none
Fim 2010 R2 RC - PasswordRgistration Issue RRS feed

  • Question

  • Hi,

    I am getting the following error when I try to register from the passwordregistration page.Please help on this where i am wrong.

    I have been enable all reuired mpr for password registration and all the setting which are required.

    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page
    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
    Details: System.InvalidOperationException: HttpContext.Current.User.Identity.Name is Null or Empty at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.GetDomainAndUserName(String& domain, String& userName) at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration() at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next() at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Regards

    Anil Kumar

    Friday, March 8, 2013 9:00 AM

All replies

  • 1. Check if on IIS application you have windows auth configured

    2. If yes, go to windows auth advanced propertied and disable kernel mode auth. This is assuming that you have standard configuration and application pool is working with specific account identity 


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    • Proposed as answer by nTony Ho Saturday, March 9, 2013 9:34 AM
    Friday, March 8, 2013 9:39 AM
  • Why are you still using a release candidate build? That is extremely old and unsupported.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Friday, March 8, 2013 6:16 PM
    Moderator
  • Hi Tomasz,

    Thank's for reply.

    I am not using window based password reset functionality,only installed FIM 2010 R2 web based functionality.(Client AddIns is not installed on PC,is it mandatory to installed on my pc or not for FIM 2010 R2 Web based SSPR Please confirm this point.) because client wants only web base SSPR 2010 R2 not window based SSPR 2010 R2

    Regards

    Anil Kumar

    Saturday, March 9, 2013 6:14 AM
  • The answer is again Tomasz's #1. Read it again carefully :)
    Saturday, March 9, 2013 9:34 AM
  • Hi!

    If you are installing the AD, fim and password reset portal on different machines then most probably this error is due to ports. You can check which ports should open for both side of communication.

    And if all components are on same machine then this is the SPN's problem.

    • Setspn –s http/passwordregistration.domainname.com domain\machinename$

    And also check if you add A or AAA record in DNS.

    I hope so it will start to work. If still its not working please let me explain your environment.


    M. Irfan

    • Proposed as answer by M.Irfan Monday, March 11, 2013 2:17 PM
    Monday, March 11, 2013 2:17 PM
  • Hi Again,

    Please check these links also

    http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx

    http://technet.microsoft.com/en-us/library/jj134295%28v=ws.10%29.aspx

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Monday, March 11, 2013 2:21 PM
    Monday, March 11, 2013 2:21 PM
  • Hi Irfan,

    Thank's for response.

    still i am facing same problem that mention above.

    i fallowed these links as you given

    http://technet.microsoft.com/en-us/library/jj134282%28v=ws.10%29.aspx.

    actually i have two server one for AD,ForeFornt Identity manager 2010 R2 and SQL Server 2008(Installed on this)

    and second for FIM SSPR 2010 R2(Password Registration and Password Reset portal) when we hit this URL https://passwordregistration.fimr2.com/

    then page is display but we click on Next Button then gives this error.

    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page.

    when we hit https://passwordreset.fimr2.com/ for password reset then gives this Error. 

    Access Denied

    Ensure you enter your user name correctly. If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)

    Please suggest what we do?

    Regards

    Anil Kumar.

    Tuesday, March 12, 2013 12:20 PM
  • Hi Again!

    I am wondering if you check the ports which link I send you before. Please download the port query tool from Microsoft and check if all ports are open for both side communication.

    And if all are open then check the MA if the password option is checked?

    One more thing when you was installing if it was on internet or intranet option you select?

    And are you trying to open the page on server? It would be better if you access the page or install the add-in at client machine.

    Recheck all MPR's

    If you follow all the steps as it is, it should not a problem. And I hope you also don't forget the delegation part.

    After doing all these please let me know if still problem is there.

    Regards,


    M. Irfan

    Wednesday, March 13, 2013 8:32 AM
  • go to IIS and disable Anonymous Auth for the SSPR Registration Portal
    Wednesday, March 13, 2013 9:17 AM
  • Hi Irfan,

    I did fallow all the steps as you suggest me but still same problem is coming.

    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000) Go to Self-Service Password Registration home page,so please suggest me what i do.

    Regards

    Anil Kumar

    Monday, March 18, 2013 6:06 AM
  • Hi Anil!

    Sorry You are facing problem.

    Please let me know few information.

    1. In the sets, password reset set can see some users?

    2. What is SPN for Password registration portal?

    3. FIM Service have the password reset group membership?

    4. IIS settings what is the authentication mode?

    5. AD MA did you check the check box for Password?

    And if you let me know these steps and will check every thing is ok. And if every thing will be OK then we have to go through all the steps again from start.

    Regards


    M. Irfan

    • Proposed as answer by M.Irfan Wednesday, March 20, 2013 2:03 PM
    Tuesday, March 19, 2013 5:45 AM
  • Hi Anil!

    I think I know why you have this problem.

    The user which you are using to register for password reset registration, that user is not allow.

    And reason I already mention you before couple of times. I tested this with one user to confirm this.

