Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Unauthorized http error 401.1 when trying to load FIM Password Registration Site

Answered Unauthorized http error 401.1 when trying to load FIM Password Registration Site

  • Friday, December 07, 2012 2:55 PM
     
     
    Sign In to Vote
    0

    Hello,

    I have deployed FIM 2010 R2 with Password Registration Site and Password Reset. While testing my environment I run into the following problem:

    => When opening https://passwordregistration.contoso.com:443 I get an authentication Dialog three times and then I get an "unauthorized http error 401.1" ... any ideas?

    BR, juvi

     

All Replies

  • Friday, December 07, 2012 3:45 PM
     
     
    Sign In to Vote
    0

    Hello!

    I think it's a Kerberos Delegation issue. Do you have created the SPN ? Does your URL corresponding to a CNAME or A record in DNS ?

    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

     
  • Friday, December 07, 2012 3:51 PM
     
     
    Sign In to Vote
    0

    Hello and thanks for reply...It is a DNS host entry on the DC...the Kerberos authentication works fine for the SharePoint site and identitymanagement page...am I missing an SPN?

    BR, juvi

     
  • Friday, December 07, 2012 3:56 PM
     
     Answered
    Sign In to Vote
    0

    I had exactly the same issuea few days ago, and the resolution was, for me :

    • Having an A record for the URL (passwordregistration.contoso.com for you)
    • Creating a SPN for this url with the machine name (ex: setspn -S http://passwordregistration.contoso.com CONTOSO\SERVERNAME$)

    Maybe you don't have the SON with the machine name...

    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

    • Marked As Answer by juvi123 Saturday, December 08, 2012 5:30 PM
    •  
     
  • Friday, December 07, 2012 3:58 PM
     
     
    Sign In to Vote
    0

    Thanks I will give a try for this!

    BR, juvi

     
  • Friday, December 07, 2012 11:03 PM
     
     
    Sign In to Vote
    0

    off topic: while one might choose to use kerberos, there is no delegation involved.

    The FIM Password Reset Blog http://blogs.technet.com/aho/

     
  • Saturday, December 08, 2012 5:33 PM
     
     
    Sign In to Vote
    0

    THANK YOU that was my mistake ;) forgot make this spn ... just a short question to this: during Installation: is it necessary to provide a HTTPS link for the Password Registration Site? I mean is it also possible to use it without SSL? In my current configuration I provided HTTPS and it uses an untrusted certificate (have no CA currently available in my test Environment) .. I get one authentication prompt but then the Password Registration Site is loading just fine...

    BR, juvi

     
  • Monday, December 10, 2012 11:55 AM
     
     
    Sign In to Vote
    0

    It's better to use HTTPS, but you don't have to :)

    If I mean right what you said, you are still prompted for an authentication ?

    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx