none
Is there a simple complete Deploy Guide for MIM Password Registration and Reset ANYWHERE??? I have problems configuring it. RRS feed

  • Question

  • I am struggling to configure the MIM 2016 Password Registration and Password Reset features that I managed to install.

    I followed the MIM Deployment guide and I believe I have them on my FIM Service server. mim1

    I want to run all 3 services on same server. MIM Portal (sharepoint port 80)  Password Registration on port 8080 ad Password Reset on port 8088.

    I discover these lines in the old FIM 2010 Deployment Guide:

    "If you are not going to have the password registration and password reset portals extranet facing and wish to install everything on one server, this is supported but there are some things that need to be considered. The first is that SharePoint for the FIM Portal will be using port 80 on IIS, so additional ports will be required for the password registration and password reset portals. Also, if you are installing everything on one machine and are using Kerberos then useAppPoolCRedentials=true will be set because SharePoint runs as a “farm”. If this is true, then the Application Pool account that runs the FIM Password Registration Site and the FIM Password Reset Site will need to have the appropriate SPNs and delegation configured."

    Just my scenario. One machine not extranet facing. BUT nowhere does it describe just what these "appropriate" SPNs and delegations are.

    All over the net there seems to be advice about this topic but no actual examples.

    I followed the MIM 2016 Deployment guide, it is hard to follow and has quite a few anomalies but what I used was:

    Password Registration server:  mim1.mimtest.local    Port 8080

    Pool Account  mimtest\MIMSSPR

    Password Reset server:   mim1.mimtest.local      Port 8088

    Pool Account mimtest\MIMSSPRSVC

    How do I check I am using Kerberos? How do I check the value of useAppPoolCRedentials?

    OK. and what are the appropriate necessary SPN(s) for me?

    HELP!!

    Wednesday, August 10, 2016 6:24 AM

All replies

  • You can try this:

    https://technet.microsoft.com/en-us/library/jj134309%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    and guide

    https://www.microsoft.com/en-us/download/details.aspx?id=29959


    1

    • Proposed as answer by alexiszp Wednesday, August 17, 2016 12:08 PM
    Wednesday, August 10, 2016 8:46 AM
  • THank you... I managed to put all pieces together.

    It seems you need to set SPNs for the machine:port for both the accounts.

    then via IIS8 check the settings.

    then follow to post install processes.

    Friday, August 12, 2016 10:45 AM
  • You can mark reply as "aswer" if it helps you.

    Thanks!


    1

    Wednesday, August 17, 2016 12:08 PM
  • No real idiots guide as far as I can tell.

    In my environment, with IIS8 and Windows Server 2012 R2, I can get the Password Registration service ONLY if I am logged onto the host hosting SSPR.

    I get 401 error if I try accessing that service from a different host in the domain.

    I have set the two SPNs I believe I need. SSPReg installed on MIM1 port 8080 and SSPReset on MIM1 port 8088

    setspn -s HTTP/MIM1.mydomain.local:8080  mydomain\MIMSSPR

    setspn -s HTTP/MIM1:8080  mydomain\MIMSSPR

    setspn -s HTTP/MIM1.mydomain.local:8088  mydomain\MIMSSPRSVC

    setspn -s HTTP/MIM1:8088  mydomain\MIMSSPRSVC

    still getting nowhere. I chose only Intranet access when installing the SSPR features.

    Are there any special IE settings required?

    Thursday, August 18, 2016 2:10 PM
  • Hey Harold

    Start with the latest MIM 2016 handbook (and yes follow the SPN's as stated !! ) I downloaded the PDF for $15 Aus but not sure if that price is still available. It'll be a great place to deploy all things MIM and is an excellent reference for us all see https://www.packtpub.com/virtualization-and-cloud/microsoft-identity-manager-2016-handbook also see the guru on SSPReset and SSPRegistration  at http://blogs.technet.com/aho

    Good MIMing

    Nigel

    Tuesday, August 23, 2016 11:02 AM