Installing HA Fim SSPR
Hey Guys,
Im now installing the SSPR on a Load Balanced Sharepoint FARM. The Fim Portal works and exists on both servers in the IIS.
Now the thing is that i installed the SSPR (Reset and Registration portals) on the first node, the IIS sites are there and working, however now on the second node shouldnt SP be replicating those sites like it did with the FIM portal or shall i go and manually
install the SSPR portal on the second node as well ?
Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer
SSPR are not based on SharePoint - you can install them without installing SharePoint on a host. So you have to manually install them on each node.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.
Similar Messages
-
Exchange console is Madatory for FIM SSPR email notification
Hi,
We are trying to trigger a mail once user reset his successfully. would like to confirm, is it Mandatory to install the exchange console on FIM server only for email notification in case of successful password reset and OTP on email.
If exchange console is mandatory to be installed on FIM server, How does FIM interacts with exchange console to trigger a email?
Thanks
HarryHello Harry,
Note that it is not required to install the Exchange management console on FIM in order to send notification emails. You should be able to send emails from within your workflow activity by purely editing it and adding a "notification" activity. (Assuming
your FIM instance is configured correctly).
The only reason for ever installing the Exchange Console on a FIM server was related to Exchange 2007 provisioning within older versions of FIM.
HTH
Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
faster.] -
Hi,
How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
Regards
Anil KumarHello there Anil,
A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
maybe 60 days to so, watch the DB size).
To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
In your search scope you can use the following XPath to play with.
- All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
- All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
You can play with the "RequestStatus".
Hope this helps.
Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
faster.] -
Error 3001 in FIM SSPR all of sudden
Hi Experts,
We have deployed FIM SSPR on two servers and managed the load via load balancer.
Till yesterday, we were able to do password reset and registration. But all of sudden, we were getting Error 3001 while attempting password reset and Session time out in Password Registration. I did checked everything was in place.
The application pool identity being used has all SPN configured.
Enabling verbose mode revealed this error:
Microsoft.ResourceManagement Error: 3 : The error page was displayed to the user.
Details:
Title: Access denied.
Message: Error processing your request: The operation was rejected because of access control policies.
Source: The supplied request content violates system rules.
Attributes:
Details: The Request contains changes that violate system constraints.
CorrelationId: e0b2d32c-7bae-4e36-be5b-0b8e527e3e3a
RequestId:
ErrorCode: 3001
CaughtTime: 12/12/2014 02:04:41
Any suggestion will be appreciated.
Thanks and Regards, Siva Kumar BalaguruCheck your MPR's associated with Password reset. Oh wait, I think this one is related to FIM Service not trusting SSPR account?
The data above this text is pseudorandom, brace yourselves. -
Hi All
im following this guide to install FIM portal and Service with load balancing
http://www.harbar.net/articles/fimportal.aspx
All went well, after modifying some of the scripts, but now the question is when i install the FIMservice on the second node do i create a new DB or i reuse the existing one ?
Also when installing the password reg and res portals, inorder to make them externally accessible all i need to do is just specify the external names only ?
Thanks in advance
Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answerThanks for your answer, but i am now struggling to get the portal up in the first place
below is what i am doing
Configured LB for the 2 fim portal/service machines
Deployed SPF 2013 and configure all the special settings and joined the second machine
Install fim service and portal on the 1st node
install fim service on the second node
All of the above goes successful until i try to login i get service unavailable in a forefront page
any ideas if i am doing something wrong ?
