none
password registration error after deploying SSPR

    Domanda

  • Have deployed password reset and registration on FIM 2010 R2 Sp1 portal/service FIM server

    also the 64 bit client extensions

    in user profile able to see register for password reset on FIM portal

    I see the page

    Password Registration:

    If you ever forget your password, you can reset it yourself without calling your help desk.

    Click 'Next' to begin the registration process.

    when i click next I get the below error

    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000).

    Can someone guide me what kind of configuration and settings changes to be made to correct this issue.

    mercoledì 20 marzo 2013 00:36

Risposte

  • did you type in the password correctly?

    if u are sure u are typing the correct password... multiple times... and still get it.... you probably have a Kerberos mis-configuration

    To prove it's Kerberos mis-configuration, disable Windows Authentication and switch to Basic Auth


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    • Contrassegnato come risposta FIM007 mercoledì 20 marzo 2013 22:49
    mercoledì 20 marzo 2013 18:40
  • I added the password registration url to the intranet zone and it no longer asks for the login when click on the link. thanks AnthonyHO for heling me out with your quick answers
    • Contrassegnato come risposta FIM007 mercoledì 20 marzo 2013 22:49
    • Modificato FIM007 mercoledì 20 marzo 2013 22:50
    mercoledì 20 marzo 2013 22:49

Tutte le risposte

  • please enable callstack in web.config

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    mercoledì 20 marzo 2013 03:15
  • set callstack as true in web.config file under the folder

    inetpub\wwwroot\wss\VirtualDirectories\80.

    mercoledì 20 marzo 2013 05:31
  • you are probably looking into the wrong directory

    go to the IIS manager, find the site and click Explore

    enable troubleshooting info


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    mercoledì 20 marzo 2013 07:02
  • ok i set value true for ShowTroubleshootingInfoOnErrorPage in web.config  file

    of C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal

    System.InvalidOperationException: HttpContext.Current.User.Identity.Name is Null or Empty at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.GetDomainAndUserName(String& domain, String& userName) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration() at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint

    mercoledì 20 marzo 2013 17:02
  • disable Anonymous Auth in IIS for registration portal

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    mercoledì 20 marzo 2013 18:21
  • if i do that i get

    HTTP Error 401.2 - Unauthorized

    You are not authorized to view this page due to invalid authentication headers.

    mercoledì 20 marzo 2013 18:36
  • did you type in the password correctly?

    if u are sure u are typing the correct password... multiple times... and still get it.... you probably have a Kerberos mis-configuration

    To prove it's Kerberos mis-configuration, disable Windows Authentication and switch to Basic Auth


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    • Contrassegnato come risposta FIM007 mercoledì 20 marzo 2013 22:49
    mercoledì 20 marzo 2013 18:40
  • yes I do get multiple times to enter password when Basic authentication was enabled.

    But when i enabled windows authentication I was able to get to the page and register . also change the password using reset portal .

    but is this how it is supposed to work when I click on register for password asking again to sign in , when i am already in the FIM portal

    mercoledì 20 marzo 2013 19:55
  • I added the password registration url to the intranet zone and it no longer asks for the login when click on the link. thanks AnthonyHO for heling me out with your quick answers
    • Contrassegnato come risposta FIM007 mercoledì 20 marzo 2013 22:49
    • Modificato FIM007 mercoledì 20 marzo 2013 22:50
    mercoledì 20 marzo 2013 22:49
  • I noticed that when we added the password registration url  value in the navigation url in Behavior tab of home page resource type – Register for password reset  . The value gets picked up otherwise it does not.

    The JavaScript is not able to populate the password registration url by itself, do you know why that happens?

    Also is it the norm to add  password registration url on every users IE intranet zone.

    giovedì 21 marzo 2013 16:29
  • IISRESET whenever you change any homepage resources
    giovedì 21 marzo 2013 17:04
  • unless I hard code the  password registration url  it does not pick up by register for password reset  home page resource type .

    I get an error if the url is not hard coded saying could not redirect to the password registeration portal

    I must be miss something in the document, also

    when a user changes the password does an e-mail get generated from FIM saying password has been reset? can this be configured?

    giovedì 21 marzo 2013 17:41
  •  

    I get IIS reset when you change any homepage resource; but my question is password registration url  supposed to hard code as a value in there or get automatically populated

    giovedì 21 marzo 2013 17:53
  • IIRC, it's supposed to be in the registry.

    You provided the URL during setup, and the installer stamps it in the registry

    giovedì 21 marzo 2013 17:56
  • I noticed in the last part of Password Registration:

    Email Address Verification

    Enter your email address below. If you ever need to reset your password, a verification code will be sent to your email.

    The user never received the e-mail after password registration; OTP e-mail gate is configured for all

    Is there a reason why the user is not getting the e-mail  

    giovedì 21 marzo 2013 20:35
  • check the FIMService event log

    possibly FIMService can't talk to Exchange

    giovedì 21 marzo 2013 20:38
  • Well FIMservice can talk to exchange since i see user managers get e-mails from FIMService about role request

    venerdì 22 marzo 2013 00:19
  • I typed in a code in place of 123456789

    [ONE_TIME_PASSWORD]

    in  the Default one-time password notification email template.

    When the user goes to the url to reset the password and reaches the page to type in security code an e-mail does get send but as the user type in the code it does not accepts it.

    has this happen to anyone?

    here is details in event viewer i got 1 warning and 2 errors

      2nd error 

    The error page was displayed to the user.

    Details:

    Title: Verification failed

    Message: The data you entered did not match the security code that was sent to you. You can try to reset your password again, or contact your help desk for assistance.

    Source:

    Attributes:

    ErrorCode: 3012

    Web Portal: FIM Password Reset Portal

    Session ID:   IPD address:

    lunedì 25 marzo 2013 17:12
  • The code is generated in the system, then replaced in the email template before sending out to the customer. Hard coding the OTP in the email template as 123456789 won't do you any good because that's not the real OTP

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    lunedì 25 marzo 2013 17:27
  • but I notice if i hard code it the e-mail gets send to the user ; otherwise it does not. is it becasue somehow the code is not being generated?
    lunedì 25 marzo 2013 17:44
  • look for exception from FIMService

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    lunedì 25 marzo 2013 17:48
  • where can i check that in the event viewer?
    lunedì 25 marzo 2013 17:57
  • ok it worked when i ticked marked Is action acitivity on One-Time Password Email Gate

    • Contrassegnato come risposta FIM007 lunedì 25 marzo 2013 19:39
    • Contrassegno come risposta annullato FIM007 lunedì 25 marzo 2013 20:06
    lunedì 25 marzo 2013 19:39
  • it shouldn't be an action activity. it is mean to be an AuthN activity and only executed in the AuthN phase

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    lunedì 25 marzo 2013 19:54
  • ok you are right it worked when I unticked Is action acitivity on One-Time Password Email Gate

     for a different test user1 but does not work for tesst user 0 which i have been using earlier . both users have e-mail ids in there profile

    lunedì 25 marzo 2013 20:16
  • the test user 0 had wrong e-mail id in OTP email attribute ; i able to test end to end OTP e-mail..thanks everyone

    but i am still thinking why password registration url  it does not get pick up by register for password reset  home page resource type .

    martedì 26 marzo 2013 21:43