Kerberos-no-logon-server in fim 2010

Similar Messages

• FIM 2010 GAL Synchonization Error

  number one
  Forest
  exchange server 2013
  a server with active directory 2012
  a server running FIM 2010 R2 sp1
  number two Forest
  a server with Exchange 2010
  Active directory server 2008
  r2
  I'm setting up a global address list
  with FIM Server
  configure agents with default attributes
  Forest users number one, they
  are synchronized to the number two
  Forest
  Forest users number one, they
  are not transferred to the number two
  Forest.
  users see them as delete and
  are not added, attached the error.
  Forest groups the number one
  Forest synchronized to the number two
  my question is?
  that users are not synchronized and groups
  are synchronized if the forest
  both.
  is there any attribute to be removed
  for being Exchange 2010 and AD
  2008.
  that I take is when they are
  forest and exchange different
  version?

  Satpal,
  You could theoretically do this by exposing AD to the Internet, you would need to expose port 389 for remote domain publically so that FIM server could reach that without direct connection. You could use reverse proxy software such as TMG/UAG to publish
  this port safely, although I don't the exact implementation details for that. As far as the Exchange provisioning piece, that is already a trick to get to to work in some internalized scenarios so making that work publically is seemingly unlikely; you are
  better off disabling that and just running PS cmdlets on Exchange servers after exports to AD are completed. You could use script/automated process on Exchange server to launch this after export from FIM is finished.

• Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2

  HI,
  I am Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2,
  Before SharePoint Foundation 2013 installation I installed all prerequisite software that is required for SharePoint Foundation 2013 but when we run SharePoint Foundation 2013 setup that gives below error so I am requesting you please help on this.
  Setup is unable to proceed due to the following error(s):
  Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
  Regards
  Anil Kumar

  You really need to do what error is suggesting.
  Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
  Nosh Mernacaj, Identity Management Specialist

• How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?

  Hellos.
  I have tried and failed to add my custom.dll into the Windows Server 2012  GAC.
  We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
  I cannot find gacutil.exe on the Windows 2012 Server.
  I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
  Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
  TIA
  *HH

  Well yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
  However, the problem has been resolved. Powershell can be used to modify the assemblies.
  I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
  Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
  (My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
  These powershell commands got me going...
  PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
  GAC    Version        Location
  True   v4.0.30319     C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
  PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
  PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
  PS C:\temp>
  PS C:\temp>
  PS C:\temp> iisreset
  Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
  Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1.

• SharePoint Foundation 2013 SP1 for Microsoft Forefront Identity Manager (FIM) 2010 R2 SP1

  For subsequent installation FIM 2010
  R2 SP1, I must create a Web application
  with the classical method of authentication. According to
  Microsoft (http://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx),
  it is created using PowerShell the following commands:
  $ AdminCredentials = Get-user domain
  \ contosoAdmin
  • $ adminManagedAccount = New-SPManagedAccount -Credential $ adminCredentials
  • New-SPWebApplication -Name "FIM SharePoint Web Application" -ApplicationPool "FIMAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount $ adminManagedAccount -Port
  80 -URL http://www.contoso.com
  But these commands do not specify an account for
  Web services applications,
  and services of that applications will run under the account
  under which installed Sharepoint. As a result,
  the Administration Console Sharepoint error occurs:
  the application service account has
  local administrator rights. But it should not
  be.
    I ask for advice on how to solve this problem.

  Where I can found ULS Log and configuration details as well?
  I have errors:
  Accounts used by application pools or service identities are in the local machine Administrators group.
  One or more web applications are configured to use Windows Classic authentication.
  When I create a Web application through the
  web interface, and select
  the account for the application pool and application services
  (see. Screenshot). So I decided
  that the account application services
  become account under which installed
  Sharepoint, which has local administrator rights.
  And the application pool account to the
  administrators group is not included. Therefore,
  the question arises: what kind of account
  reports error :: 
  there is only one Web application (but
  before I create and delete the same):
  New-SpWebApplication
  DisplayName                    Url
  Sharepoint-FIM                
  http://www.contoso.com
  help to solve the error, please.

