none
FIM - "An error occured when attempting to reset your password, please try again"

    Question

  • I am running into trouble getting the actual reset of a password to occur.

    Here are the steps I am following:
    - Login to desktop with example account and successfully register a user in the registration phase.
    - After logging out the user, I try the password reset function from a Windows 7 x64 client running the add-ins
      - It prompts me to enter my custom questions
      - It brings me to the "Enter your new password" screen. I enter a new password and it loops through the progress bar a couple of times
      - I get the "enter your new password" screen with an error message "An error occured when attempting to reset your password, please try again"

    On the client I receive the following error: "An error occured when attempting to reset your password, please try again", but see nothing on the back end. I am running "FIM RC1 - Update 3" on Windows 2008 R2

    Error Logs:
      Application: No messages
      System: No messages
      Security: No failure listings
      FIM: Shows a message long after the event occurs that says the "XmlInteractiveActivity 'authenticationGateActivity1.xmlInteractiveActivity1' running in WorkflowInstance '37e93477-7ed0-410a-86ed-97826d84971c' timed out waiting for response". I think this is a response to the message disappearing on the client

    I have followed the steps listed in the "Introduction to Password Reset" document and have validated everything up to Enabling Helpdesk to manage users section

    I have run through the following WMI test from AnthonyHo's and it is is successful:

     1. runas /u:domain\fim_svc cmd
     2. WBEMTEST
     3. connect to root\MicrosoftIdentityIntegrationServer
     4. select * from MIIS_CSObject WHERE Domain='...' and Account='...'
     5. get the MaGuid and PartitionGuid
     6. SELECT * FROM MIIS_ManagementAgent WHERE guid='{ma guid}'
     7. you should see your AD MA?
     8. get the __PATH of that object (e.g. \\FIMSERVER\root\MicrosoftIdentityIntegrationServer:MIIS_ManagementAgent.Name="AD")
     9. Go back to WBEMTEST main screen --> Execute method
    10. type the entire path from (8)
    11. Method --> Choose Get ServerStatus
    12. Edit In Parameter
     -> PartitionGuid-->Edit Property->not null
     ->{partition guid}->Save property->Save object
    13. Execute
    14. Edit out parameter, you should see success as return value

    It is probably something simple, but I am not sure how to collect the diagnostic information needed to resolve the issue. Does anyone have any recommendations for what to try next?

    Thanks,
    Dave


    Dave
    Wednesday, February 24, 2010 2:04 PM

Answers

  • To wrap this up, it's getting an error because of Timeout when client talks to the server (as observed from client log)

    You can change the timeout in the client config file (C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe.config)
    Change 6000 to something bigger

        <resourceManagementClient
            resourceManagementServiceBaseAddress="http://localhost:5725"
            timeoutInMilliseconds="60000" />
    The FIM Password Reset Blog http://blogs.technet.com/aho/
    Friday, February 26, 2010 2:36 AM

All replies

  • Does the password you are trying to put in meet the domain length, complexity and re-use requirements?
    I believe that FIM does not bypass these requirements like an administrator reset does.

    Check the AD MA account has sufficient permissions in AD
    Reset password = Allow
    Change password = Allow
    Replicate directory changes = Allow
    Read userAccountControl = Allow
    Write userAccountControl=Allow
    Read lockoutTime = Allow
    Write lockoutTime = Allow

    Those are the only things I can think of...
    WMI and DCOM registration must be okay if Anthony's test passed.
    Wednesday, February 24, 2010 7:00 PM
  • that timeout probably comes from previous attempts... default timeout is 5min, so the timeout msg won't should up right after u try to reset. i am looking for another error message


    How to enable server side tracing:
    C:\Program Files\....\FIM...\Service
    Microsoft.ResourceManagement.Service.exe.config

    1. follow the 3 steps in the config file
    2. change "fimDiagnostics.svclog" to "C:\Logs\fimDiagnostics.svclog"
    3. Update Error to "Verbose" (capital V) in <source name="Microsoft.ResourceManagement" switchValue="Error">
    4. create the folder C:\Logs
    5. restart FIMService
    6. notice the FIMService log is created

    retry the pwd reset using the client... see if u find anything interesting in the log (or event viewer)
    The FIM Password Reset Blog http://blogs.technet.com/aho/
    Wednesday, February 24, 2010 7:02 PM
  • After turn up the logging, I tried to do the password reset and got a lot of information back:)

    The main log entry that appears to be related to this is: "Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity.rules."

