none
Issue in password reset using desktop Add Ins utility RRS feed

  • Question

  • Hi,

    I am facing  issue when users go for password reset using the SSPR client, they receive error pop-up saying “Could not connect to Password Reset Service”.
    We have tried restarted the FIM client machine,repair the FIM add ins on client system,restarted the FIM service,reset IIS etc.
    Please suggest to resolve the issue. We have  FIM 2010 R2 SP-1 with latest hotfix.

    Error in event log is as below.

    Source:        Microsoft.ResourceManagement.PasswordProxy
    Event ID:      3
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Description:
    PwdMgmtProxy: System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSInitiateCommunication()
       at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSSubmit(Byte[] gateData)
       at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.ValidateUser(ClientPipeContext& client)
       at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Authenticate(ClientPipeContext& client)
       at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft.ResourceManagement.PasswordProxy" />
        <EventID Qualifiers="0">3</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-01-14T12:01:46.000000000Z" />
        <EventRecordID>94</EventRecordID>
        <Channel>Forefront Identity Manager</Channel>
        <Security />
      </System>
      <EventData>

    Thanks
    Harry

    Thursday, January 22, 2015 7:43 AM

All replies

  • Hi Harry,

    Can you try to reach FIM portal from the client?

    Can you ensure that the FIM URL specified during the client add-in installation is the right one?

    Do you have any specific network configuration on the client?

    Regards,


    Sylvain

    Thursday, January 22, 2015 10:50 AM
  • Hello,

    The add-in already worked ? Or never ?

    /antho

    Thursday, January 22, 2015 12:49 PM
  • Are you registered to any Gate ?

    PwdMgmtProxy: System.NullReferenceException: Object reference not set to an instance of an object

    can you try to reset it by using passwordreset web portal ?

    Thursday, January 22, 2015 12:58 PM
  • Thanks all for your response.

    We have checked the below things are working fine.

    1. User  can reset his password using the Password reset URL.

    2. FIM Portal server is accessable from the client machine.

    3. Connectivity is fine between FIM server and client machine/desktop.Server is reachable from client machine.

    4. Ads Ins client has been  reinstalled.

    5. There are some other desktop in the same domain. User  can reset  their password using that Desktop via @window login screen.

    Only  few users are facing the issue in reseting  password via@windows login screen. They can reset the password via password URL on the same machine. It seems there may be some issue with the Add Ins installation  on machine.However, when we install the Add ins client, it successfully installed.

    Thanks

    Harry

    Friday, January 23, 2015 11:46 AM
  • Hello,

    I found an issue since the installation of last updates .NET 3.5SP1/ .NET 4.

    The CAS (Code Access Security) blocks the execution the FIMPasswordReset Service.

    I found a workaround, you have to disable the generation of Publisher Evidence https://msdn.microsoft.com/en-us/library/bb629393(v=vs.110).aspx.

    Edit the configuration file of the add-in into C:\Program Files\Microsoft Forefront Identity Manager\2010\Password
    Reset Client Service\PwdMgmtProxy.exe.config.

    Add following lines at the end of the file, just before </configuration> :    

    <runtime>
            <generatePublisherEvidence enabled="false"/>
        </runtime>

    Restart the computer. The add-in will work.

    /antho.



    • Edited by Antho09 Friday, January 23, 2015 2:00 PM
    Friday, January 23, 2015 1:40 PM