• Installing Sharepoint Foundation 2013 for FIM 2010 R2 SP-1

  Hi,
  As SharePoint Foundation 2013 is supported for FIM  2010 R2 sp-1 on windows 2012. I am trying to install the SharePoint  foundation 2013 on windows 2012. There are some prerequisite(like .net framework,windows Identity framework, sync, windows
  appfabric etc) which needs to be get installed before installing SharePoint 2013. I have installed on the prerequisite sucessfully but when try to install the SP 2013, getting the error, windows server AppFabric is not configured properly. Search
  on google and  configured the windows server AppFabric many times still getting the same issue. Kindly suggest if it  mandatory to configure the AppFabric.If yes, please suggest  the correct step to configure the AppFabric. 
  Error Print screen is as below.
  Regards
  Harry    

  Follow these guides to get it working: http://www.harbar.net/articles/fimportal.aspx https://konab.com/using-sharepoint-foundation-2013-with-fim/

• Unable to process your request in FIM 2010 R2.

  Hi,
  Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
  This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
  Unable to process your request .
  NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
  Regards
  Anil Kumar  

  I make the changes in the  web.config file at location
   C:\inetpub\wwwroot\wss\VirtualDirectories\80  on FIM server and added  the
  requireKerberos=”true”  as per the FIM installation
  document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint  URL is working fine.
  Please help me to resolve the issue.
  Anil

• Supported platforms in FIM 2010 R2 Sp1

  I have FIM 2010 R2 Syncronization Server running on Windows 2008R2 OS. The available Galsync connectors that we have are Exchange 2003, 2007 and 2010. The FIM sync server runs on Exchange 2010 environment but in order to fulfill the requirements of establishing
  a connector with Exchange 2007 we followed the reference "http://social.technet.microsoft.com/wiki/contents/articles/3457.fim-how-to-export-to-an-exchange-2007-server-with-synchronization-server-in-an-exchange-2010-domain.aspx"
  to install Exchange 2007 EMC on the FIM Sync server. Now we have a new connector lined up to be added on our FIM server which is running on Exchange 2013 environment. I need to know how can we perform an upgrade from FIM 2010R2 to FIM 2010R2 SP1 without breaking
  the existing configuration especially with the connectors running legacy Exchange (2003 and 2007).
  Jimmy George

  Yes, you can upgrade to SP1 without impacting the legacy connections.
  Thanks, Brian

• Upgrade FIM 2010 R2 Sp1 Databases from SQL 2008 R2 to SQL 2012

  Hi,
  I want to upgrade my SQL from 2008 R2 to SQL 2012.
  FIM Databases   
  1) FIMService Database 
  2) FIMSynchronizationService Database 
  Mentioned above are my FIM databases running on SQL server 2008 R2 . Now I was looking for some article which could tell me if SQL can be upgraded without affecting my existing databases of FIM or if i can move these databases to a new server having SQL
  2012
  Activity I want to perform :  Create a fresh  Server of SQL 2012 and move my FIM 2010 databases over it by restoring the backups. but as per the link below it seems not possible!
  http://social.technet.microsoft.com/wiki/contents/articles/5465.fimilm-how-to-move-the-backend-sql-server-synchronization-service-database.aspx

  Hi Shivam,
  Please take a look here: Release Notes for Forefront Identity Manager 2010 R2 SP1.
  In the table you have tasks to upgrade SQL for FIMService and FIMSych.
  FIM Service:
  Upgrade FIM Service servers to FIM 2010 R2 SP1
  Stop FIM Service on all servers
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Service on all servers
  FIM Synch:
  Upgrade FIM Sync to FIM 2010 R2 SP1
  Stop FIM Sync
  Backup Database [in case rollback needed]
  Upgrade SQL to SQL Server 2012
  Start FIM Sync
  If you are not making in-place upgrade, I would do something like here:
  Stop FIM Services
  Backup the databases at SQL 2008
  Restore backed up databases on SQL 2012
  Make sure SQL Agent Jobs are moved (FIMService)
  Make sure Broker is enabled on FIMService database
  On FIM machines create SQL alias using cliconfg utility. Alias should have the name of "old(sql2008) SQL" and point to new name/instance.
  Start FIM Services - they would use "old" name to connect, but it would be translated to new location. So they would start.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• FIM 2010 Reporting installation reinstalls FIM portal