    1. User which you are login on machine, is in theFIM portal? 

    2. User have sid in the FIM portal?

    3. User which you are login, in password reset set?

    Make sure user which you are login on machine, this user will try to access the password registration portal by default. When service check this user, this user is not exist.

    I hope now your problem should resolve.

    Regards,


    M. Irfan

    • Proposed as answer by M.Irfan Wednesday, March 20, 2013 2:03 PM
    Wednesday, March 20, 2013 2:03 PM
  • Hi Irfan,

    Thank's for response.

    still i am facing same problem.I have been check all the setting which you mention in your response

    1. In the sets, password reset set can see some users?:All users are  present in this set.

    2. What is SPN for Password registration portal?:setspn.exe -s http/passwordregistration.fimr2.com fimr2\FIMPWD$,setspn.exe -s http/passwordreset.fimr2.com fimr2\FIMPWD$

    3. FIM Service have the password reset group membership?:Yes Fimservice account member of FIMSyncPasswordSet and FIMSyncBrowse group.

    4. IIS settings what is the authentication mode?:Anonymous Authentication

    5. AD MA did you check the check box for Password?:Yes it is checked

    1. User which you are login on machine, is in theFIM portal? :Yes all users in fim portal 

    2. User have sid in the FIM portal?:Yes User have sid in fim portal.

    3. User which you are login, in password reset set?:Yes All users present in password reset set .

    so please suggest me where i am wrong. this requirement is very urrgent boss,please provide the solution.i am waiting for your response.

    Regards

    Anil Kumar

    Tuesday, April 9, 2013 12:31 PM
  • As i mentioned earlier

    >> go to IIS and disable Anonymous Auth for the SSPR Registration Portal

    You need Basic Auth or Windows Authentication (with correct Kerberos settings)


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Wednesday, April 10, 2013 1:31 AM
  • Hi Anthony,

    when i disable Anonymous Auth for the SSPR Registration Portal then comes this Error.One more thing Window Authentication is not appear in IIS Authentication,so i am seeing only four Authentication in FIM SSPR Registration Portal Server.

    1.Anonymous Authentication:disabled

    2.ASP.Net Imperonation:Disabled

    3.Digest Authentication:Disabled

    4.Form Authentication:Disabled

    HTTP Error 401.2 - Unauthorized

    You are not authorized to view this page due to invalid authentication headers.

    Module IIS Web Core   Requested URL https://passwordregistration.fimr2.com:443/
    Notification AuthenticateRequest  Physical Path C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal
    Handler StaticFile  Logon Method Not yet determined
    Error Code 0x80070005  Logon User Not yet determined

    Regards

    Anil Kumar


    Wednesday, April 10, 2013 5:23 AM
  • Please install Windows Authentication and Basic Auth

    Server Manager -> Roles -> Web Server -> Add Role Services Then in the treeview it is: Internet Information Services -> World Wide Web Services -> Security


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Wednesday, April 10, 2013 5:27 AM
  • Hi Anthony,

    I have been installed Window Authentication and Basic Auth.After this i did Anonymous Authentication Disabled and Window Authentication Enabled.

    and try to access URL of SSPR Registration Portal that gives popup for Credentials,i provide the Credentials then gives this Error.

    Not Authorized

    HTTP Error 401. The requested resource requires user authentication

    Regards

    Anil Kumar

    Wednesday, April 10, 2013 9:27 AM
  • try to disable Windows Auth and just enable Basic Auth

    if that works, that means your Kerberos configuration is not correct.


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Wednesday, April 10, 2013 9:50 PM
  • Hi Anthony,

    Thank's for response.

    When i Disabled Window Authentication and Enabled Basic Authentication then try to access the SSPR Registration Portal then gives the fallowing Error:

    Please tell me how to check Kerberos configuration is correct or not correct. 

    Unrecognized User

    The current user account is not recognized by Forefront Identity Manager. Please contact your help desk or system administrator. (Error 3003)

    Go to Self-Service Password Registration home page

    Regards

    Anil Kumar


    Thursday, April 11, 2013 4:44 AM
  • have you sync the user from AD to FIM with all the required attributes?

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Thursday, April 11, 2013 8:40 AM
  • Hi Anthony,

    Thank's for help.

    My problem has been resolved as above disscused.

    But i am facing another problem.I install all component like FIM Synchronization Service,FIM Portal and FIM SSPR for Password Registration and Reset on single Machine(Single domain Computer).FIM Synchronization Service and FIM Portal Working fine but FIM Password Registration site is not working that gives fallowing Error:

    This web site can not be started.Another web site may be using the same port.

    when we installed FIM SSPR Password Poratl on machine then we assined 82 port for FIM Password Registration site and 83 for FIM Password Reset site.

    Regards

    Anil Kumar





    Wednesday, April 17, 2013 10:09 AM
  • Hi All,

    Any update mention above query,please reply ASAP.

    Regards

    Anil Kumar

    Monday, April 29, 2013 9:58 AM
  • try not to overload the same thread with multiple questions. that will get u faster response

    if you do a netstat /? that will let u know what's using the port

    Monday, April 29, 2013 7:29 PM