Hany George | Consultant | IDC S.p.A | MCITP: Lync Server | MCITP: Exchange 2010 | MCTS: OCS | Blog: http://dusk1911.wordpress.com/ | If this post has been useful please click the green arrow to the left or click Propose as answer -
BHOLD FIM Integration install failed with Null Pointer Exception
Hi,
I started BHOLD installation and completed Core and FIM Provisioning installs successfully. However, FIM Integration install keeps on failing while running FIMCustomization.exe with the following error:
Unhandled Exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Object reference not set to an instance of an object. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose
value is:
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ResourceManagement.ObjectModel.RmAttributeValue.ToString() in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\Microsoft.ResourceManagement.ObjectModel\RmAttributeValue.cs:line 146
at WorkFlowProviderForFIM2010.WorkFlowProvider.TransformFimToXml(RmResource aFIMobject, Boolean asDirty) in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\WorkFlowProviderForFIM2010\WorkFlowProvider.cs:line 957
at WorkFlowProviderForFIM2010.WorkFlowProvider.QueryObjects(String objectType, String attributeName, String dn, String[] attributes) in d:\_Bld\10\16\Sources\main\src\samples\BHOLD\2011 R2\FIM Integration\WorkFlowProviderForFIM2010\WorkFlowProvider.cs:line
890
at BHOLD.RoleExchangePoint.BHOLDRoleExchangePoint.QueryObjectsX(String objectType, String attributeName, String dn, String...).
I was able to generate the error when I run FIMCustomization.exe from command prompt. "C:\Program Files (x86)\BHOLD\FIM\FIM Customization\FimCustomization.exe" /apply "BHOLD-customization.xml" server MyComputer:5151
The account running the install is part of FIM Administrators.
What might be the issue?Hi Saurabh,
FimCustomization.exe keeps crashing for me as well. I figured out it is all about the accounts that you are using. I have wrote a blog post that shows the scenario that worked for me. Hope it will help you.
http://social.technet.microsoft.com/wiki/contents/articles/22621.fim-2010-installing-bhold-fim-integration.aspx -
I am running into the below issue. I am installing FIM 2010 R2 SP1 Reporting with SCSM 2012 [SCSM successfully installed].
FIM R2 Reporting installation is failing with both Wizard and Command line.
Command line captures below error: Can some one help on this?
Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
Property name = 'SHAREPOINT_URL', value = 'http://myurl.
Property name = 'UILevel', value = '2'.
CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
Action ended 0:27:20: INSTALL. Return value 3.
In below link, the above question is unanswered. Kindly help.
http://social.technet.microsoft.com/Forums/systemcenter/en-US/37b1af85-aef0-422b-9417-7364d51d0df4/installing-fim-reporting-in-fim-2010-r2-with-sp1?forum=systemcenterservicemanagerHi All,
Though we use SCSM 2012, the FIM 2010 Reporting (R2 SP1) installation throws the alert to run
KB2561430 hotfix (when run throght console) and above error (when run through commnad line).This is actually a bug and MS have fixed that in one of its FIM hotfix rollup. I could move out of the above error by applying the FIM hotfix mentioned
in the below link.
http://blogs.technet.com/b/steady/archive/2013/06/12/fim-2010-r2-sp1-reporting-failure-scsm-2012-sp1-you-must-apply-patch.aspx
Aswathy Raj -
Error 25009 Install FIM Synchronization
Hello,
i try to install FIM Sync and i have a remote sql server but i have this error
Product: Forefront Identity Manager Synchronization Service -- Error 25009.The Forefront Identity Manager Synchronization Service setup wizard cannot configure the specified database. OLEDB Provider Information:
Description = 'Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.'
Failure Code = 0x80004005
Minor Number = 18452
<hr=0x80230406>
Any idea ?
ThanksYes i tried with a domain account but nothing.
Actually the installation of FIM portal is OK but not FIM synchronization !!!
it's ok now, it was an error on permission configuration for fim service account
Hi,
I don't suppose you could please elaborate on which permission configuation error was encountered, and how it was resolved?
I'm running into the same issue while trying to install the FIM sync service component.
Thanks in advance!
Farrell -
Installing FIM 2010 Add-ins and Extensions via GPO
Hi,
I have been trying to install the FIM Client using Group Policy software installation using the following link : http://social.technet.microsoft.com/wiki/contents/articles/2236.how-to-prepareexecute-installation-of-fim-2010-add-ins-and-extensions-via-gpo.aspx
The crucial section missing on this page is what property to add/modify using Orca so that the install can proceed silently using an MST file which provides the registration_portal_url, RMS_location and addlocal properties for the FIM client install.
