Could not connect to ResourceManagementService/MEX. TCP error code 10060:


Problem

When loading the FIM Self-Service Password Reset registration and reset web portals, an error is returned to the user.

The Forefront Identity Manager event log (located under Applications and Services Logs) on the server hosting the SSPR web portals contains one of the following error messages:

Could not connect to http://ServerName-fim02:5725/ResourceManagementService/MEX. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:5725

Could not connect to http://servername-fim02:5726/ResourceManagementService/SecurityTokenService/Registration. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:5726.

 

 

In a load balanced environment, the error message will only show up on the server that handled the request.

Diagnosis

In order for the FIM SSPR registration and reset portals to communicate with the FIM Service, ports 5725 and 5726 must be open on the firewall and allowing HTTP traffic from the FIM SSPR server(s) to the FIM Service server(s).

In this scenario, the problem existed because the FIM SSPR portals were configured to use the hostname of the FIM Service that is routed on the management network interface, and the firewall was only configured to allow traffic on ports 5725 and 5726 on the application network interface. Thus, the FIM SSPR portals could not communicate with the FIM Service as the ports were blocked when using the configured hostname for the FIM Service server.

Solution

In order to fix this problem, the FIM Self-Service Password Reset registration and reset web portals must be re-configured on all servers to use the hostname of the FIM Service server on the application network interface. As well, the external service address must be configured on the FIM Service to also use the hostname that is routed on the application network interface. The steps for doing this reconfiguration are outlined in the following sections.

Reconfigure FIM SSPR Web Portals

To reconfigure the FIM SSPR web portals, do the following on each of the FIM SSPR servers:

  1. Open the Control Panel
  2. Click Uninstall a program
  3. Select Forefront Identity Manager Service and Portal from the list
  4. Click Change
  5. The following screen will be displayed:
  6. Click Next
  7. On the next screen (shown below), click Change
  8. On the next screen (shown below) select I don’t want to join the program at this time and click Next
  9. On the next screen (shown below), ensure that only the FIM Password Registration Portal and FIM Password Reset Portal are selected
  10. On the next screen (shown below), enter the following:
    1. FIM SSPR service account that will be used to run the Password Registration Web Portal application pool
    2. Password of the FIM SSPR service account
    3. Host name, if necessary, that will be used for the password registration portal web site (Note: this will automatically display the previously configured value)
    4. Port that will be used for the password registration portal web site (Note: this will automatically display the previously configured value)
  11. Click Next
  12. On the next screen (shown below), click Next
  13. On the next screen (shown below), change the FIM Service Server address so that it uses the hostname that is routed on the application network interface (ttqwnapp-fim02-app in the acceptance environment)
  14. Click Next
  15. On the next screen (shown below), enter the following:
    1. FIM SSPR service account that will be used to run the Password Reset Web Portal application pool
    2. Password of the FIM SSPR service account
    3. Host name, if necessary, that will be used for the password reset portal web site (Note: this will automatically display the previously configured value)
    4. Port that will be used for the password reset portal web site (Note: this will automatically display the previously configured value)
  16. Click Next
  17. On the next screen (shown below), click Next
  18. On the next screen (shown below), change the FIM Service Server address so that it uses the hostname that is routed on the application network interface (ttqwnapp-fim02-app in the acceptance environment)
  19. Click Next
  20. On the next screen (shown below), click Change to complete the reconfiguration process and apply the changes.

Reconfigure FIM Service

To reconfigure the FIM Service, do the following on each FIM Service server as an administrator:

  1. Click Start
  2. Under All Programs > Accessories, right click on Notepad and select Run as Administrator
  3. Click File > Open
  4. Navigate to C:\Program Files\Microsoft Forefront Identity Manager\2010\Service
  5. Select ResourceManagement.Service.exe.config
    1. You may need to change the file type to All files to see this file
  6. Press Ctrl+F to open the Find dialog
  7. Type resourceManagementService into the text field and click Find Next until the following line is found:

<resourceManagementService externalHostName=”…” />

  1. Change the value of the externalHostName attribute so that it uses the hostname that is routable on the application network interface. In the acceptance environment this would be as follows:

<resourceManagementService externalHostName=”server-name” />

  1. Save the file
  2. Close Notepad
  3. Click Start
  4. Click Run…
  5. Enter msc
  6. Click OK
  7. Select Forefront Identity Manager Service in the list of services
  8. Right click and select Restart
Advertisements

FIM Service not available


Forefront identity Manager Service not available. Please contact your help desk or system administratorFIM_Service_Not_Available

You may get this message for several reasons but in this case, C drive ran out of space. Forefront Identity manager Events logs in following location: C:\Windows\System32\winevt\Logs and sometime this will grow very fast and it will use all the space in C drive.  Check the status available space in your C drive and it’s full you may want to delete some of the log files to free up the space and restart the computer.

