MIM SSPR and Azure MFA RRS feed

  • Question

  • Hi.

    I've been tasked with implementing SSPR into our environment utilising MIM and Azure MFA. 

    I had it all working perfectly, except for it wasn't applying the DefaultCountryCode from the MFASettings.xml file.....eventually managed to get that to work! but now i'm getting an error everytime a user tries to reset their password:

    Exception: The specified network password is not correct.
    ; StackTrace:    at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
       at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
       at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
       at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
       at pf_auth.send_message(String target, String message, String cert_file_path, String& body)
       at pf_auth.pf_authenticate_internal(PfAuthParams pfAuthParams, Boolean asynchronous, String& otp, Int32& call_status, Int32& error_id)
       at Microsoft.IdentityManagement.AzureMfaServiceProvider.PhoneAzureMfaProvider.AzureMfaAuthenticate(PfAuthParams pfAuthParams, Int32& callStatus, Int32& errorId); InnerException null; callStatus=0, errorId=0, Certificate File Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\MFACerts\cert_key.p12

    I've checked the account running the FIM Service and even tried reentering the credentials for this. I know they are correct as i can log in as that account. 

    Has anyone come across this before or can point me in the right direction?

    Many Thanks


    Thursday, November 22, 2018 10:33 AM


  • Managed to resolve this.

    I think that somehow (probably whilst trying to troubleshoot the default country code issue) the wrong version of the certificate ended up in the folder, and thus the cert_password in the MFAsettings.xml was incorrect. 

    I swapped this value out for one from a backup i had and restarted the service, and it is all now working.

    • Marked as answer by atonyg Friday, November 23, 2018 10:21 AM
    Friday, November 23, 2018 10:21 AM