none
Prompted for credentials using FIM portal registration RRS feed

  • Question

  • Recently upgraded to R2. I wouldn't say it's a smooth process lol!

    Anyway when users attempt to register they get prompted for Windows credentials to the registration portal. 

    This is the same for my administrator account.

    However when I'm on the FIM server as the same administrator account and connect via browser to the URL for registration portal this works without any credential prompt - same for any of the users if I allow them access to the server.

    Any ideas?  

    Bago


    Friday, June 29, 2012 1:45 PM

Answers

  • If they enter their username and password, does it work for your users or does it just keep prompting them?

    At first glance, this sounds like a Kerberos failure.

    Check the client settings in IE.  Is the FIM server in the Local Intranet zone?  Check the zone security settings under User Authentication\Logon is set for "Automatic logon only in Intranet zone".  Also make sure that the DNS A record by which your clients resolve the IP of your FIM server matches the SPN (host/FQDN or http/FQDN) registered to the web server.

    There's a good writeup of Kerberos with FIM 2010 in mind here.

    Chris

    Friday, June 29, 2012 3:54 PM

All replies

  • Friday, June 29, 2012 2:20 PM
  • If they enter their username and password, does it work for your users or does it just keep prompting them?

    At first glance, this sounds like a Kerberos failure.

    Check the client settings in IE.  Is the FIM server in the Local Intranet zone?  Check the zone security settings under User Authentication\Logon is set for "Automatic logon only in Intranet zone".  Also make sure that the DNS A record by which your clients resolve the IP of your FIM server matches the SPN (host/FQDN or http/FQDN) registered to the web server.

    There's a good writeup of Kerberos with FIM 2010 in mind here.

    Chris

    Friday, June 29, 2012 3:54 PM
  • Cheers Chris. They do keep getting prompted without logging in and I was narrowing the problem down to Kerberos and SPN issues. I'll check the guide out and get let you know.

    Bago

    Saturday, June 30, 2012 1:20 AM
  • As Chris was saying, one of the key questions is.. does it work if you provide the correct login?

    If it does work - it's almost certainly an IE setting

    If not - check these

    • web.config
    • applicationhost.config
    • SPN
    • delegation settings
    • web site application pool identity

    Frank C. Drewes III - Architect - Oxford Computer Group

    Sunday, July 1, 2012 3:40 AM
  • Duplicate SPN was the problem.  Issue now resolved. 

    Thanks for the advice

    Bago

    Monday, July 2, 2012 10:03 AM