FIMPasswordReset Service - Increase of client Boot Time RRS feed

  • Question

  • Hi,

    I would be interested to know if anyone else has the same issue, e.g. how long does your client boot up process take with and without the FIM client installed?

    The issue:

    We have installed the forefront identity manager add-ins and extensions on clients, but this has increased the time for the OS to boot by 30 secs.  The version installed is 4.1.2273.0 (which i believe is the latest version e.g. no further updates) on Windows 7 64bit computers.

    Does/did anyone else have this issue and any suggestions on what could cause/resolve this issue?


    Friday, October 26, 2012 1:33 PM


  • if i were to guess, .NET is verifying the strong-name signature of the DLL and needs to download the CRL or the cert chain to verify the cert

    try this

    The FIM Password Reset Blog

    Thursday, April 25, 2013 8:51 PM

All replies

  • I'd get a network trace and process monitor trace - sounds like it's timing out waiting on something.

    My Book - Active Directory, 4th Edition
    My Blog -

    Friday, October 26, 2012 7:03 PM
  • how do u define boot time? what's start/end?
    Sunday, October 28, 2012 6:53 AM
  • I was classing boot time as the time it takes between turning computer on and getting to the log on screen.

    I have done some further investigation on this, as suggested by Brian, and found that during the boot up process the PwdMgmtProxy.exe is trying to access the internet, on IP address range

    When I allow the computer out to the internet (e.g. not being blocked by our Firewall) the service starts in between 10 - 15 seconds rather than 30 seconds plus.  Then when put the computer back to normal service (e.g. being blocked by the firewall) the service still starts in 10 - 15 seconds.  So looks like the service is trying to activate or something similar.

    Therefore, I need to know:

    a) why the local client service (FIMPasswordReset) is trying to access the internet.

    b) how to stop the client service (FIMPasswordReset) from trying to access the internet.

    I don't know if it makes any difference, but I installed the client via the silent install on all the computers using the following command line:

    msiexec.exe /q /i "Path to Media\Add-ins and extensions.msi" ADDLOCAL=PasswordClient RMS_LOCATION=SERVERNAME REGISTRATION_PORTAL_URL=http://passwordresetregistrationporal

    I have tried a reinstall but the same thing happens.


    Monday, October 29, 2012 10:39 AM
  • I have, once again, been drawn to look at this issue.

    I found that the time it takes for the service to start on the client (FIMPasswordReset service starts the application PwdMgmtProxy.exe) is 30 seconds.

    A couple of things I noticed when doing a network trace was:

    a) the service/application/process was trying to query for WPAD on our network everytime this service started.

    - i tracked this down to "WinHTTP Web Proxy Auto-Discovery Service" being set to start manually.  I disabled this and now the FIMPasswordReset service starts in roughly 7 seconds, an improvement to the "boot" time of the computer.

    b) the process/application (pwdmgmtproxy.exe) is still trying to query something on the internet on addresses 2.22.228.xx (these IP addresses belong to Akamai {MS content delivery provider}). A couple of things regarding this:

    - Does anyone else experience the same issue?? It is easy to check:

    -----Download and install Microsoft Network Monitor 3.4 onto the client computer where Password reset service is installed

    -----Close down all the applications you have running to make it easier to see the network traces.

    -----Stop the FIMPasswordReset service on the client

    -----Start network monitor and begin capture

    -----Start the FIMPasswordReset service on the client and wait until it has completed.

    -----Stop the network monitor capture and look over on the left hand side under "My Traffic" and expand PwdMgmtProxy.exe {if it is there}

    -----Do you see the services/process/application trying to access the internet?

    - I can't see anything in the documentation with regards to this. And our clients can't access the internet, therefore I would love to be able to stop this from happening.  Anyone know how to disable this?

    Any help would be great.


    Tuesday, April 23, 2013 4:16 PM
  • if i were to guess, .NET is verifying the strong-name signature of the DLL and needs to download the CRL or the cert chain to verify the cert

    try this

    The FIM Password Reset Blog

    Thursday, April 25, 2013 8:51 PM