After performing the Password Reset deployment tasks per http://technet.microsoft.com/en-us/library/ee534892(WS.10).aspx#reset_pswd_us_pswd_reset_portal you log into a machine and initiate the password registration sequence. Following the completion of the Gate questions, you receive and error stating:
“An error was encountered. Please call helpdesk or your system administrator”
Cause:
The reason for the error is that the FIM Service account does not have “READ” permissions on the “Forefront Identity Manager” certificate installed on the FIMService Server.
Resolution:
To resolve the issue, grant the FIMService account READ permissions to the certificate designated for Forefront Identity Manager. Assigning the permission via the certificate manager console > Manager Private Key.. process may fail with an “Access "Denied” error when initiated. In order modify the permissions, you will have to initiate the security permissions change by running the remote process in the system account. This can be performed by downloading PSEXEC on to the FIMService server and executing the command sequence in the order shown below:
On the server hosting FIMService, download and install psexec and execute the following procedure. In that order
psexec.exe -s -d -i cmd.exe
mmc.exe
add Cert snap-in -> local machine -> computer account
Personal store --> right click the cert --> all tasks -->manage private key
grant FIMService service account read permission.
Following the permissions change, the Password Reset Registration process should work (No reboot required).
There you go!!
Thank you, thank you, thank you.
ReplyDeleteThat error message has been doing my head in.
The fix sorted it. If only I had found this 4 hours ago ;-)
Hello Rick,
ReplyDeleteI am getting this error 3008 after supplying user credentials. I have checked for permissions and it already has, but i am unable to enter the registration process. can you pls help.