none
FIM/MIM Email sending process - Differences between "normal email sending" and One-time Password email RRS feed

  • Question

  • Can someone explain me what are the differences between normal for example notification email sending process and One-time Password email sending process.

    I am using an SMTP email gateway and normal notification emails are sent correctly. When we try to reset a password with One-time Password, the One-time Password will not leave. SMTP email gateway says that at that time FIM/MIM are trying to authenticate which fails.

    Any suggestions what could cause this?

    Wednesday, March 16, 2016 6:45 AM

Answers

  • Problem solved.

    We needed to install SMTP server from server features and configure that to use SMTP relay. We tried to use SMTP from IIS8 but that didn't help.

    • Marked as answer by 2xTsei Friday, March 18, 2016 1:12 PM
    Friday, March 18, 2016 1:11 PM

All replies

  • Does the user that you are trying to reset the password has msidmOneTimePasswordEmailAddress attrbute filled? What does Event Log says or request on Portal?

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Wednesday, March 16, 2016 11:13 AM
  • Yes, the user has msidmOneTimePasswordEmailAddress.

    The request status is Denied.

    Request Workflow Remarks: ValidationError:OneTimePasswordValidationError

    Wednesday, March 16, 2016 11:29 AM
  • ok, so Validation error says that user has provided wrong code, but it seems that it was delivered successfully - can you check SMTP queue on mail server?

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Wednesday, March 16, 2016 12:12 PM
  • The password reset portal says "unable to send security code". We are using a SMTP proxy which is located on another domain. The Exchange logs says that MIM is trying to authenticate and fails. The normal emails from MIM are moving OK.

    So the user doesn't see the whole page where he should give the code.

    NOTE! Also the request says "ValidationError:UnableToSendSecurityCode".


    • Edited by 2xTsei Wednesday, March 16, 2016 12:37 PM
    Wednesday, March 16, 2016 12:23 PM
  • I would consider getting a network trace from the FIM server when this happens and look at the SMTP traffic, assuming it's plain text. That may give you an idea of where to start.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    Wednesday, March 16, 2016 2:07 PM
    Moderator
  • We noticed that when mail is going ok, the sender address is what is configured in Microsoft.ResourceManagement.Service.exe.config, but when the send fails, the sender address is MIMSERVICE.MACHINE.NAME.

    How is that possible?

    Friday, March 18, 2016 8:49 AM
  • Problem solved.

    We needed to install SMTP server from server features and configure that to use SMTP relay. We tried to use SMTP from IIS8 but that didn't help.

    • Marked as answer by 2xTsei Friday, March 18, 2016 1:12 PM
    Friday, March 18, 2016 1:11 PM