I have encounter an issue with the SSPR registration as per http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/
I receive the following:
I have installed FIM 2010 and have updated it with Update 2. When I try to register for password reset and after answering the security gate questions I get the following error:
An error was encountered. Please call helpdesk or your system
administrator.
When I enable verbose logging for SSPR, I
received a different error in the Password Management Proxy Log:
mscorlib: System.ServiceModel.CommunicationException: An error
occurred while receiving the HTTP response to http://fimserver:5726/ResourceManagementService/SecurityTokenService/Registration. This could be due to the service endpoint binding not using
the HTTP protocol. This could also be due to an HTTP request context being
aborted by the server (possibly due to the service shutting down). See server
logs for more details. ---> System.Net.WebException: The underlying
connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing connection was
forcibly closed by the remote host. ---> System.Net.Sockets.SocketException:
An existing connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
Server
stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ContextRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception
rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityTokenResponse(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, MessageBuffer& messageBuffer)
at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer)
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSSubmitAndRetrieveChallenges(Byte[] gateData)
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityTokenResponse(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(Message request)
at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityTokenResponse(RequestSecurityTokenResponseType request, MessageBuffer& messageBuffer)
at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer)
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSSubmitAndRetrieveChallenges(Byte[] gateData)
The fix was the same as per the http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/f90bb6f0-6318-4085-9575-6175187c6ed7/:
you patched your deployment somehow?
That's a bug and fixed in RTM Update1
psexec.exe -s -d -i cmd.exe
mmc.exe
add Cert snap-in -> local machine -> computer account
Personal store --> right click the cert --> all tasks -->manage private key
grant FIMService service account read permission.
mmc.exe
add Cert snap-in -> local machine -> computer account
Personal store --> right click the cert --> all tasks -->manage private key
grant FIMService service account read permission.
psexec can be found at http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
I first downloaded PStools from the above link. I opened CMD and went to the folder were PSTools was installed. I then run the following command:
psexec.exe -s -d -i cmd.exe
A second cmd screen opens and I run the following command and steps:
mmc.exe
add Cert snap-in -> local machine -> computer accountPersonal store --> right click the cert --> all tasks -->manage private keygrant FIMService service account read permission.
After this I could successfully register for SSPR and could change the password.