If I install the client manually using the following command, msiexec /i "Add-ins and extensions.msi" transforms=client.mst /q, the client install proceeds silently which is what I expect.
The UILevel=2 property is supposed to tell Windows installer to proceed silently as per http://msdn.microsoft.com/en-us/library/aa372096%28v=vs.85%29.aspx, however when I set this property in Orca for the transform file and then I execute the msiexec command,
the UI still comes up and prompts me for selecting the different options for installing the client.
Has anybody successfully deployed FIM client through group policy?
Thanks!I still cannot get the FIM client to install through GPO. To confirm that a silent install of the FIM client works (because that is exactly what the GPO software install is doing), I ran the following command on my Windows XP computer
msiexec /i "Add-ins and extensions.msi" /q
Immediately, after running this command, I got an error in the application log
"Product: Forefront Identity Manager Add-ins and Extensions -- You must specify FIM Service server address."
So it looks like there is no way to install the client through GPO without specifying the FIM service server, and that cannot be done without an MST file.....
So I will have to play around with the MST file and see if I can get it installed -
Unable to process your request in FIM 2010 R2.
Hi,
Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
Unable to process your request .
NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
Regards
Anil KumarI make the changes in the web.config file at location
C:\inetpub\wwwroot\wss\VirtualDirectories\80 on FIM server and added the
requireKerberos=”true” as per the FIM installation
document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint URL is working fine.
Please help me to resolve the issue.
Anil -
Self Service Password Registration Page taking more time for loading in FIM 2010 R2
Hi,
I have beeen successfullly installed FIM 2010 R2 SSPR and it is working fine
but my problem is that Self Service Password Registration Page taking more time for loading when i provide Window Credential,it is taking approximate 50 to 60 Seconds for loading a page in FIM 2010 R2
very urgent requirement.
Regards
Anil KumarDouble check that the objectSid, accountname and domain is populated for the users in the FIM portal, and each user is connected to their AD counterparts
Check here for more info:
http://social.technet.microsoft.com/wiki/contents/articles/20213.troubleshooting-fim-sspr-error-3003-the-current-user-account-is-not-recognized-by-forefront-identity-manager-please-contact-your-help-desk-or-system-administrator.aspx -
Hi,
How can I load balance my FIM SSPR servers? I'd like to run the SSPR service on separate servers to the FIM sync, FIM service and FIM portal servers.
I've ran through the SSPR installer on a single server, but never in a load balanced setup. How do I achieve this?
Thanks
IT Support/EverythingIt is pretty simple.
You install SSPR on two servers separately - make sure in IIS settings (bindings) that both are accessible on the same name, for example
sspr.domain.com. Then you just create NLB that has two nodes - those two servers. Please remember to use session stickness just to make sure one session is served by one node only.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
SSPR with OTP Email is not working
Hi Everyone,
I am facing issue with FIM SSPR OTP Email based with one of My FIM Deployments. First of All I explain environment:
We have two different type of Users: For One Type of users We need QA Gate based Password Reset and For Other set of Users We need OTP email based Password Reset.
NOTE: FIM Portal, Service & SSPR are in HA.
What Approach I have followed:
1) For QA Type User, I kept one Default "Anonymous User Can reset their Password" and in target resources selected "Specific Set for those Users" and In requester I kept "Anonymous User".
2) For OTP Mail Type Users, I created a new MPR and Password Auth Workflow(Read Only OTP Activity) and Action workflow (Active Directory Password Reset Activity). And In MPR, in target resources selected "Set for this Type Of Users". and In requester
I kept "Anonymous User".
This approach was working in My personal Test lab which was not in HA. But now In HA, QA Based Password Reset is working fine and OTP based Password reset is throwing error. I am getting OTP mail but after entering reset Password, My process is unable to
process successfully. On FIM Portal, in search request: This requeste is getting PostProcessingError. And Request is stating that "The Workflow instance ****** encountered an internal error during processing" and In applied policies it is showing
MPR which I created.
