PWReset activity could not connect to the directory (SSPR on RC1)
Fresh build of RC1 with SSPR
Can register for SSPR, and get through auth gate, no problems finding record in MV this time.
Password Reset fails with "PWReset activity could not connect to the directory"
There is also a simultaneous error in the application event log:
The server encountered an unexpected error while performing an operation for a management agent.
"BAIL: MMS(2028): ma.cpp(370): 0x80040154 (Class not registered)
BAIL: MMS(2028): ma.cpp(7621): 0x80040154 (Class not registered)
BAIL: MMS(2028): ma.cpp(7518): 0x80040154 (Class not registered)
Forefront Identity Manager 4.0.2560.0"
I though it could be AD MA account permissions so I temporarily made the AD MA account a domain admin (It's only a test domain) - no change.
Also tried unticking password extension on AD MA, restarting sync service, re-enabling password extension and restarting - also no change.
Firewall is off on FIM and on DC. Any ideas?
All Replies
- That's interesting, i haven't never seen this before. Try the following steps and see at which state does it fail
1. runas /u:domain\fim_svc cmd
2. WBEMTEST
3. connect to root\MicrosoftIdentityIntegrationServer
4. select * from MIIS_CSObject WHERE Domain='...' and Account='...'
5. get the MaGuid and PartitionGuid
6. SELECT * FROM MIIS_ManagementAgent WHERE guid='{ma guid}'
7. you should see your AD MA?
8. get the __PATH of that object (e.g. \\FIMSERVER\root\MicrosoftIdentityIntegrationServer:MIIS_ManagementAgent.Name="AD")
9. Go back to WBEMTEST main screen --> Execute method
10. type the entire path from (8)
11. Method --> Choose Get ServerStatus
12. Edit In Parameter -> PartitionGuid-->Edit Property->not null->{partition guid}->Save property->Save object
13. Execute
14. Edit out parameter, you should see success as return value
Also, double check ur AD MA properly.
"Connect to Active Directory Forest" -> Sign and Encrypt LDAP traffic
"Configure Extension" -> "Pwd Management" -> (1) enable pwd mgmt, (2) settings -> check "require secure ...", i have retry count as 10, interval as 60
not sure if that helps
maybe try to Refresh Schema of AD MA? - 1 thru 13 work as expected
14. call-failure:0x80040154
Connect to forest - sign and encyrpt YES
Extension - Pwd Mgmt YES require secure YES retry 10 interval 60
Will try refresh... - The error message you get is related to COM dll registration being incorrect. Try running a repair on the install of FIM RC1.
You could also try applying the post RC 1 update that was just made available. The release notes do mention fixes for Password Reset and the sync service
FIM 2010 RC1 Update 1
Details on the update available here
David Lundell www.ilmBestPractices.com- Edited byDavid Lundell -- ILM MVPMVPMonday, November 09, 2009 6:41 AM
- Yup, looks like the COM is messed up
Repair might help
Quick search on of the AD MA guid, seems to be under the following keys, take a quick look and see if you spot anything suspicious.
HKEY_CLASSES_ROOT\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86A0B533-53B1-458D-8AD4-DEE4C4A42208}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\ManagementAgents
The FIM Password Reset Blog http://blogs.technet.com/aho/ - Cheers David - will try repair and update1
Thanks, Graham.
