Clik here to view.
Failure when making a web service call when running...
You invoke the script Start-FIMReportingInitialSync.ps1 and get the generic Failure when making web service call error from Import-FIMConfig. The error itself is “The web service client has...
View ArticleClik here to view.
Troubleshooting the FIM 2010 R2 Password Registration and Reset Portals
While developing multi-language SSPR, i.e. different sets of users configured to invoke a different AuthN WF with a different QA Gate configuration based on a “primary language” or “preferred...
View ArticleClik here to view.
Stay Disconnector validation error: msExchRecipientTypeDetails of user is no...
Scenario You are configuring the GAL MA and you receive the following error when you click Next on the Configure Connector Filter wizard page. Textually, the error is: Stay Disconnector validation...
View ArticleClik here to view.
FIM R2 Portal and SharePoint 2010
As I’m sure many of you know the Forefront Identity Manager 2010 R2 (FIM R2) portal can be deployed on either Windows SharePoint Services (WSS) 3.0 or SharePoint 2010 Foundation. What I didn’t...
View ArticleClik here to view.
AD FS 329: The certificate that is identified by thumbprint ‘’ could not be...
Scenario The Active Directory Federation Services (AD FS) 2.x service ADFSSRV will not start. Event ID 329 is logged in the AD FS 2.0/Admin event log. The pertinent text from event 329 is as follows:...
View ArticleClik here to view.
PWReset Activity could not connect to the directory #2
This post covers one of two reasons that the FIM Service fails to reset a password and throws the error PWReset Activity could not connect to the directory. The other issue is described here. A user...
View ArticleClik here to view.
FIM SSPR password reset fails with error PWReset Activity could not connect...
Two primary reasons for the Forefront Identity Manager 2010 (FIM) or Forefront Identity Manager 2010 R2 Self Service Password Reset (SSPR) password reset action workflow (WF) failing to successfully...
View ArticleClik here to view.
To install FIM portal, the setup needs to run under SharePoint Farm...
Scenario When attempting to install or uninstall Forefront Identity Manager 2010 R2 (FIM) you receive the following error: Textually: To install FIM portal, the setup needs to run under SharePoint Farm...
View ArticleClik here to view.
MSIS7613: The signing certificate of the relying party trust is not unique...
Scenario You are attempting to add a relying party (RP) trust to your Active Directory Federation Services (AD FS) 2.0 federation service (FS) and you get the following error: Textually: An error...
View ArticleClik here to view.
FIM, System.DirectoryServices and a memory leak
It all started with a slow synchronisation. Further inspection yielded several elements to the solution that strayed from recommended practice. One aspect that was definitely playing a part in the...
View ArticleClik here to view.
The server encountered an unexpected error creating performance counters for...
Scenario When the Forefront Identity Manager (FIM) 2010 or 2010 R2 Synchronization Service starts the following error is logged in the Application event log for each management agent (MA) configured:...
View ArticleClik here to view.
Issue with AD FS 2.0 security update MS13-066 (kb2843639)
On Tuesday August 14th, as part of regular patch releases, two patches were released for AD FS 2.0: kb2843639 and kb2843638. The update was described in kb2843639 and MS13-066. Installing these...
View ArticleClik here to view.
Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get...
Scenario You are setting up the Forefront Identity Manager (FIM) 2010 R2 Azure Active Directory (AAD) connector. Issue AAD connector import or export fail with stopped-extension-dll-exception error....
View ArticleClik here to view.
RPC Error 8453 Replication access was denied in Azure AD Sync Services #AADSync
Quick post to describe a common layer-8 issue. You’ve installed Azure AD Sync Services (AADSync) 1.0.0470.1023 (or later) and have setup password hash synchronisation, i.e. you are synchronising users...
View ArticleClik here to view.
Workplace Join failed 0x10dd (a.k.a. how to properly change/set your #ADFS...
This post is really a simple layer-8 issue, but I thought it justified a post as there’s a nuance or two that are worth discussing. I’m in the process of designing yet another Active Directory...
View ArticleClik here to view.
Configuring SAML sign-out in Active Directory Federation Services (AD FS)
Consider this scenario: you have a SAML2P Software-as-a-Service (SaaS) application, for example Salesforce.com Chatter, configured for Single Sign On (SSO) with Active Directory Federation Services....
View ArticleClik here to view.
FIM SSPR password reset fails with error PWReset Activity could not connect...
Two primary reasons for the Forefront Identity Manager 2010 (FIM) or Forefront Identity Manager 2010 R2 Self Service Password Reset (SSPR) password reset action workflow (WF) failing to successfully...
View ArticleClik here to view.
To install FIM portal, the setup needs to run under SharePoint Farm...
Scenario When attempting to install or uninstall Forefront Identity Manager 2010 R2 (FIM) you receive the following error: Textually: To install FIM portal, the setup needs to run under SharePoint Farm...
View ArticleClik here to view.
MSIS7613: The signing certificate of the relying party trust is not unique...
Scenario You are attempting to add a relying party (RP) trust to your Active Directory Federation Services (AD FS) 2.0 federation service (FS) and you get the following error: Textually: An error...
View ArticleClik here to view.
FIM, System.DirectoryServices and a memory leak
It all started with a slow synchronisation. Further inspection yielded several elements to the solution that strayed from recommended practice. One aspect that was definitely playing a part in the...
View Article