Please help.
If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh BhamuHi,
Thanks for your reply. I was successfully able to resolve the issue. It was related to .Net framework version used into Reset Action Workflow XOML. I just opened Workflow definition in Advance view and replaced version 4.0.0.0 with 3.5.0.0.
It worked magically. Thanks to the Post by : Predica.
Link is : Click Here
If My Answer helps you do not forget to check helpful post and If answers your question do not forget to "Mark it as an Answer" Thanks~ Giriraj Singh Bhamu -
I have just installed the FIM portal into my test environment. The synchronisation service was already working perfectly (can provision users from a .csv file).
The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:
Unable to process your request.
Please contact your help desk or system administrator.
Error processing your request: The server was unwilling to perform the requested operation.
Reason: The requester of this operation is invalid.
Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8
Details: The requestor's identity was not found.
>Go to Forefront Identity Manager home page
(The web page header does show the FIM logo, so the portal itself is there).
In the ForeFront logs on SPF1, I get the following:
Log Name: Forefront Identity Manager
Source: Microsoft.ResourceManagement
Date: 1/13/2015 5:48:08 PM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
<EventRecordID>523</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
</EventData>
</Event>
Log Name: Forefront Identity Manager
Source: Microsoft.ResourceManagement
Date: 1/13/2015 5:48:08 PM
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement" />
<EventID Qualifiers="0">3</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
<EventRecordID>522</EventRecordID>
<Channel>Forefront Identity Manager</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>Requestor: Internal Service
Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
</EventData>
</Event>
Further, I note that it has trouble connecting to the web exchange connector. I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for? I'm connecting to "mail.testdomain.internal",
although that's actually a NLB group between two CAS/HUB servers.
Log Name: Application
Source: Microsoft.ResourceManagement.ServiceHealthSource
Date: 1/13/2015 7:43:49 PM
Event ID: 12
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SPF1.testdomain.internal
Description:
The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the
Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
<EventID Qualifiers="0">12</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
<EventRecordID>7581</EventRecordID>
<Channel>Application</Channel>
<Computer>SPF1.testdomain.internal</Computer>
<Security />
</System>
<EventData>
<Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.
Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the
Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
</EventData>
</Event>
I'm not really sure where to start investigating at this point. The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could
be mistaken).I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
-
SQL Features for FIM Synchronization Server
Hi,
As we need to Install the FIM Synchronization server of FIM 2010 R2 SP-1 only. Could you please suggest if all the below sql server features are mandatory to install for FIM synchronization Server.
Database Engine Services
Full-Text Search
Analysis Services
Reporting Services
Business Intelligence Development Studio
Integration Services
Management Tools - Basic
Management Tools - Complete
Thanks
HarryHi Harry,
According to
this article, the SQL Server features that are required for a Sync Services installation are the Database Engine Services and (optionally) the Management Tools - Basic.
Cheers,
Tom Houston, UK Identity Management Practice
Maybe you are looking for
-
IPhone will not sync when Windows Vista laptop is offline
Hi there. My iPhone 3GS syncs OK when my Laptop has a wireless connection to the internet but if it is offline, itunes will not recognise my iPhone. It shows up in 'My Computer' as a Mobile device. I have deleted and reinstalled iTunes and quickTime
-
App Store Difference Between Countries
Hello there Do apps still differ between stores in different countries? I have changed addresses (moved to another country) and was wondering if moving to the new app store would limit access to some apps that are available only in either stores. Tha
-
IPHOTO QUESTION, PLEASE HELP :)
Hello everybody Is there anyway i can get a border for my photographs in iphoto, and is there a way were i can have text on it saying its mine. Thanks so much for your help
-
Dear All, Can anyone tell how to get data from the table or from Std., T.code regarding the reservation created with status open also who has created. Please help me out in htis. Regards, Nagaraj S
-
Hi, i have one question BI publisher, I have to fetch conditions met records only in the report. i want only records which are type is Incident and Status is Closed or Resolved Records only. If other than these it should not display or bring in my BI