FIM Topology

In this issue, we had three separate machines for the FIM Topology.

  1. FIM Portal Machine,
  2. FIM Service Machine,
  3. FIM Synchronization Service Machine

Problem Statement

You attempt to access the FIM Portal from a client machine as the FIM Administrator account. You receive three prompts for credentials and then you receive the error message:
"HTTP Error 401. The requested resource requires user authentication"
You verify that you can access the FIM Portal as the FIM Administrator on the FIM Portal machine, which is successful.

Some troubleshooting steps: 

  1. Verify access to the default SharePoint site
    1. In this issue, we received the same error message when attempting to access the default SharePoint site.
  2. Confirm the SPN (Service Principal Name) is correct on the SharePoint Service Account
  3. Check the Advanced Settings of Windows Authentication

Cause

The "Enable Kernel Mode Authentication" is enabled.

Resolution

Disable "Enable Kernel Mode Authentication" by unchecking it.


Resolution Steps

  1. On the FIM Portal machine, open IIS Manager
  2. Expand Sites and select SharePoint – 80
  3. Double click Authentication and then select Windows Authentication
  4. On the right, select Advanced Settings
  5. Un-check "Enable Kernel Mode Authentication"
  6. Click Ok
  7. Execute an IISRESET
    1. Open an Administrative Command-Prompt
    2. Type IISRESET and press Enter