none
QuickStart Tool fails at Update AD management agent configuration

    Question

  • Hello,


    Every time I add useAppPoolCredentials=”true” under <location path="SharePoint - 80"> in the application config file of IIS, when I run iisreset it doesn't not start. When I roll back iisreset works again. I have followed all the steps in FIM setup, but am stuck at that point.

    The article on Kerberos: http://social.technet.microsoft.com/wiki/contents/articles/3385.aspx
    In a previous try I skipped this step and I experience the annoying popup, i did it on a purpose to see if I would actually get somewhere. Has anyone experience this? Please help?

    Regards,

    Dominique.



    Tuesday, January 29, 2013 4:38 PM

All replies

  • I've deployed few FIMs and I've never touched IIS config directly in this way. Why not to go to IIS settings in console, authentication and disable kernel mode auth for this particular app, which I think is an issue we want to address here.

    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Tuesday, January 29, 2013 8:28 PM
  • Are you adding useAppPoolCredentials along with useKernelMode="true"? something like below? 

    <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" />

    Tuesday, January 29, 2013 11:26 PM
  • Hi,

    thanks for the reply.

    I have already disabled kernel mode auth, I'm currently retrying the installation with WSS 3 rather than SharePoint Foundation.

    According to Microsoft deployment docs: http://technet.microsoft.com/en-us/library/hh322882(v=ws.10).aspx

    see below,

    To configure IIS to use CORP\SPService for Ticket Decryption

    1. Navigate to the following directory: C:\Windows\System32\inetsrv\config.

    2. Locate the ApplicationHost.config file, right-click and select Open. This will bring up a pop-up that states Windows cannot open this file and it will have two options. Choose Select a program from a list of installed program, and click OK.

    3. Select Notepad, and click OK. This will open the config file in Notepad.

    4. At the top, select Edit, Find, type the following text in the box, and then click Find Next: 
      windowsAuthentication enabled=”true”

    5. You should now see the first instance and it will look like the Before image below. Insert useKernelMode=”false” useAppPoolCredentials=”true”in the line so it looks like the After image.

    Wednesday, January 30, 2013 6:17 AM
  • Hi,

    Thanks for the reply,

    I used <windowsAuthentication enabled="true" useKernelMode="false" useAppPoolCredentials="true" />

    As per Microsoft deployment guide.

    Regards,

    Dominique.

    Wednesday, January 30, 2013 6:18 AM
  • Hello guys,

    I have reinstalled FIM but running along with WSS 3. And disabled kernel mode auth, and everything is fine now. To be honest I don't know what I was doing wrong or what was wrong with the SharePoint Foundation attempt.

    One thing though, as anyone used the quick start tool, if yes. I have made sure my requirements are up to scratch. ADMA account has dirsync permissions, powershell is installed. When I run it it fails as below:

    Any help??

    PS C:\Users\FIMService> C:\Scripts\QUICKFIM.ps1
    VERBOSE: Verifying the forest and account
    VERBOSE: Verifying the container
    VERBOSE: Verifying the FIM management agent account
    VERBOSE: Verifying the AD management agent account
    VERBOSE: Verifying FIM service base uri for the FIM MA
    VERBOSE: Verifying the installation of FIM and Synchronization service
    VERBOSE: Retrieving the forest BIOS name and SID
    VERBOSE: Verifying management agent configuration state
    VERBOSE: Importing MIIS Server configuration
    VERBOSE: Updating the AD management agent configuration
    Invoke-QuickStart : Object reference not set to an instance of an object.
    At C:\Scripts\QUICKFIM.ps1:4 char:18
    + Invoke-QuickStart <<<<  -Container "---------------------------------------------" -DatabaseName FIMService -DatabaseServer FIMTEST -ForefrontIdentityManagerServiceBaseAddress "ht
    tp://localhost:5725" -Forest ------------- -ActiveDirectoryManagementAgentCredential $adMaCredential -ForefrontIdentityManagerManagementAgentCredential $fimMaCredential -RunInitialLoad:$true -verbose
        + CategoryInfo          : NotSpecified: (:) [Invoke-QuickStart], NullReferenceException
        + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.IdentityManagement.QuickStart.InvokeQuickStart



    Wednesday, January 30, 2013 1:43 PM
  • That is because of the -Container "-----------------------------------" i think you have to edit the file and specify the container inside or something. This seems to be th AD OUs where the FIM will be looking for Objects.