  Hi,
  We have FIM 2010 R2 running in production environment. We have added some of our custom developed sharepoint forms inside FIM's sharepoint site to enhance the User Interface.
  We now want to deploy FIM reporting feature. But, the installer of FIM re-installs the FIM portal along with installing reporting feature. After reporting feature installation wizard completes, we see that all our customized sharepoint pages are lost and
  default FIM web portal appears again.
  Is there any method of installing reporting feature withou reinstalling FIM portal?
  Mayank Vaish

  I would start with the IIS Bindings -- to which IPs and names is the Password Registration Portal bound?
  Try to access the site directly. It could simply be that the link is incorrect. The link is stored on the FIM Portal server in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Portal  and look at the value of
  RegistrationPortalUrl
  David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

• Installing FIM Reporting in FIM 2010 R2 with SP1

  I tried to install the Reporting component.  I have FIM 2010 R2 with SP1 and SCSM 2012.  I get a error saying I have to install the KB2561430. This is apparently a hotfix for SCSM 2010 SP1. I thought that FIM R2 with SP1 supports SCSM 2012 as written:
  FIM Reporting
  Support for Windows Server 2012 has been added.
  Support for SQL Server 2012 has been added.
  Support for SCSM 2012 has been added.
  http://technet.microsoft.com/en-us/library/jj863246(v=ws.10).aspx
  Is there anything I need to install in the SCSM side?
  I'm stuck here

  Hi,
  Even I am running into the same issue. And installing FIM 2010 R2 SP1 Reporting [SCSM 2012 successfully installed].
  Both Wizard and Command line failing.
  Command line captures below error: Did any one solved this issues? Kindly help
  Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
  Property name = 'SHAREPOINT_URL', value = 'http://myurl.
  Property name = 'UILevel', value = '2'.
  CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
  Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
  Action ended 0:27:20: INSTALL. Return value 3.
  Aswathy Raj

• ILM to FIM 2010 Migration.

  Hello All,
  We are planning to upgrade ILM 2007 to FIM 2010 and plan is to use existing ILM database.
  --Restore it to the new DB server with the name “FIMSynchronizationService”,
  --Install FIM Sync, telling it to use the restored DB, and providing the encryption keys,
  This is will be my first time upgrading from ILM to FIM 2010, I have done previously couple of new FIM 2010 installation and upgrade it FIM 2010 R2 with the encryption key.
  As ILM and FIM 2010 ,the platform requirement is quite different and inplace upgrade is not possible, so we are planning to build a new server for FIM rather than in place upgrade.
  I never show FIM 2010 ask for encryption key in new installation in a new server. As we are planning to use the existing database , I need guidance how can i use the encryption key of ILM
  while upgrading to FIM 2010.
  Kindly share your thought.
  Regards,
  Raja Village

  Hi Raja,
  The process is pretty much the same as installing second server of FIM in Active-passive environment. So during installation you just have to pick "Use existing database". And, at the end of the installation, you would be asked to provide key file
  with a standard "Browse" key. So it is nothing unusual or hard.
  Of course make sure you have such key exported before installing new server :)
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• FIM 2010 R2 SP1 with SCSM 2012

  I know that FIM 2010 R2 SP1 now claims support for SCSM 2012. FIM Reporting allows us to use a free copy of SCSM / DW for just the purpose of reporting services. Does this only apply to SCSM 2010 or does this include SCSM 2012 as well? I just want to make
  sure that we don't install SCSM 2012 assuming that it's free when in reality only SCSM 2010 is free. This issue came about because SCSM 2010 did not require a product key, but SCSM 2012 does.
  Thanks,
  Mark
  Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

