QuickStart Tool fails at Update AD management agent configuration

Ask a question

Tuesday, January 29, 2013 4:38 PM

0
Hello,

Every time I add useAppPoolCredentials=”true” under <location path="SharePoint - 80"> in the application config file of IIS, when I run iisreset it doesn't not start. When I roll back iisreset works again. I have followed all the steps in FIM setup, but am stuck at that point.

The article on Kerberos: http://social.technet.microsoft.com/wiki/contents/articles/3385.aspx
In a previous try I skipped this step and I experience the annoying popup, i did it on a purpose to see if I would actually get somewhere. Has anyone experience this? Please help?

Regards,

Dominique.
- Edited by Dominique Dusabeyezu Wednesday, January 30, 2013 2:00 PM
- Reply
- Quote

All Replies

Tuesday, January 29, 2013 8:28 PM

0

I've deployed few FIMs and I've never touched IIS config directly in this way. Why not to go to IIS settings in console, authentication and disable kernel mode auth for this particular app, which I think is an issue we want to address here.
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
- Reply
- Quote
Tuesday, January 29, 2013 11:26 PM

0

Are you adding useAppPoolCredentials along with useKernelMode="true"? something like below?

<windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" />
- Reply
- Quote
Wednesday, January 30, 2013 6:17 AM

0
Hi,

thanks for the reply.

I have already disabled kernel mode auth, I'm currently retrying the installation with WSS 3 rather than SharePoint Foundation.

According to Microsoft deployment docs: http://technet.microsoft.com/en-us/library/hh322882(v=ws.10).aspx

see below,

To configure IIS to use CORP\SPService for Ticket Decryption
1. Navigate to the following directory: C:\Windows\System32\inetsrv\config.
2. Locate the ApplicationHost.config file, right-click and select Open. This will bring up a pop-up that states Windows cannot open this file and it will have two options. Choose Select a program from a list of installed program, and click OK.
3. Select Notepad, and click OK. This will open the config file in Notepad.
4. At the top, select Edit, Find, type the following text in the box, and then click Find Next:
  windowsAuthentication enabled=”true”
5. You should now see the first instance and it will look like the Before image below. Insert useKernelMode=”false” useAppPoolCredentials=”true”in the line so it looks like the After image.
- Reply
- Quote
Wednesday, January 30, 2013 6:18 AM

0

Hi,

Thanks for the reply,

I used <windowsAuthentication enabled="true" useKernelMode="false" useAppPoolCredentials="true" />

As per Microsoft deployment guide.

Regards,

Dominique.
- Reply
- Quote
Wednesday, January 30, 2013 1:43 PM

0
Hello guys,

I have reinstalled FIM but running along with WSS 3. And disabled kernel mode auth, and everything is fine now. To be honest I don't know what I was doing wrong or what was wrong with the SharePoint Foundation attempt.

One thing though, as anyone used the quick start tool, if yes. I have made sure my requirements are up to scratch. ADMA account has dirsync permissions, powershell is installed. When I run it it fails as below:

Any help??

PS C:\Users\FIMService> C:\Scripts\QUICKFIM.ps1
VERBOSE: Verifying the forest and account
VERBOSE: Verifying the container
VERBOSE: Verifying the FIM management agent account
VERBOSE: Verifying the AD management agent account
VERBOSE: Verifying FIM service base uri for the FIM MA
VERBOSE: Verifying the installation of FIM and Synchronization service
VERBOSE: Retrieving the forest BIOS name and SID
VERBOSE: Verifying management agent configuration state
VERBOSE: Importing MIIS Server configuration
VERBOSE: Updating the AD management agent configuration
Invoke-QuickStart : Object reference not set to an instance of an object.
At C:\Scripts\QUICKFIM.ps1:4 char:18
+ Invoke-QuickStart <<<< -Container "---------------------------------------------" -DatabaseName FIMService -DatabaseServer FIMTEST -ForefrontIdentityManagerServiceBaseAddress "ht
tp://localhost:5725" -Forest ------------- -ActiveDirectoryManagementAgentCredential $adMaCredential -ForefrontIdentityManagerManagementAgentCredential $fimMaCredential -RunInitialLoad:$true -verbose
+ CategoryInfo : NotSpecified: (:) [Invoke-QuickStart], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Microsoft.IdentityManagement.QuickStart.InvokeQuickStart
- Edited by Dominique Dusabeyezu Wednesday, January 30, 2013 1:48 PM
- Reply
- Quote
Wednesday, January 30, 2013 1:56 PM

