password registration error after deploying SSPR
-
mercoledì 20 marzo 2013 00:36
Have deployed password reset and registration on FIM 2010 R2 Sp1 portal/service FIM server
also the 64 bit client extensions
in user profile able to see register for password reset on FIM portal
I see the page
Password Registration:
If you ever forget your password, you can reset it yourself without calling your help desk.
Click 'Next' to begin the registration process.
when i click next I get the below error
An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000).
Can someone guide me what kind of configuration and settings changes to be made to correct this issue.
Tutte le risposte
-
mercoledì 20 marzo 2013 03:15please enable callstack in web.config
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
mercoledì 20 marzo 2013 05:31
set callstack as true in web.config file under the folder
inetpub\wwwroot\wss\VirtualDirectories\80.
-
mercoledì 20 marzo 2013 07:02
you are probably looking into the wrong directory
go to the IIS manager, find the site and click Explore
enable troubleshooting info
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
mercoledì 20 marzo 2013 17:02
ok i set value true for ShowTroubleshootingInfoOnErrorPage in web.config file
of C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal
System.InvalidOperationException: HttpContext.Current.User.Identity.Name is Null or Empty at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.GetDomainAndUserName(String& domain, String& userName) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration() at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint
-
mercoledì 20 marzo 2013 18:21disable Anonymous Auth in IIS for registration portal
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
mercoledì 20 marzo 2013 18:36
if i do that i get
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
-
mercoledì 20 marzo 2013 18:40
did you type in the password correctly?
if u are sure u are typing the correct password... multiple times... and still get it.... you probably have a Kerberos mis-configuration
To prove it's Kerberos mis-configuration, disable Windows Authentication and switch to Basic Auth
The FIM Password Reset Blog http://blogs.technet.com/aho/
- Contrassegnato come risposta FIM007 mercoledì 20 marzo 2013 22:49
-
mercoledì 20 marzo 2013 19:55
yes I do get multiple times to enter password when Basic authentication was enabled.
But when i enabled windows authentication I was able to get to the page and register . also change the password using reset portal .
but is this how it is supposed to work when I click on register for password asking again to sign in , when i am already in the FIM portal
-
mercoledì 20 marzo 2013 22:49 I added the password registration url to the intranet zone and it no longer asks for the login when click on the link. thanks AnthonyHO for heling me out with your quick answers
-
giovedì 21 marzo 2013 16:29
I noticed that when we added the password registration url value in the navigation url in Behavior tab of home page resource type – Register for password reset . The value gets picked up otherwise it does not.
The JavaScript is not able to populate the password registration url by itself, do you know why that happens?
Also is it the norm to add password registration url on every users IE intranet zone.
-
giovedì 21 marzo 2013 17:04IISRESET whenever you change any homepage resources
-
giovedì 21 marzo 2013 17:41
unless I hard code the password registration url it does not pick up by register for password reset home page resource type .
I get an error if the url is not hard coded saying could not redirect to the password registeration portal
I must be miss something in the document, also
when a user changes the password does an e-mail get generated from FIM saying password has been reset? can this be configured?
-
giovedì 21 marzo 2013 17:53
I get IIS reset when you change any homepage resource; but my question is password registration url supposed to hard code as a value in there or get automatically populated
-
giovedì 21 marzo 2013 17:56
IIRC, it's supposed to be in the registry.
You provided the URL during setup, and the installer stamps it in the registry
-
giovedì 21 marzo 2013 20:35
I noticed in the last part of Password Registration:
Email Address Verification
Enter your email address below. If you ever need to reset your password, a verification code will be sent to your email.
The user never received the e-mail after password registration; OTP e-mail gate is configured for all
Is there a reason why the user is not getting the e-mail
-
giovedì 21 marzo 2013 20:38
check the FIMService event log
possibly FIMService can't talk to Exchange
-
venerdì 22 marzo 2013 00:19
Well FIMservice can talk to exchange since i see user managers get e-mails from FIMService about role request
-
lunedì 25 marzo 2013 17:12
I typed in a code in place of 123456789
[ONE_TIME_PASSWORD]
in the Default one-time password notification email template.
When the user goes to the url to reset the password and reaches the page to type in security code an e-mail does get send but as the user type in the code it does not accepts it.
has this happen to anyone?
here is details in event viewer i got 1 warning and 2 errors
2nd error
The error page was displayed to the user.
Details:
Title: Verification failed
Message: The data you entered did not match the security code that was sent to you. You can try to reset your password again, or contact your help desk for assistance.
Source:
Attributes:
ErrorCode: 3012
Web Portal: FIM Password Reset Portal
Session ID: IPD address:
-
lunedì 25 marzo 2013 17:27The code is generated in the system, then replaced in the email template before sending out to the customer. Hard coding the OTP in the email template as 123456789 won't do you any good because that's not the real OTP
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
lunedì 25 marzo 2013 17:44but I notice if i hard code it the e-mail gets send to the user ; otherwise it does not. is it becasue somehow the code is not being generated?
-
lunedì 25 marzo 2013 17:48look for exception from FIMService
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
lunedì 25 marzo 2013 17:57where can i check that in the event viewer?
-
lunedì 25 marzo 2013 19:39
ok it worked when i ticked marked Is action acitivity on One-Time Password Email Gate
-
lunedì 25 marzo 2013 19:54it shouldn't be an action activity. it is mean to be an AuthN activity and only executed in the AuthN phase
The FIM Password Reset Blog http://blogs.technet.com/aho/
-
lunedì 25 marzo 2013 20:16
ok you are right it worked when I unticked Is action acitivity on One-Time Password Email Gate
for a different test user1 but does not work for tesst user 0 which i have been using earlier . both users have e-mail ids in there profile
-
martedì 26 marzo 2013 21:43
the test user 0 had wrong e-mail id in OTP email attribute ; i able to test end to end OTP e-mail..thanks everyone
but i am still thinking why password registration url it does not get pick up by register for password reset home page resource type .
.png)
