Kerberos-no-logon-server in fim 2010
Hi,
When we run Export run profile of ADMA Management Agent then we get fallowing error
kerberos-no-logon-server
and all user that provisioned in AD OU in disabled mode and also taking more time for provisioning.
please provide any solution.
Regards
Anil Kumar
Yes I do - if the fqdn idea still doesn't fix your problem, turn off the Exchange provisioning features of the AD MA and run a post-export PowerShell script to manage your mailboxes. This is the approach we mostly take here @ UNIFY whereby the PowerShell
script is executed by FIM Event Broker - mainly to overcome problems like this.
Bob Bradley (FIMBob @
TheFIMTeam.com) ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM
Similar Messages
-
FIM 2010 GAL Synchonization Error
number one
Forest
exchange server 2013
a server with active directory 2012
a server running FIM 2010 R2 sp1
number two Forest
a server with Exchange 2010
Active directory server 2008
r2
I'm setting up a global address list
with FIM Server
configure agents with default attributes
Forest users number one, they
are synchronized to the number two
Forest
Forest users number one, they
are not transferred to the number two
Forest.
users see them as delete and
are not added, attached the error.
Forest groups the number one
Forest synchronized to the number two
my question is?
that users are not synchronized and groups
are synchronized if the forest
both.
is there any attribute to be removed
for being Exchange 2010 and AD
2008.
that I take is when they are
forest and exchange different
version?Satpal,
You could theoretically do this by exposing AD to the Internet, you would need to expose port 389 for remote domain publically so that FIM server could reach that without direct connection. You could use reverse proxy software such as TMG/UAG to publish
this port safely, although I don't the exact implementation details for that. As far as the Exchange provisioning piece, that is already a trick to get to to work in some internalized scenarios so making that work publically is seemingly unlikely; you are
better off disabling that and just running PS cmdlets on Exchange servers after exports to AD are completed. You could use script/automated process on Exchange server to launch this after export from FIM is finished. -
Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2
HI,
I am Unable to install Sharepoint Foundation 2013 in Windows Server 2012 for FIM 2010 R2,
Before SharePoint Foundation 2013 installation I installed all prerequisite software that is required for SharePoint Foundation 2013 but when we run SharePoint Foundation 2013 setup that gives below error so I am requesting you please help on this.
Setup is unable to proceed due to the following error(s):
Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
Regards
Anil KumarYou really need to do what error is suggesting.
Windows Server Appfabric is not correctly configured.You should unistall Windows Server Appfabric and reinstall it using the SharePoint Products Preparation Tool.
Nosh Mernacaj, Identity Management Specialist -
How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?
Hellos.
I have tried and failed to add my custom.dll into the Windows Server 2012 GAC.
We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
I cannot find gacutil.exe on the Windows 2012 Server.
I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
TIA
*HHWell yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
However, the problem has been resolved. Powershell can be used to modify the assemblies.
I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
(My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
These powershell commands got me going...
PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
GAC Version Location
True v4.0.30319 C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
PS C:\temp>
PS C:\temp>
PS C:\temp> iisreset
Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1. -
SharePoint Foundation 2013 SP1 for Microsoft Forefront Identity Manager (FIM) 2010 R2 SP1
For subsequent installation FIM 2010
R2 SP1, I must create a Web application
with the classical method of authentication. According to
Microsoft (http://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx),
it is created using PowerShell the following commands:
$ AdminCredentials = Get-user domain
\ contosoAdmin
• $ adminManagedAccount = New-SPManagedAccount -Credential $ adminCredentials
• New-SPWebApplication -Name "FIM SharePoint Web Application" -ApplicationPool "FIMAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount $ adminManagedAccount -Port
80 -URL http://www.contoso.com
But these commands do not specify an account for
Web services applications,
and services of that applications will run under the account
under which installed Sharepoint. As a result,
the Administration Console Sharepoint error occurs:
the application service account has
local administrator rights. But it should not
be.
I ask for advice on how to solve this problem.Where I can found ULS Log and configuration details as well?
I have errors:
Accounts used by application pools or service identities are in the local machine Administrators group.
One or more web applications are configured to use Windows Classic authentication.
When I create a Web application through the
web interface, and select
the account for the application pool and application services
(see. Screenshot). So I decided
that the account application services
become account under which installed
Sharepoint, which has local administrator rights.
