I recently received an error message while deploying the FIM 2010 R2 Password Registration website that I could not get much information on so I thought I’d drop a note regarding the resolution.
After installing the FIM 2010 R2 Password Reset and Registration website the Reset website work perfectly while the Registration website kept prompting from authetication. In order to resolve this we check browser security settings as well as SPN’s. The authetication issue was resolved through changing the deployed service account of the FIM 2010 R2 Password website application pools. Following this the website loaded but when a user clicked “Next” in order to detect the locally logged on user the following error was displayed.
Ensure you enter your user name correctly.If you still cannot reset your password, please contact your helpdesk for assistance. (Error 3001)
Searching around there was not much info about it, but after quite a bit of messing around the error was again down to SPN’s. The correct SPN is listed in the “Before you begin” guide for FIM 2010 R2 under the “To establish the SPNs for the FIM Service service and FIM Password Portals” and relates to the SPN for the FIM password portal computer account. See the instruction below:
Repeat the above step for each of the FIM Password portals, using setspn.exe –S HTTP/<ssprPortalHostHeaderName> <domain>\<ssprPortalMachineAccount$>, where <ssprPortalHostHeaderName> is the binding information for the FIM Password portal Host Name that was entered during setup. This is the name that will be used by clients to contact the portals.
Following the verification of this SPN the authetication and the user detection functioned perfectly.