none
Password reset problem "The web portal received a fault error from the FIM service." RRS feed

  • Question

  • Having a bit of trouble with the password portals.

    I've got users flowing into the portal from AD and an SQL database. The password registration portal is working fine, the reset portal asks me to answer my security questions then prompts me to enter a new password. When I enter a new password I receive:

    An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. 
    (Error 3000)

    Checking the event logs there are three errors:

    The web portal received a fault error from the FIM service.
    Details:
    Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: DataRequiredFaultReason
       at Microsoft.ResourceManagement.WebServices.ResourceFactoryClient.Create(Message request)
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.ResetProxy.InteractWithPasswordResetActivity(SecureString newPassword, String activityEndpoint, String workflowInstanceId, ContextualSecurityToken sessionSecurityToken)
    Web Portal: FIM Password Reset Portal
    Session Id: xyfb1tjb0w1suqa0ikqdhp45
    IP Address: ::1

    Microsoft.IdentityManagement.CredentialManagement.Portal: System.Web.HttpUnhandledException: ScriptManager_AsyncPostBackError ---> System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Site.ScriptManager_AsyncPostBackError(Object sender, AsyncPostBackErrorEventArgs eventArgs)
       at System.Web.UI.ScriptManager.OnAsyncPostBackError(AsyncPostBackErrorEventArgs e)
       at System.Web.UI.PageRequestManager.OnPageError(Object sender, EventArgs e)
       at System.Web.UI.TemplateControl.OnError(EventArgs e)
       at System.Web.UI.Page.HandleError(Exception e)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest()
       at System.Web.UI.Page.ProcessRequest(HttpContext context)
       at ASP.default_aspx.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    The error page was displayed to the user.
    Details:
    Title: Error
    Message: An error has occurred. Please try again, and if the problem persists, contact your help desk or system administrator. (Error 3000)
    Source: 
    Attributes: 
    Details: System.InvalidProgramException: Error while performing the password reset operation: PWUnrecoverableError
       at Microsoft.IdentityManagement.CredentialManagement.Portal.Reset.AttemptToResetPassword()
       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    CorrelationId: 
    RequestId: 
    ErrorCode: 3000
    CaughtTime: 01/22/2013 13:06:33
    
    Web Portal: FIM Password Reset Portal
    Session Id: xyfb1tjb0w1suqa0ikqdhp45
    IP Address: ::1

    I've tried looking at existing suggestions for such a problem but nothing seems to have worked! Any clues? 

    Thanks.


    • Edited by FIM-EN Tuesday, January 22, 2013 1:17 PM
    Tuesday, January 22, 2013 1:11 PM

Answers

  • also, check the *.exe.config for FIMService. Make sure FIMService is talking to the right FIMSync machine

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    • Marked as answer by FIM-EN Sunday, January 27, 2013 10:46 AM
    Friday, January 25, 2013 3:38 AM
  • The portal server was listed where it should have had the sync server in one of the *.exe.config files. Corrected this, restarted the servers and that's resolved the namespace problem. There are other errors showing as a result of permissions not being set correctly but I will hopefully be able to resolve these. Many thanks indeed for your help! 

    • Marked as answer by FIM-EN Sunday, January 27, 2013 1:48 PM
    Sunday, January 27, 2013 10:50 AM

All replies

  • Have you enabled password management in your AD Management Agent under the configure extensions section?

    Also try enabling the Password Synchronization under the Tools -> Options Manu of the Sync Service Console.

    That might help.

    Tuesday, January 22, 2013 1:48 PM
  • Thanks for the reply.

    Yeah, password management and password synchronization is enabled in all of the relevant places.

    One thing I didn't mention that might make a difference is that I have two ADMAs, one for some users who are provisioned by FIM with an SQL database as the source and one for importing some AD users into the portal who also need SSPR but who are not provisioned by FIM - does this make a difference?

    Tuesday, January 22, 2013 2:19 PM
  • Ah well I am not a fan of two AD MAs so never used two. Don't know if that's the problem or not. But make sure you enable the password sync on the AD MA which is provisioning the users who need SSPR and also make that AD MA source for password sync.
    Tuesday, January 22, 2013 3:29 PM
  • Both AD MAs need password syncing. When you say 'make sure that AD MA source for password sync' what do you mean?

    Do you think I've gone about this the wrong way? The information I'm importing for the different users are massively different so it seemed the most logical way to do it. 

    Thanks

    Tuesday, January 22, 2013 3:36 PM
  • I can't say it is wrong as you may know the exact requirements for your scenario. I just mentioned that i never used two AD MAs myself.

    by Source of Password Synchronization I mean open your AD MA Properties and in the Configure Directory Partitions section you will find the check box saying, Enable this partition as password synchronization source. Make sure you do this in ONLY one AD MA as doing it on both may generate an indefinite loop on the user objects.