And the application pool account to the
administrators group is not included. Therefore,
the question arises: what kind of account
reports error ::
there is only one Web application (but
before I create and delete the same):
New-SpWebApplication
DisplayName Url
Sharepoint-FIM
http://www.contoso.com
help to solve the error, please. -
Installing Sharepoint Foundation 2013 for FIM 2010 R2 SP-1
Hi,
As SharePoint Foundation 2013 is supported for FIM 2010 R2 sp-1 on windows 2012. I am trying to install the SharePoint foundation 2013 on windows 2012. There are some prerequisite(like .net framework,windows Identity framework, sync, windows
appfabric etc) which needs to be get installed before installing SharePoint 2013. I have installed on the prerequisite sucessfully but when try to install the SP 2013, getting the error, windows server AppFabric is not configured properly. Search
on google and configured the windows server AppFabric many times still getting the same issue. Kindly suggest if it mandatory to configure the AppFabric.If yes, please suggest the correct step to configure the AppFabric.
Error Print screen is as below.
Regards
HarryFollow these guides to get it working: http://www.harbar.net/articles/fimportal.aspx https://konab.com/using-sharepoint-foundation-2013-with-fim/
-
Unable to process your request in FIM 2010 R2.
Hi,
Unable to process your request in FIM 2010 R2 sp1 when we hit the URL https://Machinename/Identitymanagerment/default.aspx.
This was working when we installed fresh FIM Synchronization service and FIM 2010 r2 sp1 Portal but now it is not working for me.i have uninstalled FIM 2010 Portal and delete FIMService database and again installed still gives the same message
Unable to process your request .
NOTE:I am implementing FIM 2010 R2 SSPR and gives all reuired cofiguration for this as per Microsoft documents.
Regards
Anil KumarI make the changes in the web.config file at location
C:\inetpub\wwwroot\wss\VirtualDirectories\80 on FIM server and added the
requireKerberos=”true” as per the FIM installation
document. Restarted the IIS and reboot the server. After that unable to login on the FIM Portal, However, SharePoint URL is working fine.
Please help me to resolve the issue.
Anil -
Supported platforms in FIM 2010 R2 Sp1
I have FIM 2010 R2 Syncronization Server running on Windows 2008R2 OS. The available Galsync connectors that we have are Exchange 2003, 2007 and 2010. The FIM sync server runs on Exchange 2010 environment but in order to fulfill the requirements of establishing
a connector with Exchange 2007 we followed the reference "http://social.technet.microsoft.com/wiki/contents/articles/3457.fim-how-to-export-to-an-exchange-2007-server-with-synchronization-server-in-an-exchange-2010-domain.aspx"
to install Exchange 2007 EMC on the FIM Sync server. Now we have a new connector lined up to be added on our FIM server which is running on Exchange 2013 environment. I need to know how can we perform an upgrade from FIM 2010R2 to FIM 2010R2 SP1 without breaking
the existing configuration especially with the connectors running legacy Exchange (2003 and 2007).
Jimmy GeorgeYes, you can upgrade to SP1 without impacting the legacy connections.
Thanks, Brian -
Upgrade FIM 2010 R2 Sp1 Databases from SQL 2008 R2 to SQL 2012
Hi,
I want to upgrade my SQL from 2008 R2 to SQL 2012.
FIM Databases
1) FIMService Database
2) FIMSynchronizationService Database
Mentioned above are my FIM databases running on SQL server 2008 R2 . Now I was looking for some article which could tell me if SQL can be upgraded without affecting my existing databases of FIM or if i can move these databases to a new server having SQL
2012
Activity I want to perform : Create a fresh Server of SQL 2012 and move my FIM 2010 databases over it by restoring the backups. but as per the link below it seems not possible!
http://social.technet.microsoft.com/wiki/contents/articles/5465.fimilm-how-to-move-the-backend-sql-server-synchronization-service-database.aspxHi Shivam,
Please take a look here: Release Notes for Forefront Identity Manager 2010 R2 SP1.
In the table you have tasks to upgrade SQL for FIMService and FIMSych.
FIM Service:
Upgrade FIM Service servers to FIM 2010 R2 SP1
Stop FIM Service on all servers
Backup Database [in case rollback needed]
Upgrade SQL to SQL Server 2012
Start FIM Service on all servers
FIM Synch:
Upgrade FIM Sync to FIM 2010 R2 SP1
Stop FIM Sync
Backup Database [in case rollback needed]
Upgrade SQL to SQL Server 2012
Start FIM Sync
If you are not making in-place upgrade, I would do something like here:
Stop FIM Services
Backup the databases at SQL 2008
Restore backed up databases on SQL 2012
Make sure SQL Agent Jobs are moved (FIMService)
Make sure Broker is enabled on FIMService database
On FIM machines create SQL alias using cliconfg utility. Alias should have the name of "old(sql2008) SQL" and point to new name/instance.
