lunedì 18 marzo 2013 23:45
I was following the instructions in FIM 2010 R2 Self-Service Password Reset Deployment Guide , currently trying to install FIM
Password Registration portal and Password reset portal on the same box as FIM portal and service .
On page 29, in the configuration window it asks me to enter a account name under which the FIM password reg. application pool will run in IIS.
My question since I do not have different accounts for FIM Password Registration portal and Password
Reset portal , should i be using the FIM service ; service account name?
Thank you for helping out
Tutte le risposte
martedì 19 marzo 2013 06:44
Actually I wouldn't recommend you to do so, but you can. You can use one account to do everything :)
I usually use a separate accounts for everything in my implementations.
Regards Furqan Asghar
martedì 19 marzo 2013 07:02
No please don't.
There is certain logic in place to assume the AppPool accounts are different
martedì 19 marzo 2013 16:51
we can create a new account but with what kind of permissions does this account need?
FIM Password Registration portal and Password reset porta are on the same box as FIM portal and service; since this is our dev enviornment
will the binding information be the host name where all these components resides
martedì 19 marzo 2013 18:05
The "FIMPWPool" accoount does not need any permissions. It will be configured during setup to be used as the Application Pool identity for the PW Reset/Registration portals. I have seen situations where you need to manually configure IIS to use the Application Pool Identity for the PW Registration site.
You do need to have separate hostnames for PW Reset and PW Registration portals that are different from the names used by the FIM Portal. Otherwise IIS will not be able to set unique bindings for each site.
I usually configure this with a SAN certificate as well and use hostheader separation over SSL. If you are running on Server 2012 the ui in IIS manager can be used to configure the correct bindings once you have installed the PW portals.
If running on 2008, check this out http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html