    There was some other errors or warnings in this section of the service trace, if you want I can include the detailed information for these as well:

    1. XmlInteractiveActivity 'authenticationGateActivity1.xmlInteractiveActivity1' running in WorkflowInstance '889ed25d-8766-427f-91b5-b168cdd824d7' timed out waiting for response.
    2. PWResetActivity'authenticationGateActivity1' running in WorkflowInstance '889ed25d-8766-427f-91b5-b168cdd824d7' timed out waiting for the user to submit a valid password.
    3. System.Workflow.ComponentModel.WorkflowTerminatedException: Exception of type 'System.Workflow.ComponentModel.WorkflowTerminatedException' was thrown.

    This is the trace information for the "Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity.rules." error:
    <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>2</EventID><Type>3</Type><SubType Name="Warning">0</SubType><Level>4</Level><TimeCreated SystemTime="2010-02-25T00:24:20.4756214Z" /><Source Name="Microsoft.ResourceManagement" /><Correlation ActivityID="{74f7af78-4d8f-44b0-a36d-d328515fa62c}" /><Execution ProcessName="Microsoft.ResourceManagement.Service" ProcessID="4864" ThreadID="11" /><Channel /><Computer>FIM</Computer></System><ApplicationData>Unable to resolve resource:Microsoft.ResourceManagement.Workflow.Activities.AuthenticationGateActivity.rules.<System.Diagnostics xmlns="http://schemas.microsoft.com/2004/08/System.Diagnostics"><LogicalOperationStack></LogicalOperationStack><Timestamp>1711935570627</Timestamp><Callstack>   at System.Environment.get_StackTrace()
       at System.Diagnostics.TraceEventCache.get_Callstack()
       at System.Diagnostics.XmlWriterTraceListener.WriteFooter(TraceEventCache eventCache)
       at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message)
       at Microsoft.ResourceManagement.Utilities.LoggingManager.EmitTrace(TraceEventType type, String message, String source, String warningCode)
       at Microsoft.ResourceManagement.Utilities.LoggingManager.ReportWarning(String msg, String source, String warningCode, String stackTrace)
       at Microsoft.ResourceManagement.Utilities.LoggingManager.ReportWarning(String msg)
       at Microsoft.ResourceManagement.Utilities.ExceptionHandler.ResourceResolveEventHandler(Object sender, ResolveEventArgs args)
       at System.AppDomain.OnResourceResolveEvent(String resourceName)
       at System.Reflection.Assembly._GetResource(String resourceName, UInt64&amp; length, StackCrawlMark&amp; stackMark, Boolean skipSecurityCheck)
       at System.Reflection.Assembly.GetManifestResourceStream(String name, StackCrawlMark&amp; stackMark, Boolean skipSecurityCheck)
       at System.Reflection.Assembly.GetManifestResourceStream(Type type, String name)
       at System.Workflow.Activities.Rules.ConditionHelper.GetRuleDefinitionsFromManifest(Type workflowType)
       at System.Workflow.Activities.Rules.ConditionHelper.Load_Rules_RT(Activity declaringActivity)
       at System.Workflow.Activities.Rules.RuleConditionReference.InitializeProperties()
       at System.Workflow.ComponentModel.DependencyObject.System.Workflow.ComponentModel.IDependencyObjectAccessor.InitializeDefinitionForRuntime(DependencyObject parentDependencyObject)
       at System.Workflow.ComponentModel.DependencyObject.System.Workflow.ComponentModel.IDependencyObjectAccessor.InitializeDefinitionForRuntime(DependencyObject parentDependencyObject)
       at System.Workflow.ComponentModel.CompositeActivity.OnInitializeDefinitionForRuntime()
       at System.Workflow.ComponentModel.DependencyObject.System.Workflow.ComponentModel.IDependencyObjectAccessor.InitializeDefinitionForRuntime(DependencyObject parentDependencyObject)
       at System.Workflow.ComponentModel.CompositeActivity.OnInitializeDefinitionForRuntime()
       at System.Workflow.ComponentModel.DependencyObject.System.Workflow.ComponentModel.IDependencyObjectAccessor.InitializeDefinitionForRuntime(DependencyObject parentDependencyObject)
       at System.Workflow.ComponentModel.CompositeActivity.OnInitializeDefinitionForRuntime()
       at System.Workflow.ComponentModel.DependencyObject.System.Workflow.ComponentModel.IDependencyObjectAccessor.InitializeDefinitionForRuntime(DependencyObject parentDependencyObject)
       at System.Workflow.Runtime.WorkflowDefinitionDispenser.LoadRootActivity(String xomlText, String rulesText, Byte[] xomlHashCode, Boolean createDefinition, Boolean initForRuntime)