Start FIM Services - they would use "old" name to connect, but it would be translated to new location. So they would start.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
FIM 2010 Reporting installation reinstalls FIM portal
Hi,
We have FIM 2010 R2 running in production environment. We have added some of our custom developed sharepoint forms inside FIM's sharepoint site to enhance the User Interface.
We now want to deploy FIM reporting feature. But, the installer of FIM re-installs the FIM portal along with installing reporting feature. After reporting feature installation wizard completes, we see that all our customized sharepoint pages are lost and
default FIM web portal appears again.
Is there any method of installing reporting feature withou reinstalling FIM portal?
Mayank VaishI would start with the IIS Bindings -- to which IPs and names is the Password Registration Portal bound?
Try to access the site directly. It could simply be that the link is incorrect. The link is stored on the FIM Portal server in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Portal and look at the value of
RegistrationPortalUrl
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html -
Installing FIM Reporting in FIM 2010 R2 with SP1
I tried to install the Reporting component. I have FIM 2010 R2 with SP1 and SCSM 2012. I get a error saying I have to install the KB2561430. This is apparently a hotfix for SCSM 2010 SP1. I thought that FIM R2 with SP1 supports SCSM 2012 as written:
FIM Reporting
Support for Windows Server 2012 has been added.
Support for SQL Server 2012 has been added.
Support for SCSM 2012 has been added.
http://technet.microsoft.com/en-us/library/jj863246(v=ws.10).aspx
Is there anything I need to install in the SCSM side?
I'm stuck hereHi,
Even I am running into the same issue. And installing FIM 2010 R2 SP1 Reporting [SCSM 2012 successfully installed].
Both Wizard and Command line failing.
Command line captures below error: Did any one solved this issues? Kindly help
Calling custom action Microsoft.IdentityManagement.SharePointCustomActions!Microsoft.IdentityManagement.ManagedCustomActions.SharepointCustomActions.DoesWebsiteOrSolutionPackExist
Property name = 'SHAREPOINT_URL', value = 'http://myurl.
Property name = 'UILevel', value = '2'.
CustomAction CheckFIMWebSiteorSolutionPackExisting returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 0:27:20: CheckFIMWebSiteorSolutionPackExisting. Return value 3.
Action ended 0:27:20: INSTALL. Return value 3.
Aswathy Raj -
ILM to FIM 2010 Migration.
Hello All,
We are planning to upgrade ILM 2007 to FIM 2010 and plan is to use existing ILM database.
--Restore it to the new DB server with the name “FIMSynchronizationService”,
--Install FIM Sync, telling it to use the restored DB, and providing the encryption keys,
This is will be my first time upgrading from ILM to FIM 2010, I have done previously couple of new FIM 2010 installation and upgrade it FIM 2010 R2 with the encryption key.
As ILM and FIM 2010 ,the platform requirement is quite different and inplace upgrade is not possible, so we are planning to build a new server for FIM rather than in place upgrade.
I never show FIM 2010 ask for encryption key in new installation in a new server. As we are planning to use the existing database , I need guidance how can i use the encryption key of ILM
while upgrading to FIM 2010.
Kindly share your thought.
Regards,
Raja VillageHi Raja,
The process is pretty much the same as installing second server of FIM in Active-passive environment. So during installation you just have to pick "Use existing database". And, at the end of the installation, you would be asked to provide key file
with a standard "Browse" key. So it is nothing unusual or hard.
Of course make sure you have such key exported before installing new server :)
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
FIM 2010 R2 SP1 with SCSM 2012
I know that FIM 2010 R2 SP1 now claims support for SCSM 2012. FIM Reporting allows us to use a free copy of SCSM / DW for just the purpose of reporting services. Does this only apply to SCSM 2010 or does this include SCSM 2012 as well? I just want to make
sure that we don't install SCSM 2012 assuming that it's free when in reality only SCSM 2010 is free. This issue came about because SCSM 2010 did not require a product key, but SCSM 2012 does.
Thanks,
Mark
Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.comOn Fri, 4 Jul 2014 08:27:39 +0000, diramoh wrote:
on Microsoft TechNet link, we have the following Details:
Reporting: Unique key constraint violation when running reporting synchronization jobs
If you attempt to run reporting synchronization jobs on a default System Console System Manager SP1 (SCSM SP1) installation, you may receive the error “Violation of UNIQUE KEY constraint ‘idx_ManagedEntityManagedTypeId’. Cannot insert duplicate key…”.
