none
Locked out of fim portal - the requester's identity was not found RRS feed

  • Question

  • I'm not sure how I've done this, but I've managed to lock my domain admin account of the fim portal.

    I'm syncing from an authorative data source to my AD target domain. I don't actually need to access users in the FIM portal and users do not need portal access. I simply need to upload my data source users into my target OU.

    After completing several run profiles, I've ran into an issue where my domain admin account can't logon to:

    http://fimserver/IdentityManagement/Default.aspx

    I'm greeted with the message "Unable to process your request - the requester'd identity was not found"

    I don't actually need my domain admin account to be in the portal (I'm not sure if it ever was tbh), but I do need it to have access to the portal for the purpose of editing sync rules.

    How can I give my domain admin account access to the portal? I still have portal access via the installation service account.

    I did see one answer online which suggests editing the underlying SQL database, but this is something I'd much rather avoid.

    Thanks

    Friday, May 31, 2013 11:53 AM

Answers

  • Being "in the portal" is the only way for an account to have portal access.  One easy first step is to pop open the FIM Synchronization Service admin console, find your account on the Metaverse Search tab, and make sure it has a "Person"-type connector in the FIM MA, populated with the correct AccountName, ObjectSid, and Domain.

    Steve Kradel, Zetetic LLC

    Friday, May 31, 2013 2:22 PM

All replies

  • Being "in the portal" is the only way for an account to have portal access.  One easy first step is to pop open the FIM Synchronization Service admin console, find your account on the Metaverse Search tab, and make sure it has a "Person"-type connector in the FIM MA, populated with the correct AccountName, ObjectSid, and Domain.

    Steve Kradel, Zetetic LLC

    Friday, May 31, 2013 2:22 PM
  • That's what I've read, but I swear my domain admin account could logon to the portal previously without being in the portal as a user!

    The only thing I can think of is that maybe an earlier run profile pulled my domain admin account into FIM (although my domain admin account sits outside the only OU FIM has permissions on).

    For the time being, I've just reverted to using the service installation account.

    Friday, May 31, 2013 4:14 PM