none
FIM 2010 R2 Password Reset Portal - Error 3001 RRS feed

  • Question

  • Hi

    I am getting the following error when connecting to the FIM Password Reset Portal (FIM 2010 R2):

    Access Denied Loading ... 
    Ensure you enter your user name correctly. If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)

    I have also installed the Windows FIM Client on a few test Windows 7 systems to assist in password reset tests. Please note, this function works perfectly.

    All the relevant FIM 2010 R2 setup manuals were followed step by step during the install.

    The following error is also generated on the Password Reset Portal (Event Viewer) when I submit a request:

    User unauthorized to reset password. An unauthenticated user requested to reset the password for a user who does not have permission to reset their password using the FIM Password Reset Portal. The asserted identity was: Domain\User The user's IP address was: x.x.x.x Possible causes include: (1) user error inputting their identity, (2) user is permanently locked out, and (3) malicious user attempting to enumerate valid identities and/or reset password for other users. 

    Notes: The account used for testing is a valid and active account. This account is also included in the "Password Reset User Set".

    Looking forward in finding a resolution to this issue.

    Cheers, Franna




    • Edited by Franna81 Sunday, August 12, 2012 4:09 AM
    Wednesday, August 8, 2012 8:43 AM

Answers

  • >>Source: The supplied request content violates system rules.

    That means the SID for the SSPR Portal AppPool accounts are not known to FIMService. Please re-run FIMService's installer and provide the appropriate SSPR Portal AppPool accounts

    Thursday, July 25, 2013 2:07 PM

All replies

  • Am too faccing same problem, my another test account is working fine, but newly test created user are able to register or reset

    error screenshot below

    Event log

    The error page was displayed to the user.

    Details:

    Title: Access denied.

    Message: Error processing your request: The operation was rejected because of access control policies.

    Source: The supplied request content violates system rules.

    Attributes:

    Details: The Request contains changes that violate system constraints.

    CorrelationId: 6b998175-c180-41aa-980c-8f1e67c3f8dc

    RequestId: 755ea9f1-a19e-4999-937a-8591fa37ecc5

    ErrorCode: 3001

    CaughtTime: 08/13/2012 12:51:34

    Web Portal: FIM Password Reset Portal

    Session Id: ltq5dj55lidnbg45jtssw0vy

    IP Address: XXXXX

    Monday, August 13, 2012 7:59 AM
  • Hi There

    Please let me know if anyone can assist with this error. Help and ideas would be greatly appreciated in resolving this error.

    Cheers

    Franna 

    Sunday, August 26, 2012 6:41 AM
  • Hi franna and ragavendra dayakar.

    franna did you got password reset to work when using FIM client? or didnt?

    Did you flow objectSID of a user into FIM (I never tested if rich client reset will work without SID, but doubt that, also)? It wont work if you didn't.

    Other errors, did you allow Fim Service account access to namespace? try this http://technet.microsoft.com/en-us/library/hh824695(v=ws.10) and check if you did all the prereq's and configuration tweaks. It's pretty straight forward if you follow it the portal will work. At least it did for me in 2 different test labs.

    ps. enable verbose errors on the portal, it helps a lot to get the idea of what is wrong. i cant find the link how to do it now and cant really tell you a step by step way to do it, but its pretty simple, has nothing to do with FIM actually, so its easily googlable.
    pps. after reading it once again i have the feeling objectSID is the issue, at least for ragavendra dayakar.



    Sunday, August 26, 2012 6:55 AM
  • Hi,

    I am also facing the same issue. Could you please let me know how you solved it.

    Regards,

    praveena B

    Friday, February 1, 2013 10:10 AM
  • >>Source: The supplied request content violates system rules.

    That means the SID for the SSPR Portal AppPool accounts are not known to FIMService. Please re-run FIMService's installer and provide the appropriate SSPR Portal AppPool accounts

    Thursday, July 25, 2013 2:07 PM
  • Hi ,

    As per my understanding you should cross check ollowing things:

    1) Check if user is present in the Metaverse Because if user is on portal but not in Metaverse Thn that user can register for the password but will be unable to Reset.

    2) Check there a few MPR's which Admin has to enable for allowing a user for Password Registration and Reset.

    Please Follow following link for all required MPR list which should be Enabled:

    http://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx

    Hope this will help you to find your answer. If not please let me know. 

    Thanks~

    Giriraj Singh Bhamu

    Friday, July 26, 2013 5:29 PM
  • >>Source: The supplied request content violates system rules.

    That means the SID for the SSPR Portal AppPool accounts are not known to FIMService. Please re-run FIMService's installer and provide the appropriate SSPR Portal AppPool accounts

    Confirmed this fixed an error simular to the OP's in a lab.

    Thanks Anthony!

    Tuesday, September 17, 2013 8:09 PM
  • Re-running the Fim service installer will not brake the current FIM Service configuration? Nor reset all of the customizations we have implemented?


    Andre

    Thursday, December 11, 2014 8:49 PM
  • In my case it had been working for at least a year but a user that was recently registered (we do this automatically via powershell each day) wasn't working. 

    It was only failing for them. 

    So via powershell I unregistered the user for pw registration and then re-registered them.  I'm guessing something went awry during the automated process we use and one of the required objects wasn't applied to their account.  Their account *did* have the OTP password email listed.

    Here's the unregister code.  (domain/username/uri are specific to your env.)

    $usernamestring = ($domain + '\' + $username)
    
    Unregister-AuthenticationWorkflow -AuthenticationWorkflowName "Password Reset AuthN Workflow" -UserName $usernamestring -Uri $uri

    And here is the register code...

    $wftemplate = Get-AuthenticationWorkflowRegistrationTemplate -AuthenticationWorkflowName "Password Reset AuthN Workflow" -URI $uri    
    
    $usertemplate = $wftemplate.Clone()        $usertemplate.GateRegistrationTemplates[0].Data[0].Value=$personalemail    
    
    Register-AuthenticationWorkflow -UserName ($domain + "\" + $username) -AuthenticationWorkflowRegistrationTemplate $userTemplate -URI $uri


    • Edited by m_a_tt Wednesday, March 18, 2015 4:12 PM grammar
    Wednesday, March 18, 2015 4:11 PM