Friday, April 16, 2010

Installing Password Reset Client

Did a proof of concept a little while ago at a customer. We needed to install the password reset client and this was done quickly.
When asked to enter the FIM server name, the server name was prefix with 'http://' as the documentation says. The installation program accepted this and we continued on our quest to reset some passwords.
However, when trying to enroll a user, we kept getting a error message saying "An error occurred. If this continues please contact your system administrator".
We double-checked MPRs, ports, firewalls and everything. Even tried out Fiddler to check for network traffic and found nothing interesting. Finally, checked registry and sure enough, a strange URL had been written to the address value during installation to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Extensions\Intranet. The value said http://http//servername:5725/ instead of http://servername:5725/

Once we changed this, we were in business. Some lesson learned, ONLY specify the servername during installation, do not prefix with http og https. If you are on x64 machine, also change the corresponding settings in the 32-bit registry hive. Remember to restart FIMPasswordReset service after that.

Hopefully, Microsoft catches this and does some input validation in upcoming service packs.