    Regards Furqan Asghar

    Wednesday, January 30, 2013 1:56 PM
  • Hi Furqan,

    Sorry I'm the one that omitted that. If you look carefully at the logs, the point where it verifies the OU is passed. (Verifying container). Below is one of the errors in my logs.

    Log Name:      Forefront Identity Manager Management Agent
    Source:        ForefrontIdentityManager.ManagementAgent
    Date:          1/30/2013 3:17:21 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      FIMTEST
    Description:
    System.Xml: System.Xml.XmlException: Root element is missing.
       at System.Xml.XmlTextReaderImpl.Throw(Exception e)
       at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
       at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
       at System.Xml.XmlDocument.Load(XmlReader reader)
       at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
       at MIIS.ManagementAgent.RavenMA.Initialize()
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="ForefrontIdentityManager.ManagementAgent" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-30T13:17:21.000000000Z" />
        <EventRecordID>39</EventRecordID>
        <Channel>Forefront Identity Manager Management Agent</Channel>
        <Computer>FIMTEST</Computer>
        <Security />
      </System>
      <EventData>
        <Data>System.Xml: System.Xml.XmlException: Root element is missing.
       at System.Xml.XmlTextReaderImpl.Throw(Exception e)
       at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
       at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
       at System.Xml.XmlDocument.Load(XmlReader reader)
       at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
       at MIIS.ManagementAgent.RavenMA.Initialize()</Data>
      </EventData>
    </Event>

    and also:

    Log Name:      Forefront Identity Manager Management Agent
    Source:        ForefrontIdentityManager.ManagementAgent
    Date:          1/30/2013 3:17:20 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      FIMTEST
    Description:
    mmsmafim: System.NullReferenceException: Object reference not set to an instance of an object.
       at MIIS.ManagementAgent.RavenMA.UIGetData(String pszRequestInformation, Int32& pfSuccess, String& ppszResult)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="ForefrontIdentityManager.ManagementAgent" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-30T13:17:20.000000000Z" />
        <EventRecordID>35</EventRecordID>
        <Channel>Forefront Identity Manager Management Agent</Channel>
        <Computer>FIMTEST</Computer>
        <Security />
      </System>
      <EventData>
        <Data>mmsmafim: System.NullReferenceException: Object reference not set to an instance of an object.
       at MIIS.ManagementAgent.RavenMA.UIGetData(String pszRequestInformation, Int32&amp; pfSuccess, String&amp; ppszResult)</Data>
      </EventData>
    </Event>

    Wednesday, January 30, 2013 1:58 PM
  • Hello,

    So am still struggling to get the quickstart tool to work.

    I think the problem lies in the default values that the script sends. After checking the Sync Service MA when it fails. I get below details:

    forest name: ilm-vm-serverad.com

    User name: adSyncAdministrator

    Password: empty

    Domain: ilm-vm-serverad

    I guess it fails trying to connect to those entities. It means my script is not taking the switch/properties values.

    Latest event log:

    System.Xml: System.Xml.XmlException: Root element is missing.
       at System.Xml.XmlTextReaderImpl.Throw(Exception e)
       at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
       at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
       at System.Xml.XmlDocument.Load(XmlReader reader)
       at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
       at MIIS.ManagementAgent.RavenMA.Initialize()

    Any help please??

    Regards,

    Dominique.

    Monday, February 04, 2013 12:06 PM
  • Curious if you ever got this figured out?


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    1 hour 38 minutes ago