none
Error: Unable to send a security code. Please contact your help desk for assistance RRS feed

  • Question

  • Hello,

    I´m testing the SSPR adding the OTP functionality.

    I´m presenting the error: "Unable to send security code. Please contact your help desk for assistance"

    I was able to register but in this process but in the process of challenge for Password Reset after pass the security questions appear this error.

    FIMService@domain.com email account exists and was added during FIM 2010 R2 installation.

    I´ll appreciate the help to resolve this.

    Regards

    Thursday, July 26, 2012 10:14 PM

Answers

  •  

    Solved:

    "The FIM Service does of course need to be able to contact the SMTP gateway (or Exchange Web Service endpoint)." - Steve Kradel

    I´ve validated that the FIMService has permissions on Exchange to send emails Internal and External.

    From the FIM Server that has the FIM Service installed, validate that you can access:

    https://mailserver/EWS/exchange.asmx, this re-direct to: https://mailserver/EWS/Services.wsdl

    The parameter of MailServer that appear in the File: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config should target the https://mailserver/EWS/exchange.asmx address.

    “You need to verify that the Exchange Web Service (EWS) is accessible. You may need to add the certificate that Exchange is using to the local store on the FIM Server. There is information on how to do this here: http://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx” - Bill M.

    Thanks to Steve and Bill

    Friday, August 3, 2012 4:49 PM

All replies

  • If you are trying to send an Email OTP, check the Forefront Identity Manager category in the FIM Service's event logs.

    FIM cannot send SMS One-Time-Passwords out of the box, although a module and service to do this are available here.  (Disclaimer: I wrote a good portion of it. ;) )

    --Steve

    Friday, July 27, 2012 4:45 PM
  • I´m trying to send an Email OTP, the detailed error:

    Unable to send security code

    Unable to send a security code. Please contact your help desk for assistance.

    Go to Self-Service Password Reset home page

    Details:

    Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.OneTimePasswordDeliveryException: ValidationError:UnableToSendSecurityCode ---> System.ServiceModel.FaultException: ValidationError:UnableToSendSecurityCode at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request) at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer) at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper) at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetChallenge(String domain, String userName, ChallengeContext gateChallengeResponse) at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) --- End of inner exception stack trace --- at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.GetNextChallenge(String domain, String userName, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.DriverBase.GetNextGate(IGateControl currentGate) at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    The exchange resides in a different server, do i need to allow another port than 5725 and 5726?, i´ve applied the steps mentioned at:

    http://technet.microsoft.com/en-us/library/hh824696(v=ws.10)

    Thanks,

    Elías



    Monday, July 30, 2012 9:17 PM
  • There should be another, earlier warning/error message in the event log that details why the message couldn't be sent; the stack trace above is only informative to the extent that the service failed in an unspecified way.  You do not need to open more listening ports on the FIM Service box, but the FIM Service does of course need to be able to contact the SMTP gateway (or Exchange Web Service endpoint).

    --Steve

    Monday, July 30, 2012 9:23 PM
  • Thanks Steve,

    Error Logs:

    Application:

    The Forefront Identity Manager Service cannot connect to the Exchange Web Service.

    The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the failure may be due to incorrect Exchange Web Service configuration.

    Verify that the Exchange Web Service is reachable from the Forefront Identity Manager Service computer. Ensure that Exchange is running, that the network connection is active, and that the firewall is configured properly. Last, ensure that the Exchange Web Service configuration is correct in the Microsoft.ResourceManagement.Service.exe.config file.

    Forefront Identity Manager
    System
    - Provider
    [ Name] Microsoft.ResourceManagement
    - EventID 3
    [ Qualifiers] 0
    Level 2
    Task 0
    Keywords 0x80000000000000
    - TimeCreated
    [ SystemTime] 2012-08-02T17:45:18.000000000Z
    EventRecordID 2802256390
    Channel Forefront Identity Manager
    Computer FIM01.com
    Security
    - EventData
    System.Web.Services: System.Net.WebException: The request failed with HTTP status 405: Method Not Allowed. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems) at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)
    Thursday, August 2, 2012 5:49 PM
  •  

    Solved:

    "The FIM Service does of course need to be able to contact the SMTP gateway (or Exchange Web Service endpoint)." - Steve Kradel

    I´ve validated that the FIMService has permissions on Exchange to send emails Internal and External.

    From the FIM Server that has the FIM Service installed, validate that you can access:

    https://mailserver/EWS/exchange.asmx, this re-direct to: https://mailserver/EWS/Services.wsdl

    The parameter of MailServer that appear in the File: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\Microsoft.ResourceManagement.Service.exe.config should target the https://mailserver/EWS/exchange.asmx address.

    “You need to verify that the Exchange Web Service (EWS) is accessible. You may need to add the certificate that Exchange is using to the local store on the FIM Server. There is information on how to do this here: http://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx” - Bill M.

    Thanks to Steve and Bill

    Friday, August 3, 2012 4:49 PM