none
FIM Portal Error - the fim service could not be contacted RRS feed

  • Question

  • Hi eveyone,

    I have problems doing operations on remote FIM Portal (FIM 2010 R2).

    when i connected from the server (where FIM portal installed) i successful to do it.

    From remote host:

    Remote Host

    from the local server (where FIM Installed):

    you can see the same user (Administrator) and the same URL, how can i fix it?

    thanks for your help,

    FIMAVI

    Wednesday, October 10, 2012 4:16 PM

Answers

  • Your SharePoint application user needs a delegation to FIMService. I had that exact problem a few weeks ago.

    Also HTTPS/servername  isn't needed. HTTP/servername covers it.


    Frank C. Drewes III - Architect - Oxford Computer Group


    • Edited by Frank Drewes Thursday, October 11, 2012 11:09 PM
    • Marked as answer by Avihai HMVP Friday, October 12, 2012 1:33 PM
    Thursday, October 11, 2012 11:08 PM

All replies

  • Since it works from portal server itself and fails from remote host, I would think this is a problem with Kerberos/Delegation. Make sure the account being used for the SharePoint app pool and the account being used for the FIM service have their SPNs and delegations configured as described in:

    http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx

    Also, you can run setspn -x from command prompt to verify that none of the SPNs are duplicated, that can cause problems like this as well.

    Thursday, October 11, 2012 4:00 AM
  • Since it works from portal server itself and fails from remote host, I would think this is a problem with Kerberos/Delegation. Make sure the account being used for the SharePoint app pool and the account being used for the FIM service have their SPNs and delegations configured as described in:

    http://technet.microsoft.com/en-us/library/ff512685(v=ws.10).aspx

    Also, you can run setspn -x from command prompt to verify that none of the SPNs are duplicated, that can cause problems like this as well.

    Hi Glenn,

    I checked the settings of SPN and everything looks good

    FIMService SPN:

    SharePoint Service SPN:

    What could be the problem?

    Thanks for your help

    FIMAVI

    Thursday, October 11, 2012 7:31 AM
  • Are you prompted to log in when you access the remote FIM portal page?  That could indicate that your IE client failed to pass your credentials and reverted back to NTLM.  You might review the security settings for your browser to ensure it will support the automatic logon (or always require credentials, which in most cases is less preferred).

    If reading the TechNet article isn't helping you resolve it, you might get a better understanding of the process from:

    FIM 2010: Understanding Kerberos Authentication Setup

    Chris

    Thursday, October 11, 2012 1:36 PM
  • Your SharePoint application user needs a delegation to FIMService. I had that exact problem a few weeks ago.

    Also HTTPS/servername  isn't needed. HTTP/servername covers it.


    Frank C. Drewes III - Architect - Oxford Computer Group


    • Edited by Frank Drewes Thursday, October 11, 2012 11:09 PM
    • Marked as answer by Avihai HMVP Friday, October 12, 2012 1:33 PM
    Thursday, October 11, 2012 11:08 PM
  • Thanks to all you helped me a lot.
    Friday, October 12, 2012 1:34 PM