none
FIM Portal URL is not consistent on all the Servers RRS feed

  • Question

  • Hi All,

    Hope you all well,

    My Current FIM environment is:-

    1). Server A (FIM Portal 1)

    2). Server B (FIM Portal 2)

    3). Server C (Both FIM Portals pointing to FIM Service Server C)

    4). Server  D (FIM Sync Server)

     Now my question is, I am facing error "Service not available" while accessing the FIM Portal 2 or FIM Portal 1 from server C and D. Actually, FIM Portal URL's is not accessible consistently on all the servers. Some time it works, some times not.

    I have checked by setting the SPN for FIM Service account but in vain.

    For reference Please find the below screen shot.

    

    Any help would be appreciated.

    Thanks


    ajay kumar

    Wednesday, April 9, 2014 11:25 PM

All replies

  • It looks like a problem with Kerberos configuration.

    Re-check SPNs (HTTP/FIMPortal and HTTP/ServerA, HTTP/ServerB and HTTP/ServerC should point to the same account), FIMService/ServerC should point to FIMService Account.

    Then re-check if FIM Portal on each server is properly configured in IIS - check if it is using account listed in SPNs, check if you have right config in ApplicationHost.config file:

    <system.webServer> 
       <security> 
          <authentication> 
             <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" /> 
          </authentication> 
       </security> 
    </system.webServer>
    
    Remember there is no GUI setting for this. You need to modify the ApplicationHost.config file from
    
    <%SystemDrive%>/Windows/System32/inetsrv/config folder on the IIS 7.0 machine.

    Check if you have configured delegation properly (FIMPortal->FIMService, FIMService->FIMService)

    Basically, go step by step with:

    FIM 2010 R2 Kerberos Settings


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Thursday, April 10, 2014 5:10 AM
  • Hi Dominik,

    I have test the same by setting SPN like:-

    1). Server A (FIM Portal 1)

    2). Server B (FIM Portal 2)

    3). Server C (Both FIM Portals pointing to FIM Service Server C)

    4). Server  D (FIM Sync Server)

     a). FIMInstall Account:-

    HTTP/Server A

    HTTP/Server B

    HTTP/Server C

    b). FIMService

    FIMService/Server C

    I am able to access URL's from Server A and B but not from C.


    ajay kumar

    Friday, April 25, 2014 8:47 PM