       at System.Workflow.Runtime.WorkflowDefinitionDispenser.MruCache.GetOrGenerateDefinition(Type type, String xomlText, String rulesText, Byte[] md5Codes, Boolean initForRuntime, Boolean&amp; exist)
       at System.Workflow.Runtime.WorkflowDefinitionDispenser.GetRootActivity(String xomlText, String rulesText, Boolean createNew, Boolean initForRuntime)
       at System.Workflow.Runtime.WorkflowRuntime.InitializeExecutor(Guid instanceId, CreationContext context, WorkflowExecutor executor, WorkflowInstance workflowInstance)
       at System.Workflow.Runtime.WorkflowRuntime.Load(Guid key, CreationContext context, WorkflowInstance workflowInstance)
       at System.Workflow.Runtime.WorkflowRuntime.GetWorkflowExecutor(Guid instanceId, CreationContext context)
       at System.Workflow.Runtime.WorkflowRuntime.InternalCreateWorkflow(CreationContext context, Guid instanceId)
       at System.Workflow.Runtime.WorkflowRuntime.CreateWorkflow(XmlReader workflowDefinitionReader, XmlReader rulesReader, Dictionary`2 namedArgumentValues, Guid instanceId)
       at Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManager.StartWorkflowInstance(Guid workflowInstanceIdentifier, KeyValuePair`2[] additionalParameters)
       at Microsoft.ResourceManagement.WebServices.SecurityTokenService.Challenger.IssueAuthenticationChallenge(Message requestMessage, Object requestBody, Nullable`1 requestContext, UniqueIdentifier authenticationProcessIdentifier, List`1 accumulatedClaims, Nullable`1&amp; currentWorkflowInstanceIdentifier, AuthenticationChallengeType[]&amp; currentChallenges)
       at Microsoft.ResourceManagement.WebServices.SecurityTokenService.ProcessRequest(Message requestMessage, Object requestBody)
       at Microsoft.ResourceManagement.WebServices.SecurityTokenService.RequestSecurityToken(Message requestMessage)
       at SyncInvokeRequestSecurityToken(Object , Object[] , Object[] )
       at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
       at System.ServiceModel.Dispatcher.ServiceOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
       at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp; rpc)
       at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
       at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
       at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
       at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
       at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
       at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
       at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
       at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
       at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
       at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item)
       at System.ServiceModel.Channels.InputQueue`1.Dispatch()
       at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state)
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
       at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
       at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
       at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
       at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)</Callstack></System.Diagnostics></ApplicationData></E2ETraceEvent>


    Dave
    Thursday, February 25, 2010 2:19 AM
  • try this...

    net stop FIMService
    del C:\Logs\fimDiagnostics.svclog
    net start FIMService

    <wait 1 minute>

    try to reset password and hit the error "An error occured when attempting to reset your password, please try again"

    Send a mail to me at http://blogs.technet.com/aho/contact.aspx
    i will reply u with my email, then you can zip up the log and send me to have a look
    The FIM Password Reset Blog http://blogs.technet.com/aho/
    Thursday, February 25, 2010 3:08 AM
  • To wrap this up, it's getting an error because of Timeout when client talks to the server (as observed from client log)

    You can change the timeout in the client config file (C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe.config)
    Change 6000 to something bigger

        <resourceManagementClient
            resourceManagementServiceBaseAddress="http://localhost:5725"
            timeoutInMilliseconds="60000" />
    The FIM Password Reset Blog http://blogs.technet.com/aho/
    Friday, February 26, 2010 2:36 AM