none
Error when loading FIM portal in new installation: The requestor's identity was not found. RRS feed

  • Question

  • I have just installed the FIM portal into my test environment.  The synchronisation service was already working perfectly (can provision users from a .csv file).
    The FIM Service and Portal are installed on a server (we'll call it SPF1), and the FIM sync service on another server (SYNC1)
    Whenever I try to log on to the fim portal with my standard user account (it has never worked), I get the following error:

    Unable to process your request.

    Please contact your help desk or system administrator.

    Error processing your request: The server was unwilling to perform the requested operation.

    Reason: The requester of this operation is invalid.

    Correlation Id: 7da76fce-5c9a-4596-90f7-8d7243c21de8

    Details: The requestor's identity was not found.

    >Go to Forefront Identity Manager home page

     

    (The web page header does show the FIM logo, so the portal itself is there).

    In the ForeFront logs on SPF1, I get the following:

    Log Name:      Forefront Identity Manager
    Source:        Microsoft.ResourceManagement
    Date:          1/13/2015 5:48:08 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SPF1.testdomain.internal
    Description:
    GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
        <EventRecordID>523</EventRecordID>
        <Channel>Forefront Identity Manager</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>GetCurrentUserFromSecurityIdentifier: No such user TESTDOMAIN\StandardUser, S-1-5-21-1(sid goes here)</Data>
      </EventData>
    </Event>

     

    Log Name:      Forefront Identity Manager
    Source:        Microsoft.ResourceManagement
    Date:          1/13/2015 5:48:08 PM
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SPF1.testdomain.internal
    Description:
    Requestor: Internal Service
    Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
    Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T01:48:08.000000000Z" />
        <EventRecordID>522</EventRecordID>
        <Channel>Forefront Identity Manager</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Requestor: Internal Service
    Correlation Identifier: da87f241-eee5-4bf5-b1dd-8a6728a2c627
    Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: IdentityIsNotFound
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetUserFromSecurityIdentifier(SecurityIdentifier securityIdentifier)
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.GetCurrentUser()
       at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)</Data>
      </EventData>
    </Event>

     

     


    Further, I note that it has trouble connecting to the web exchange connector.  I wonder if this is because I used an alias (for easy migration in the future) for which the certificate does not match the name for?  I'm connecting to "mail.testdomain.internal", although that's actually a NLB group between two CAS/HUB servers.
    Log Name:      Application
    Source:        Microsoft.ResourceManagement.ServiceHealthSource
    Date:          1/13/2015 7:43:49 PM
    Event ID:      12
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:     SPF1.testdomain.internal
    Description:
    The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

    The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

    Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement.ServiceHealthSource" />
        <EventID Qualifiers="0">12</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T03:43:49.000000000Z" />
        <EventRecordID>7581</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SPF1.testdomain.internal</Computer>
        <Security />
      </System>
      <EventData>
        <Data>The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

    The connection failure may be due to a network failure, firewall configuration error, or other connection issue.  Additionally, the failure may be due to incorrect Exchange Web Service configuration.

    Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer.  Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly.  Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.</Data>
      </EventData>
    </Event>

     

     

    I'm not really sure where to start investigating at this point.  The only other thing to note is that after installing the portal, I didn't see a new management agent in the synchronization service (I thought one was supposed to appear, though I could be mistaken).

    Wednesday, January 14, 2015 4:07 AM

Answers

  • I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
    • Marked as answer by Gareth.T Tuesday, February 24, 2015 7:35 PM
    Tuesday, February 24, 2015 7:35 PM

All replies

  • I eventually figured this out - it was that the portal management agent hadn't been created yet, I had to create it.
    • Marked as answer by Gareth.T Tuesday, February 24, 2015 7:35 PM
    Tuesday, February 24, 2015 7:35 PM
  • Hi Gareth,

    I have the same issue as you did.

    What did you mean by "portal management agent".

    Wednesday, February 24, 2016 6:41 PM
  • He is referring to the FIM MA.

    Best,

    Jeff Ingalls

    Wednesday, February 24, 2016 6:55 PM
  • Hmmm,

    My MA's are created and working.  I was able to join all my user accounts in the Portal.  I even see my account.  But when I try to access the Portal I am greeted with this little piece of joy.  Now having said that.  When I am on the Portal server and use the FIM Admin account to open the Portal, all looks good.  It's almost like I'm missing an MPR or a Set.  Of course I already checked the MPR's, unless I missed one...

    Wednesday, February 24, 2016 8:43 PM
  • Verify the account you're using has a presence in the portal... 

    AD NetBIOS domain --> Portal domain

    AD sAMAccountName --> Portal accountname

    AD ObjectSID --> Portal objectSID

    Best,

    Jeff Ingalls

    Wednesday, February 24, 2016 8:54 PM