R2 Password-reset add-in cannot connect to password-reset service RRS feed

  • Question

  • I'm stumped on this one. I've tripple checked everything and can see nothing amiss. Hopefully someone wiser than I has an answer...

    R2 SSPR installation. From workstations, the add-in throws an error at the login screen when invoking password reset, or when you log in normally. The error is: "Could not connect to the password reset service. Wait one minute and try again. If the problem persists, please contact your helpdesk or system administrator".

    Bringing any one of the three FIM portals up in a browser works fine. Registration and reset can be done through the respective portals.

    Ports 5725 and 5726 have been opened on the hardware firewall and a port-scan shows that the workstation can successfully connect to the two ports. The firewall admin can see no dropped connections between the workstation and the FIM server.

    I've re-installed the add-in multiple times, both from the GUI and the command-line. The FIM service hostname is correct at install time. I confirm this by bringing up the http://fimserver:5725 and http://fimserver:5726 web-services up in a browser. The password-registration url is correct, again confirmed by loading in the browser.

    The local password-reset service is running. I've tried modifying the PwdMgmtProxy.exe.config file to uncomment the logging elements, increase logging to Verbose, enabling the log file writer as well. Log folder created, assigned everyone full permissions, restarted the service, tried again. Rebooted the machine, no change. There are no logs in the event log or any file created in the log file I specified in the config file.

    I'm stumped as to what could be causing this error. Is it saying it can't connect to the local service, or the remote fim service? I'm unsure but can't see anything wrong either way.

    Has anyone got any suggestions? Last day of a project, no more time so need to get this resolved ASAP! Any help appreciated.

    Wednesday, October 10, 2012 2:24 PM

All replies

  • did you try this ?

    step 7.

    DCOM WMI traffic? Did you add FS account to respective groups?

    I've had the same error when i forgot to perform steps "Enable DCOM for CORP\FIMService on FIM1" and "Enable CORP\FIMService privileges in WMI on FIM1"

    Wednesday, October 10, 2012 2:42 PM
  • Thanks for the reply. I double checked those settings and they're as they should be. I was quite hopeful there for a moment :)
    Wednesday, October 10, 2012 3:15 PM
  • I didn't get past this problem, though trying another machine in the same environment the problem wasn't exhibited. More testing is required but at this point there's obviously a suggestion that it's machine related.
    Wednesday, October 10, 2012 8:51 PM
  • hm... it might be related to your site not using https? your site doesn't? doesnt rich client try to connect to site using https only? O_o
    Thursday, October 11, 2012 7:59 AM
  • That error message is a bit mis-leading.

    That means the GateFramework can't establish a connect with PwdProxy (please refer to my blog for the overall architecture)

    can u do "net start FIMPasswordReset" and make sure it's started?

    The FIM Password Reset Blog

    Thursday, October 11, 2012 8:00 AM
  • Hi,

    With reference to this problem, please find here below the event logs and solutions I have reached during my analysis.

    Microsoft.ResourceManagement: System.TypeInitializationException: The type initializer for ‘Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient’ threw an exception. —> System.IO.FileNotFoundException: Could not load file or assembly ‘System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089′ or one of its dependencies. The system cannot find the file specified.

    File name: ‘System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089′

       at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient..cctor()


    WRN: Assembly binding logging is turned OFF.

    To enable assembly bind failure logging, set the registry value [HKLMSoftwareMicrosoftFusion!EnableLog] (DWORD) to 1.

    Note: There is some performance penalty associated with assembly bind failure logging.

    To turn this feature off, remove the registry value [HKLMSoftwareMicrosoftFusion!EnableLog].


       — End of inner exception stack trace —

       at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.SetBaseAddress(Uri baseAddress)

       at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.InitializeRegistryConstants()

       at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.DoStart()

       at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.OnStart(String[] args)

    The package of client extensions does not control the .Net framework and its requirements correctly. Thus, the following steps must be performed:

    For the smooth operation of the FIM client, there are some features and services at the Terminal Servers(especially). These have to established and started properly.

    • Net Framework 3.5 feature required  to be installed at the Server.
    • Server Manager -> Features -> Add Features -> .Net Framework, choosing the 3.5.1 Features, default settings, finish the setting.
    • .Net 4.0 Framework must be installed at the Server.
    • Even if .Net 4.0  is installed,  absolutely, .Net Framework 3.5 Feature must be installed.

    After all these when FIM Client setting is finished, server must be restated. Then all the services appear to operate correctly.

    Yavuz Eren Demir

    Wednesday, April 10, 2013 9:21 AM