Archives For FIM


Problem

When loading the FIM Self-Service Password Reset registration and reset web portals, an error is returned to the user.

The Forefront Identity Manager event log (located under Applications and Services Logs) on the server hosting the SSPR web portals contains one of the following error messages:

Could not connect to http://ServerName-fim02:5725/ResourceManagementService/MEX. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:5725

Could not connect to http://servername-fim02:5726/ResourceManagementService/SecurityTokenService/Registration. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:5726.

 

 

In a load balanced environment, the error message will only show up on the server that handled the request.

Diagnosis

In order for the FIM SSPR registration and reset portals to communicate with the FIM Service, ports 5725 and 5726 must be open on the firewall and allowing HTTP traffic from the FIM SSPR server(s) to the FIM Service server(s).

In this scenario, the problem existed because the FIM SSPR portals were configured to use the hostname of the FIM Service that is routed on the management network interface, and the firewall was only configured to allow traffic on ports 5725 and 5726 on the application network interface. Thus, the FIM SSPR portals could not communicate with the FIM Service as the ports were blocked when using the configured hostname for the FIM Service server.

Solution

In order to fix this problem, the FIM Self-Service Password Reset registration and reset web portals must be re-configured on all servers to use the hostname of the FIM Service server on the application network interface. As well, the external service address must be configured on the FIM Service to also use the hostname that is routed on the application network interface. The steps for doing this reconfiguration are outlined in the following sections.

Reconfigure FIM SSPR Web Portals

To reconfigure the FIM SSPR web portals, do the following on each of the FIM SSPR servers:

  1. Open the Control Panel
  2. Click Uninstall a program
  3. Select Forefront Identity Manager Service and Portal from the list
  4. Click Change
  5. The following screen will be displayed:
  6. Click Next
  7. On the next screen (shown below), click Change
  8. On the next screen (shown below) select I don’t want to join the program at this time and click Next
  9. On the next screen (shown below), ensure that only the FIM Password Registration Portal and FIM Password Reset Portal are selected
  10. On the next screen (shown below), enter the following:
    1. FIM SSPR service account that will be used to run the Password Registration Web Portal application pool
    2. Password of the FIM SSPR service account
    3. Host name, if necessary, that will be used for the password registration portal web site (Note: this will automatically display the previously configured value)
    4. Port that will be used for the password registration portal web site (Note: this will automatically display the previously configured value)
  11. Click Next
  12. On the next screen (shown below), click Next
  13. On the next screen (shown below), change the FIM Service Server address so that it uses the hostname that is routed on the application network interface (ttqwnapp-fim02-app in the acceptance environment)
  14. Click Next
  15. On the next screen (shown below), enter the following:
    1. FIM SSPR service account that will be used to run the Password Reset Web Portal application pool
    2. Password of the FIM SSPR service account
    3. Host name, if necessary, that will be used for the password reset portal web site (Note: this will automatically display the previously configured value)
    4. Port that will be used for the password reset portal web site (Note: this will automatically display the previously configured value)
  16. Click Next
  17. On the next screen (shown below), click Next
  18. On the next screen (shown below), change the FIM Service Server address so that it uses the hostname that is routed on the application network interface (ttqwnapp-fim02-app in the acceptance environment)
  19. Click Next
  20. On the next screen (shown below), click Change to complete the reconfiguration process and apply the changes.

Reconfigure FIM Service

To reconfigure the FIM Service, do the following on each FIM Service server as an administrator:

  1. Click Start
  2. Under All Programs > Accessories, right click on Notepad and select Run as Administrator
  3. Click File > Open
  4. Navigate to C:\Program Files\Microsoft Forefront Identity Manager\2010\Service
  5. Select ResourceManagement.Service.exe.config
    1. You may need to change the file type to All files to see this file
  6. Press Ctrl+F to open the Find dialog
  7. Type resourceManagementService into the text field and click Find Next until the following line is found:

<resourceManagementService externalHostName=”…” />

  1. Change the value of the externalHostName attribute so that it uses the hostname that is routable on the application network interface. In the acceptance environment this would be as follows:

<resourceManagementService externalHostName=”server-name” />

  1. Save the file
  2. Close Notepad
  3. Click Start
  4. Click Run…
  5. Enter msc
  6. Click OK
  7. Select Forefront Identity Manager Service in the list of services
  8. Right click and select Restart

Forefront identity Manager Service not available. Please contact your help desk or system administratorFIM_Service_Not_Available

You may get this message for several reasons but in this case, C drive ran out of space. Forefront Identity manager Events logs in following location: C:\Windows\System32\winevt\Logs and sometime this will grow very fast and it will use all the space in C drive.  Check the status available space in your C drive and it’s full you may want to delete some of the log files to free up the space and restart the computer.

Also see how to delete event log automatically : https://social.technet.microsoft.com/Forums/windowsserver/en-US/d6e594fc-9340-4e64-a53e-c2542c26435d/how-to-delete-event-logs-automatically-from-cwindowssystem32winevtlogs-folder?forum=winservergen