MIM portal - The requestor's identity was not found for all users after service account password change RRS feed

  • Question

  • Hi guys,

    I've inherited a problem at a customer who has (apparently!) changed the passwords of the MIM service accounts and since they have, they get the "The requestor's identity was not found" error when logging on to the portal.  In the event log, no matter which user is attempting to log on, the missing identity is apparently the same: and it's that of the sync account. Services all look OK and are configured to use individual accounts, i.e. the sync service is using the sync account, MIM service has a MIMService AD account, and Sharepoint has its own too.

    If I turn off ASP.Net impersonation in IIS, the identity changes to that of the Sharepoint app pool, but still doesn't allow a user to log on, throwing the same error.

    I've checked Kerberos and SPNs look OK, as does delegation and there's no duplicate in the forest.  I've checked and togged requireKerberos=true in web.config and I've checked useAppPoolCredentials in applicationHost.config.

    Users look OK in SQL - the objectString and objectBinary tables suggest they have a domain, account name and a SID.

    Interestingly, Export-FIMConfig works OK which leads me to conclude that the user is definitely OK too.

    Any ideas? Especially where might it be configured to reference the sync account?



    Friday, October 12, 2018 11:23 AM

All replies

  • Can you check if the sync account is in the filter of MIMMA and ADMA? (e.g. <dn> Equals fb89aefa-5ea1-47f1-8890-abe7797d6497) 

    I would also turn on tracing on the MIM Service to get more info about the error.

    Ahmed is an independent consultant in Ottawa, Canada specialized in .NET, Biztalk, WCF, WPF, TFS and other Microsoft technologies.


    Twitter: ahmedalasaad

    Friday, October 12, 2018 3:01 PM