The goal of this article is to explain the steps to enable detailed error pages on the FIM Portal. These are more descriptive from an administrator point of view.

This article will not explain how to enable detailed tracing. Check the See Also section for a step by step procedure to enable detailed tracing.

Without Custom Error Pages

Whilst the default error page is user-friendly, it's administrator unfriendly. The error below is shown whenever something is wrong between the FIM Portal and the FIM Service.

The above error is accompanied by an entry in the Application Event log. The message is more or less the same: there's something wrong.

In words the message is:

The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly.
The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.
Ensure the portal configuration is present and points to the resource management service.

In order to have a better understanding as to what is wrong we can temporarily enable detailed error pages on the IIS side of the FIM Portal. For the following section we will edit several parts of the web.config of the FIM Portal that is typically located in:

C:\inetpub\wwwroot\wss\VirtualDirectories\80

 

note Important
Before you update the Web.config file, you should take a backup of the original file.

 

Enable Detailed Error Pages

In order to have a better understanding as to what is wrong we can temporarily enable custom error pages on the IIS side of the FIM Portal. Follow the following steps:

  1. Enable the callstack (Set CallStack="true")

    <SafeMode MaxControls="200" CallStack="true" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">
        <PageParserPaths>
        </PageParserPaths>
    </SafeMode>
  2. Disable custom error pages (Set mode="Off")

    <customErrors mode="Off" />
  3. Comment the ILMError HTTP module

    <httpModules>
        <clear />
        <!--<add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.0.3561.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />-->
        ...
    </httpModules>
  4. Perform an IISreset
  5. Reproduce the issue. You should now get a more descriptive error in internet explorer. Below is an example where I accidentally provided the wrong URL for the FIM Service during the FIM Portal installation.

You should now get a clear hint about what is going wrong. In this particular example the resourceManagementClient section in the web.config was wrong. 

<resourceManagementClient resourceManagementServiceBaseAddress="http://fimsvc.demo.local/:5725" timeoutInMilliseconds="60000" />
 

Disable Detailed Error Pages

In order to provide the user's a userfriendly message we can disable custom error pages after resolving the issue. Follow the following steps:

  1. Disable the callstack (Set CallStack="true")

    <SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">
        <PageParserPaths>
        </PageParserPaths>
    </SafeMode>
  2. Enable custom error pages (Set mode="On")

    <customErrors mode="On" />
  3. Enable the ILMError HTTP module

    <httpModules>
        <clear />
        <add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.0.3561.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        ...
    </httpModules>
  4. Perform an IISreset

Related FIM Forum Posts

See also

 

note Note
To provide feedback about this article, create a post on the FIM TechNet Forum.