Troubleshooting the FIM 2010 R2 Password Registration and Reset Portals

While developing multi-language SSPR, i.e. different sets of users configured to invoke a different AuthN WF with a different QA Gate configuration based on a “primary language” or “preferred language”, I managed to revoke the ability for my non-administrative lab users to register for SSPR.  Troubleshooting was actually quite easy once I’d found a couple of web.config settings from various bits of information (mainly posted by Anthony Ho).  The purpose of this post is to attempt to define that simple technique.

The R2 password portals are ASP.NET web applications, which means they’re driven by a web.config file.  They log information to the Forefront Identity Manager event log.  You can trivially turn verbose logging on and off as well as verbose errors (displayed by the portal) via the web.config.

What’s cool about editing the web.config is that the changes are immediate, i.e. no need for a recycle of the application pool or web application.

Configuration file locations

Password Registration Portal configuration file location

By default the location of the password registration portal web.config is:

C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal\web.config

Password Reset Portal configuration file location

By default the location of the password reset portal web.config is:

C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Portal\web.config

Configuring verbose/detailed tracing

To configure verbose or detailed tracing to the FIM event log change the switchValue property of the source element with the name of either Microsoft.CredentialManagement.RegistrationPortal or Microsoft.CredentialManagement.ResetPortal from Error to Verbose.  You’ll find the SOURCE element under system.diagnostics\sources.

For the registration portal:

Change:

<source name=”Microsoft.CredentialManagement.RegistrationPortal” switchValue=”Error”>

To:

<source name=”Microsoft.CredentialManagement.RegistrationPortal” switchValue=”Verbose”>

For the reset portal:

Change:

<source name=”Microsoft.CredentialManagement.ResetPortal” switchValue=”Error”>

To:

<source name=”Microsoft.CredentialManagement.ResetPortal” switchValue=”Verbose”>

Configuring troubleshooting information on the error page

To have the error displayed by the Portal give you a stack trace instead of the generic custom error change:

<add key=”ShowTroubleshootingInfoOnErrorPage” value=”false” />

To:

<add key=”ShowTroubleshootingInfoOnErrorPage” value=”true” />

You’ll find that element under configuration\portalSettings\settings.

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in FIM, FIM 2010 R2, Self Service Password Reset, Troubleshooting and tagged , , , , , , , , , , . Bookmark the permalink.

3 Responses to Troubleshooting the FIM 2010 R2 Password Registration and Reset Portals

  1. Steve Kradel says:

    Re. “editing the web.config is that the changes are immediate, i.e. no need for a recycle of the application pool or web application.” — editing the file does cause the web application to unload and recycle automatically, which could interrupt service to users. For this reason I usually try to keep settings that might need to be changed on a running system in a database or file other than Web.config which can then be monitored.

  2. Pingback: (2013-11-01) Advanced Logging, Event Tracing Or Troubleshooting Within FIM Components « Jorge's Quest For Knowledge!

  3. Pingback: [Troubleshooting] SSPR Error 3000 Troubleshooter - Solve your Identity crisis without therapy - Site Home - MSDN Blogs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s