OVERVIEW / PURPOSE / GOAL

So the purpose of the wiki page is to share knowledge gained from support on a particular issue.  The goal is to share with you troubleshooting steps, and the overall resolution to an issue I recently worked concerning the Self-Service Password Reset (SSPR) Feature of Microsoft Forefront Identity Manager 2010.  Specifically the Add-ins and Extensions.

PROBLEM STATEMENT

You have a user on a Windows 7 client machine attempting to register for SSPR.  If they navigate to http://fimportal/passwordreset or http://fimportal/identitymanagement and select to register for password reset a dialog appears.


ERROR MESSAGE DISPLAYED

The FIM Password and Authentication Extensions are not currently installed on this computer.  This software is required in order to reset a password.  Please install the software or contact your system administrator.

 

TROUBLESHOOTING STEPS TAKEN

Validate Build

It is very important to ensure that your build numbers are the same for FIM 2010 across the board.  For the client, we can checked the pwdproxy.exe file under %programfiles%\Microsoft Forefront Identity Manager\2010\Add-Ins and Extensions.

In this particular issue, the build on the client was 4.00.2592.0 and the build for the rest of FIM 2010 was 4.00.3606.2 (Update 2).  We installed the 4.00.3606.2 build onto the Windows 7 client.

 

Tracing

For items like this one, tracing can be a beneficial asset.  In this issue, I utilized a two different types of tracing.

  1. Process Monitor
  2. Internet Explorer Developer Tools (F12)

 

Process Monitor

Finding information in process monitor can be time consuming, and tedious.  However, in this issue, I was able to find this information after seeing the same error in the Internet Explorer Developer Tools (F12).  Below, you can see that the result for the item is SUCCESS.  However, if you review the description, you will see that an AuthNError[3].htm is being received.

Internet Explorer Developer Tools (F12)

In Internet Explorer 9.0 you can press F12 and have access to the Internet Explorer Developer Tools (F12).  In this case, we used the Profiler option.
  1. In Internet Explorer 9.0 press F12 to get to the Developer Tools
  2. Click on the Profiler Tab
  3. Click the button Start Profiling
  4. Reproduce the issue
  5. Click the button Stop Profiling
  6. Review and/or Save the log file to a CSV file for review

Using the Internet Explorer Developer Tools (F12), I spotted the following. 
    ( *NOTE: I did remove some of the columns that were not important to this particular issue.  )

Function

Function type

URL

PwdRegister

User

http://myfimportal/_layouts/images/MSILM2/Scripts/AuthN.js?v=1073831938

onclick

User

http://myfimportal/IdentityManagement/aspx/authn/AuthNError.aspx?number=-2146823281

We can see that when attempting to register for SSPR from a client, we attempt to execute the AuthN.js script.  From here, we can see that we receive the AuthNError page returned with -2146823281.

You can utilize the err.exe tool to discover more about the error code returned.

Logon Screen Test

Are you able to click the Reset Password Link from the CTRL+ALT+DEL screen? 

In this issue, we were able to launch the Q&A Gate Questions from the Logon Screen.

Bit Version of Browser

Windows 7 comes with both the 32-Bit Internet Explorer, and the 64-Bit Internet Explorer.  Depending on the Bit version of the Add-Ins and Extensions will determine which Bit version of the Internet Explorer Browser that you will need to utilize with your SSPR.

In this particular issue, we were using the 32-Bit Version of Internet Explorer.  Once we moved to the 64-Bit Version of Internet Explorer, we were able to launch the registration process and reset the password.
  • The bit version of the browser is important because it controls how you authenticate to the FIM Portal from the client to execute the SSPR registration.

CAUSE

The cause of this issue was two fold.  

  1. The build of FIM 2010 between the client and the server were different
  2. We were using the wrong Bit version of the Internet Explorer browser to the Bit version of the Add-Ins and Extensions installed.

RESOLUTION

In this issue we resolved the issue with two items:

  1. Install the FIM 2010 build 4.00.3606.2 (Update 2) for the Add-Ins and Extensions
  2. Use the 64-Bit Version of the Internet Explorer browser

ADDITIONAL INFORMATION / SEE ALSO

FIM LANDING PAGE: Resource Wiki and Troubleshooter Wiki Contents