To address this issue, please make sure you have the following updates installed on your System Center Service Manager Management Server, Data Warehouse Server, and any machines that have the System Center Service Manager Console installed on them:
1. KB2542118 <http://support.microsoft.com/kb/2542118>– System Center Service Manager Cumulative Update 2
2. KB2542118 <http://www.microsoft.com/download/en/details.aspx?id=26631>– System Center Service Manager FIM 2010 R2 Hotfix
Note: *You must have the SCSM Cumulative Update 2 installed before installing KB2542118*
Shim is asking about the product key. The above has nothing at all to do
with his question.
Paul Adare - FIM CM MVP
What should I do ......the machine can't find the program
iexplorer.exe...
Breathe a sigh of relief. -- Arthur Hagen in no.www -
Unable to send a security code. Please contact your help desk for assistance in FIM 2010 R2
Hi,
I have been Successfully registered with emailid in FIM 2010 R2 Password Registration Portal.but when go in FIM 2010 R2 Password Reset Portal and gives all right answers of questions after this gives fallowing
error:Unable to send a security code. Please contact your help desk for assistance.
Regards
Anil kumarHi,
Thank's for response.
I have been cheked mail server is UP and i am able to send mail through FIMService account.
but this is not sending Securitycode notification to any users when i login through any user gives correct answering to the Question that i was set at registration time.this gives fallowing error:
Unable to send a security code. Please contact your help desk for assistance
and Eventviwer Error Below:
The error page was displayed to the user.
Details:
Title: Unable to send security code
Message: Unable to send a security code. Please contact your help desk for assistance.
Source:
Attributes:
Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.OneTimePasswordDeliveryException: ValidationError:UnableToSendSecurityCode ---> System.ServiceModel.FaultException: ValidationError:UnableToSendSecurityCode
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
--- End of inner exception stack trace ---
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId:
RequestId:
ErrorCode: 3013
CaughtTime: 05/02/2014 08:43:26
Web Portal: FIM Password Reset Portal
Session Id: 21uppbuy3vutsm55sytd4b55
Regards
Anil Kumar -
FIM 2010 R2 Sp1, Windows 2008 R2 SP1 and Recycle Bin issues
Hi,
We are running FIM 2010 R2 Sp1 (build 4.1.3613.0)
Also running Windows 2008 R2 Forest and Domain functional level environment. (Windows Server 2008 R2 SP1 on all DCs). The previous Recycle Bin hotfix https://support.microsoft.com/en-us/kb/979214/ fails to install since we are already running WS08 R2 SP1
on all the DCs.
During deprovisioning, when a user is deleted from the source HR system, FIM deletes the object from AD, FIM Sync & Portal.
FIM also manages a FIM Portal group, where membership is assigned manually. This membership is then updated in AD.
When a user (who is part of this group) is deleted in HR, FIM deletes it from AD, FIM Sync, FIM Portal, FIM also removes user from FIM Portal group. The user is also removed from the AD group (by FIM group object membership attribute flow to AD)
...however, on the next AD Export, FIM fails to update the same group and complains about this very same user (CD Error) and lists the user as: CN=username\0ADEL:GUID, CN=Deleted Objects,DC=domain,DC=com
It appears that there is a problem with FIM and the Recycle Bin again?
Are there any new Recycle Bin/FIM hotfixes ?
Thanks,
SKMay I suggest you review the following:
Is the AD MA user account part of the Domain Admins group? If yes, please remove it from this Group
Verify that the "CN=Deleted Objects" container has not somehow been included in the AD MA OU scope
Maybe you are looking for
-
Can I use US purchased Airport devices in the UK?
Well, I got the news yesterday and I'll be moving to the UK in September for a minimum of three years. While I've a world of things to plan, I know that I'll be taking my MacBook Pros and iPods and will be buying another "Apple World Travel Adapter K
-
How can you post comments during signal aquisition?
How can you post comments during signal aquisition? For example, while acquiring your signal, you want to post a comment which the temperature reads at "30 seconds" from your relative start time (t=34 sec into recording) I have the LE package where e
-
Open database in different location
Good morning. I try to open existing Berkeley DB JE (using DPL), than previously i copy in othrer folder, but it not work. I open the jdb files and I found that the absolute path where the DB was created. Any ideas? Thank you
-
After reinstalling DeskI R3 with FixPack 1.3, I started getting the following error message: Exception: CS, DBDriver failed to load : C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\dataAccess\connectionServer\dbd_ctlib.dl
-
Ensuring Tabs/Indents translate to EPUB from Indesign
Hi there, I am brand new to Indesign and have worked my way through several tutorials on converting an indesign document to an EPUB. Unfortunately when I have made the conversion, every paragraph loses the indentation. When setting paragraph styles I