0

That is because of the -Container "-----------------------------------" i think you have to edit the file and specify the container inside or something. This seems to be th AD OUs where the FIM will be looking for Objects.

Regards Furqan Asghar
- Reply
- Quote
Wednesday, January 30, 2013 1:58 PM

0
Hi Furqan,

Sorry I'm the one that omitted that. If you look carefully at the logs, the point where it verifies the OU is passed. (Verifying container). Below is one of the errors in my logs.

Log Name:      Forefront Identity Manager Management Agent
Source:        ForefrontIdentityManager.ManagementAgent
Date:          1/30/2013 3:17:21 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FIMTEST
Description:
System.Xml: System.Xml.XmlException: Root element is missing.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
   at MIIS.ManagementAgent.RavenMA.Initialize()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="ForefrontIdentityManager.ManagementAgent" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-30T13:17:21.000000000Z" />
    <EventRecordID>39</EventRecordID>
    <Channel>Forefront Identity Manager Management Agent</Channel>
    <Computer>FIMTEST</Computer>
    <Security />
</System>
<EventData>
    <Data>System.Xml: System.Xml.XmlException: Root element is missing.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
   at System.Xml.XmlDocument.Load(XmlReader reader)
   at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
   at MIIS.ManagementAgent.RavenMA.Initialize()</Data>
</EventData>
</Event>

and also:

Log Name:      Forefront Identity Manager Management Agent
Source:        ForefrontIdentityManager.ManagementAgent
Date:          1/30/2013 3:17:20 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FIMTEST
Description:
mmsmafim: System.NullReferenceException: Object reference not set to an instance of an object.
   at MIIS.ManagementAgent.RavenMA.UIGetData(String pszRequestInformation, Int32& pfSuccess, String& ppszResult)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="ForefrontIdentityManager.ManagementAgent" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-30T13:17:20.000000000Z" />
    <EventRecordID>35</EventRecordID>
    <Channel>Forefront Identity Manager Management Agent</Channel>
    <Computer>FIMTEST</Computer>
    <Security />
</System>
<EventData>
    <Data>mmsmafim: System.NullReferenceException: Object reference not set to an instance of an object.
   at MIIS.ManagementAgent.RavenMA.UIGetData(String pszRequestInformation, Int32& pfSuccess, String& ppszResult)</Data>
</EventData>
</Event>
- Edited by Dominique Dusabeyezu Wednesday, January 30, 2013 1:59 PM
- Reply
- Quote
Monday, February 04, 2013 12:06 PM

0

Hello,

So am still struggling to get the quickstart tool to work.

I think the problem lies in the default values that the script sends. After checking the Sync Service MA when it fails. I get below details:

forest name: ilm-vm-serverad.com

User name: adSyncAdministrator

Password: empty

Domain: ilm-vm-serverad

I guess it fails trying to connect to those entities. It means my script is not taking the switch/properties values.

Latest event log:
System.Xml: System.Xml.XmlException: Root element is missing.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at Microsoft.ResourceManagement.Utilities.XmlHelper.LoadXmlSafeExtension(XmlDocument xmlDocument, String xml)
at MIIS.ManagementAgent.RavenMA.Initialize()

Any help please??

Regards,

Dominique.
- Reply
- Quote

QuickStart Tool fails at Update AD management agent configuration

All Replies

To configure IIS to use CORP\SPService for Ticket Decryption

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?