The goal of this article is to explain the steps to enable detailed error pages on the FIM Portal. These are more descriptive from an administrator point of view.
This article will not explain how to enable detailed tracing. Check the See Also section for a step by step procedure to enable detailed tracing.
Whilst the default error page is user-friendly, it's administrator unfriendly. The error below is shown whenever something is wrong between the FIM Portal and the FIM Service.
The above error is accompanied by an entry in the Application Event log. The message is more or less the same: there's something wrong.
In words the message is:
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly. The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service.
In order to have a better understanding as to what is wrong we can temporarily enable detailed error pages on the IIS side of the FIM Portal. For the following section we will edit several parts of the web.config of the FIM Portal that is typically located in:
In order to have a better understanding as to what is wrong we can temporarily enable custom error pages on the IIS side of the FIM Portal. Follow the following steps:
<
SafeMode
MaxControls
=
"200"
CallStack
"true"
DirectFileDependencies
"10"
TotalFileDependencies
"50"
AllowPageLevelTrace
"false"
>
PageParserPaths
</
customErrors
mode
"Off"
/>
httpModules
clear
<!--<add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.0.3561.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />-->
...
You should now get a clear hint about what is going wrong. In this particular example the resourceManagementClient section in the web.config was wrong.
resourceManagementClient
resourceManagementServiceBaseAddress
"http://fimsvc.demo.local/:5725"
timeoutInMilliseconds
"60000"
In order to provide the user's a userfriendly message we can disable custom error pages after resolving the issue. Follow the following steps:
"On"
add
name
"ILMError"
type
"Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.0.3561.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35"