none
Unauthorized http error 401.1 when trying to load FIM Password Registration Site RRS feed

  • Question

  • Hello,

    I have deployed FIM 2010 R2 with Password Registration Site and Password Reset. While testing my environment I run into the following problem:

    => When opening https://passwordregistration.contoso.com:443 I get an authentication Dialog three times and then I get an "unauthorized http error 401.1" ... any ideas?

    BR, juvi

    Friday, December 7, 2012 2:55 PM

Answers

  • I had exactly the same issuea few days ago, and the resolution was, for me :

    • Having an A record for the URL (passwordregistration.contoso.com for you)
    • Creating a SPN for this url with the machine name (ex: setspn -S http://passwordregistration.contoso.com CONTOSO\SERVERNAME$)

    Maybe you don't have the SON with the machine name...


    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

    • Marked as answer by juvi123 Saturday, December 8, 2012 5:30 PM
    Friday, December 7, 2012 3:56 PM

All replies

  • Hello!

    I think it's a Kerberos Delegation issue. Do you have created the SPN ? Does your URL corresponding to a CNAME or A record in DNS ?


    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

    Friday, December 7, 2012 3:45 PM
  • Hello and thanks for reply...It is a DNS host entry on the DC...the Kerberos authentication works fine for the SharePoint site and identitymanagement page...am I missing an SPN?

    BR, juvi

    Friday, December 7, 2012 3:51 PM
  • I had exactly the same issuea few days ago, and the resolution was, for me :

    • Having an A record for the URL (passwordregistration.contoso.com for you)
    • Creating a SPN for this url with the machine name (ex: setspn -S http://passwordregistration.contoso.com CONTOSO\SERVERNAME$)

    Maybe you don't have the SON with the machine name...


    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

    • Marked as answer by juvi123 Saturday, December 8, 2012 5:30 PM
    Friday, December 7, 2012 3:56 PM
  • Thanks I will give a try for this!

    BR, juvi

    Friday, December 7, 2012 3:58 PM
  • off topic: while one might choose to use kerberos, there is no delegation involved.


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Friday, December 7, 2012 11:03 PM
  • THANK YOU that was my mistake ;) forgot make this spn ... just a short question to this: during Installation: is it necessary to provide a HTTPS link for the Password Registration Site? I mean is it also possible to use it without SSL? In my current configuration I provided HTTPS and it uses an untrusted certificate (have no CA currently available in my test Environment) .. I get one authentication prompt but then the Password Registration Site is loading just fine...

    BR, juvi

    Saturday, December 8, 2012 5:33 PM
  • It's better to use HTTPS, but you don't have to :)

    If I mean right what you said, you are still prompted for an authentication ?


    Kevin PHELIPPO http://blogs.nelite.com/blogs/identitysolutions/default.aspx

    Monday, December 10, 2012 11:55 AM