Issue

A new server is built to host the FIM Portal on top of SharePoint Foundation 2010. Previously, the FIM Portal was hosted on the same machine as the FIMService. Since the new Portal server was built, the administrator receives "Service Not Available" error page.

Troubleshooting

We went through the "Service not available troubleshooter".

  1. Verified and set SPNs for SharePoint app pool account, FIMService account.
  2. Checked web.config binding re-directs.
  3. Checked resourceManagementServiceBaseAddress was correct
  4. Used "debug.displayresource 2340" query against the FIMService DB to ensure we are using the administrator account.

After further troubleshooting we enabled Failed Request Tracing in IIS. (http://technet.microsoft.com/en-us/library/cc731798%28v=WS.10%29.aspx) In the trace we saw we were not using kerberos authentication.

We checked Windows Authentication in IIS and checked Providers. Enabled Providers ONLY showed NTLM.

Resolution

Adding Negotiate to the providers and prioritizing it above NTLM followed by an IISreset resolved the issue.

See also