Environment 

  • Forefront Identity Manager 2010 R2
  • Remote SQL Server
  • Using a SQL Server Alias 


Overview

Attempting to reset a password via Self-Service Password Reset (SSPR) feature of FIM 2010 R2, we receive an error 3000 and are not able to reset the password. In review of the Application Event Log we can see the following "Access Denied" message.

APPLICATION EVENT LOG

mscorlib: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)

at System.Management.ManagementScope.InitializeGuts(Object o)

at System.Management.ManagementScope.Initialize()

at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get()

at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)

 

FIM SERVICE TRACE LOG

WQL:SELECT * FROM MIIS_CSObject WHERE (Domain='DOM' AND Account='user1') or (FullyQualifiedDomain='DOM' AND Account=' user1') or (Domain='DOM' AND UserPrincipalName='user1') or (FullyQualifiedDomain='DOM' AND UserPrincipalName='user1')

 

Cause

From the WQL statement, we can see that we are accessing SQL Server. In this case we were using a SQL Server Alias to connect to the backend SQL Server. The SQL Server Alias was configured incorrectly.

Resolution

Fixed the SQL Server Alias to reference the correct SQL Server