostProcessingError. And Request is stating that "The Workflow instance ****** encountered an internal error during processing" and In applied policies it is showing
  MPR which I created.
  Please help. 
  If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu

  Hi,
  Thanks for your reply. I was successfully able to resolve the issue. It was related to .Net framework version used into Reset Action Workflow XOML. I just opened Workflow definition in Advance view and replaced version 4.0.0.0 with 3.5.0.0. 
  It worked magically. Thanks to the Post by : Predica.
  Link is : Click Here
  If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu

• Error when loading FIM portal in new installation: The requestor's identity was not found.

  I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
  The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
  Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:
  Unable to process your request.
  Please contact your help desk or system administrator.
  Error processing your request: The server was unwilling to perform the requested operation.
  Reason: The requester of this operation is invalid.
  Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8
  Details: The requestor's identity was not found.
  >Go to Forefront Identity Manager home page
  (The web page header does show the FIM logo, so the portal itself is there).
  In the ForeFront logs on SPF1, I get the following:
  Log Name:      Forefront Identity Manager
  Source:        Microsoft.ResourceManagement
  Date:          1/13/2015 5:48:08 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      SPF1.testdomain.internal
  Description:
  GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement" />
      <EventID Qualifiers="0">3</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
      <EventRecordID>523</EventRecordID>
      <Channel>Forefront Identity Manager</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
    </EventData>
  </Event>
  Log Name:      Forefront Identity Manager
  Source:        Microsoft.ResourceManagement
  Date:          1/13/2015 5:48:08 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      SPF1.testdomain.internal
  Description:
  Requestor: Internal Service
  Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
  Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement" />
      <EventID Qualifiers="0">3</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
      <EventRecordID>522</EventRecordID>
      <Channel>Forefront Identity Manager</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Requestor: Internal Service
  Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
  Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
     at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
    </EventData>
  </Event>
  Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal",
  although that's actually a NLB group between two CAS/HUB servers.
  Log Name:      Application
  Source:        Microsoft.ResourceManagement.ServiceHealthSource
  Date:          1/13/2015 7:43:49 PM
  Event ID:      12
  Task Category: None
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SPF1.testdomain.internal
  Description:
  The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
  The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
  Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
  Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
      <EventID Qualifiers="0">12</EventID>
      <Level>3</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
      <EventRecordID>7581</EventRecordID>
      <Channel>Application</Channel>
      <Computer>SPF1.testdomain.internal</Computer>
      <Security />
    </System>
    <EventData>
      <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
  The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.
  Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the
  Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
    </EventData>
  </Event>
  I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could
  be mistaken).

  I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.

• SQL Features for FIM Synchronization Server

  Hi,
  As we need to Install the FIM Synchronization server  of FIM 2010 R2 SP-1 only. Could you please suggest if all the below sql server features are mandatory to install for FIM synchronization Server. 
  Database Engine Services
  Full-Text Search
  Analysis Services
  Reporting Services
  Business Intelligence Development Studio
  Integration Services
  Management Tools - Basic
  Management Tools - Complete
  Thanks
  Harry

  Hi Harry,
  According to
  this article, the SQL Server features that are required for a Sync Services installation are the Database Engine Services and (optionally) the Management Tools - Basic.
  Cheers,
  Tom Houston, UK Identity Management Practice