Also see how to delete event log automatically : https://social.technet.microsoft.com/Forums/windowsserver/en-US/d6e594fc-9340-4e64-a53e-c2542c26435d/how-to-delete-event-logs-automatically-from-cwindowssystem32winevtlogs-folder?forum=winservergen

Failure when making a web service call when running Start-FIMReportingInitialSync.ps1


PS C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell> .\Start-FIMReportingInitialSync.ps1
Import-FIMConfig : Failure when making web service call.
SourceObjectID = e664d4b5-3874-40dc-81e0-53068a1480b3
Error = The web service client has encountered the following class of error: SystemConstraint
Details: Failed Attributes:
Additional Text Details: The Request contains changes that violate system constraints.
Correlation Identifier: 506742e1-ee39-4ed8-b79d-528da466e0f3
Failure Message:
Request Identifier:
At C:\Program Files\Microsoft Forefront Identity Manager\2010\Reporting\PowerShell\Start-FIMReportingInitialSync.ps1:46
char:47
+ $undone = $importObject | Import-FIMConfig <<<< -uri $uri;
+ CategoryInfo : InvalidOperation: (:) [Import-FIMConfig], InvalidOperationException
+ FullyQualifiedErrorId : ImportConfig,Microsoft.ResourceManagement.Automation.ImportConfig

Start-FIMReportingInitialSync

Based on: http://blog.msresource.net/2012/05/03/failure-when-making-a-web-service-call-when-running-start-fimreportinginitialsync-ps1/

It says we should enable Reporting Logging. I made sure Reporting Logging enabled but still having problem.

ReportingLoggingEnabled

I am stilling trying to find the solution and when I have one, I will update the post

 

Update

Go to computer\HKEY_Local_Machine\System\CurrentControlSet\Services\FIMService
Make sure Reporting Enable have value of 1

ReportingEnabled

I ran the script again and this time I am not getting any error messages

Start-FIMReportingInitialSync_noerror

FImReportingJob

 

How do I manually uninstall FIM Portal and Service 2010


The web application or web site at http://domainame could not be found. Please
create web application and web site in http://domainame and then click “Retry”. Click ” Cancel” to abort setup

uninstall FIM Portal and Service 2010
uninstall FIM Portal and Service 2010

 

FIM Portal and Service is trying to find a site which is not there anymore.  Just add  the url which FIM was looking into the Central Administration >> Alternate Access Mappings 

Save and exit out from Central Administration and try to uninstall now and it should work.  It worked for me.

Learning Forefront Identity Manager 2010


Where can I find learning materials about Forefront Identity Manager 2010?

Forefront Identity Manager 2010 R2 Landing page
http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager.aspx

Announcing Forefront Identity Manager 2010 R2 Service Pack 1
http://blogs.technet.com/b/server-cloud/archive/2013/01/31/announcing-forefront-identity-manager-2010-r2-service-pack-1.aspx

Video: What’s new in Forefront Identity Manager 2010 R2
http://technet.microsoft.com/en-us/video/what-s-new-in-forefront-identity-manager-2010-r2

Technical Overview of Microsoft Forefront Identity Manager 2010 R2
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM332

Forefront Identity Manager 2010 R2 Features
http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager-features.aspx

Forefront Identity Manager 2010 R2 Benefits
http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager-benefits.aspx

FIM 2010 technical Whitepaper
http://download.microsoft.com/download/4/7/7/4770964B-1EFA-4D45-8A3A-F29337233E17/0540FIM2010TWP.doc

First American Title Insurance Company: First American Reduces Costs with Streamlined Identity and Access Management
http://www.microsoft.com/casestudies/Microsoft-Forefront-Identity-Manager-2010/First-American-Title-Insurance-Company/First-American-Reduces-Costs-with-Streamlined-Identity-and-Access-Management/4000006604

Banque de Luxembourg: Financial Institution Gains Efficiency with Automated Identity and Access Management
http://www.microsoft.com/casestudies/Microsoft-Forefront-Identity-Manager-2010/Banque-de-Luxembourg/Financial-Institution-Gains-Efficiency-with-Automated-Identity-and-Access-Management/4000006579

BRED Banque Populaire Bank Modernizes IT Environment, Enhances Security by Upgrading Operating System
http://www.microsoft.com/casestudies/Windows-7-Enterprise/BRED-Banque-Populaire/Bank-Modernizes-IT-Environment-Enhances-Security-by-Upgrading-Operating-System/4000009250

Hyatt Corporation Hotelier Prepares for Rapid Move to Cloud with New Identity Management Solution
http://www.microsoft.com/casestudies/Windows-Server-R-Enterprise/Hyatt-Corporation/Hotelier-Prepares-for-Rapid-Move-to-Cloud-with-New-Identity-Management-Solution/710000001342

Some OCG FIM case studies
http://www.oxfordcomputergroup.com/resources.aspx?r=YZEJ41OJAL