    Tuesday, January 22, 2013 3:44 PM
  • Thanks, checked the partition box and have enabled it with exactly the same results :(.
    Tuesday, January 22, 2013 8:19 PM
  • please post the event log from the FIMService machine. It should have a callstack

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Wednesday, January 23, 2013 8:35 AM
  • System.Management: System.Management.ManagementException: Invalid namespace 
       at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
       at System.Management.ManagementScope.InitializeGuts(Object o)
       at System.Management.ManagementScope.Initialize()
       at System.Management.ManagementObjectSearcher.Initialize()
       at System.Management.ManagementObjectSearcher.Get()
       at Microsoft.ResourceManagement.PasswordReset.ResetPassword.ResetPasswordHelper(String domainName, String userName, String newPasswordText)

    Since my last post the server has been restarted and I am now receiving this error every few seconds:

    System.Web.Services: System.Net.WebException: The request failed with HTTP status 403: Forbidden.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.ExchangeServiceBinding.FindItem(FindItemType FindItem1)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.<OnPollTimerExpired>b__0(Boolean findUnreadItems)
       at Microsoft.ResourceManagement.WebServices.Mail.Exchange.MailChannel.ExchangeMailChannelListener`1.ExchangeMailListener.OnPollTimerExpired(Object state)

    Wednesday, January 23, 2013 9:15 PM
  • you have a broken WMI namespace for FIMSync

    try to follow this post to fix it

    http://social.technet.microsoft.com/Forums/en/ilm2/thread/95e44e51-14fd-4934-9724-9b939f0cbe5b


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Wednesday, January 23, 2013 9:25 PM
  • Thanks Anthony, followed the instructions but no luck. The WMI was showing on the sync server but I followed the instructions anyway, restarted: same problem.
    Wednesday, January 23, 2013 9:43 PM
  • Hello FIM-EN

    If you went through and fixed the namespace, do you still see the namespace error message?  There are some WMI log files under C:\Windows\System32\WBEM\Logs.  Can you send those over to me, and I will take a look at them?

    Additionally, if you execute the following steps, do you see the MicrosoftIdentityIntegrationServer Namespace?

    1. Open Server Manager and Expand Configuration
    2. Right mouse click on WMI Control and select Properties
    3. Click on the Security Tab and Expand Root
    4. Is the MicrosoftIdentityIntegrationServer Namespace there?


    Tim Macaulay Security Identity Support Team Support Escalation Engineer

    Thursday, January 24, 2013 4:57 PM
  • also, check the *.exe.config for FIMService. Make sure FIMService is talking to the right FIMSync machine

    The FIM Password Reset Blog http://blogs.technet.com/aho/

    • Marked as answer by FIM-EN Sunday, January 27, 2013 10:46 AM
    Friday, January 25, 2013 3:38 AM
  • Hi Tim,

    Thanks for the reply. The namespace error is still occurring and there are no log files in that folder on either FIM server. The MicrosoftIdentityIntegrationServer namespace is showing correctly on the server.

    Thanks.

    Friday, January 25, 2013 10:39 AM
  • The portal server was listed where it should have had the sync server in one of the *.exe.config files. Corrected this, restarted the servers and that's resolved the namespace problem. There are other errors showing as a result of permissions not being set correctly but I will hopefully be able to resolve these. Many thanks indeed for your help! 

    • Marked as answer by FIM-EN Sunday, January 27, 2013 1:48 PM
    Sunday, January 27, 2013 10:50 AM
  • Select MicrosoftIdentityIntegrationServer

    Click the Security button in the lower right

    What groups do you have listed there that can access the WMI namespace?


    Tim Macaulay Security Identity Support Team Support Escalation Engineer

    Sunday, January 27, 2013 3:42 PM
  • Thanks Tim, problem is now resolved, an incorrect server name was entered in a *.exe.config file causing the namespace problem.

    Tuesday, January 29, 2013 10:13 AM
  • Hi AnthonyHo,

    I am facing the exactly same issue. Can you please guide me that where I can find this file "*.exe.config"? We have two separate machines running, one is for Sync server and second is for portals (FIM service, password portal etc.)

    So where can I find this file?

    Thanks


    F.

    Monday, May 6, 2019 8:31 AM
  • Hi AnthonyHo,

    I am getting this error: System.Management: System.Management.ManagementException: Access denied on fim service machine and while at the same time getting this error on fim sync machine: 

    The server encountered an unexpected error while performing an operation for the client.
     
     "BAIL: MMS(5084): ..\server.cpp(8094): 0x80070005 (Access is denied.)
    Forefront Identity Manager 4.4.1302.0"

    Can you guide for this?


    F.

    Thursday, May 9, 2019 12:12 PM