  On Fri, 4 Jul 2014 08:27:39 +0000, diramoh wrote:
  on Microsoft TechNet link, we have the following Details:
  Reporting: Unique key constraint violation when running reporting synchronization jobs
  If you attempt to run reporting synchronization jobs on a default System Console System Manager SP1 (SCSM SP1) installation, you may receive the error “Violation of UNIQUE KEY constraint ‘idx_ManagedEntityManagedTypeId’.  Cannot insert duplicate key…”. 
  To address this issue, please make sure you have the following updates installed on your System Center Service Manager Management Server, Data Warehouse Server, and any machines that have the System Center Service Manager Console installed on them:
  1. KB2542118 <http://support.microsoft.com/kb/2542118>– System Center Service Manager Cumulative Update 2
  2. KB2542118 <http://www.microsoft.com/download/en/details.aspx?id=26631>– System Center Service Manager FIM 2010 R2 Hotfix
  Note:  *You must have the SCSM Cumulative Update 2 installed before installing KB2542118*
  Shim is asking about the product key. The above has nothing at all to do
  with his question.
  Paul Adare - FIM CM MVP
  What should I do ......the machine can't find the program
  iexplorer.exe...
  Breathe a sigh of relief. -- Arthur Hagen in no.www

• Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2

  Hi,
  I have been Successfully registered with emailid in FIM 2010 R2 Password Registration Portal.but when go in FIM 2010 R2 Password Reset Portal and gives all right answers of questions after this gives fallowing
  error:Unable to send a security code. Please contact your help desk for assistance.
  Regards
  Anil kumar

  Hi,
  Thank's for response.
  I have been cheked mail server is UP and i am able to send mail through FIMService account.
  but this is not sending Securitycode notification to any users when i login through any user gives correct answering to the Question that i was set at registration time.this gives fallowing error:
  Unable to send a security code. Please contact your help desk for assistance
  and Eventviwer Error Below:
  The error page was displayed to the user.
  Details:
  Title: Unable to send security code
  Message: Unable to send a security code. Please contact your help desk for assistance.
  Source:
  Attributes:
  Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.OneTimePasswordDeliveryException: ValidationError:UnableToSendSecurityCode ---> System.ServiceModel.FaultException: ValidationError:UnableToSendSecurityCode
     at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
     at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
     at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
     --- End of inner exception stack trace ---
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)
     at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next()
     at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
     at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
     at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  CorrelationId:
  RequestId:
  ErrorCode: 3013
  CaughtTime: 05/02/2014 08:43:26
  Web Portal: FIM Password Reset Portal
  Session Id: 21uppbuy3vutsm55sytd4b55
  Regards
  Anil Kumar

• FIM 2010 R2 Sp1, Windows 2008 R2 SP1 and Recycle Bin issues

  Hi,
  We are running FIM 2010 R2 Sp1 (build 4.1.3613.0)
  Also running Windows 2008 R2 Forest and Domain functional level environment. (Windows Server 2008 R2 SP1 on all DCs). The previous Recycle Bin hotfix https://support.microsoft.com/en-us/kb/979214/ fails to install since we are already running WS08 R2 SP1
  on all the DCs.
  During deprovisioning, when a user is deleted from the source HR system, FIM deletes the object from AD, FIM Sync & Portal.
  FIM also manages a FIM Portal group, where membership is assigned manually. This membership is then updated in AD.
  When a user (who is part of this group) is deleted in HR, FIM deletes it from AD, FIM Sync, FIM Portal, FIM also removes user from FIM Portal group. The user is also removed from the AD group (by FIM group object membership attribute flow to AD)
  ...however, on the next AD Export, FIM fails to update the same group and complains about this very same user (CD Error) and lists the user as: CN=username\0ADEL:GUID, CN=Deleted Objects,DC=domain,DC=com
  It appears that there is a problem with FIM and the Recycle Bin again?
  Are there any new Recycle Bin/FIM hotfixes ?
  Thanks,
  SK

  May I suggest you review the following:
  Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
  Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope