Identity Manager Troubleshooting: Notification Workflows that send email from the FIM Service Account are not working

  • Article

Applies to

  • FIM 2010

Problem Statement

You recently moved your Microsoft Exchange Environment from on-premise to the cloud.  You then notice that Notification Workflows that send email from the FIM Service Account have stopped working.

Work-Around

We currently have developed a work-around for the issue.  You can utilize a SMTP Service local to the FIM Service box to send mail with the FIM Service Account.

 Install the SMTP Server feature along with any required roles. 

Note

Utilize Server Manager to accomplish this task.

 Edit the Microsoft.ResourceManagement.Service.exe XML configuration file. 

 

Note

File is found in %programfiles%\Microsoft Forefront Identity Manager\2010\Service folder on the machine running the FIM Service.

See image below.

3.      Configure SMTP relay in the IIS 6.0 manager to "All except the list below" and ensure the checkbox for "Allow all computers which successfully authenticate to relay, regardless of the list above" is checked.

a.      Under Administrative Tools select Internet Information Services (IIS) 6.0 Manager

b.      View the Properties of the SMTP Virtual Server and select the Access Tab

c.       Review the Relay Restrictions

                                                     i.     Place dot beside “All except the list below

                                                   ii.     Ensure the check is beside “Allow all computers which successfully authenticate to relay, regardless of the list above.

d.      Click Ok, and Ok to get back to IIS 6.0 Manager

4.      Restart the FIM Service

Testing the Solution

You can easily test with the following from an Administrative Command Prompt.  The image below shows the results after “TELNET LOCALHOST 25

1.      Open an Administrative Command-Prompt

2.      Type telnet localhost 25

3.      Press the ENTER key

4.      Review results

telnet localhost 25

RSET

EHLO

MAIL FROM:FIMSERVICE@contoso.com

RCPT TO:user@contoso.com

DATA

hello this is a test

Here SERVERNAME is the netbios name of the FIM Server FIMSERVICE is the name of the FIM Service Account, and user@contoso.com is the test user to whom we are sending the test email. 

 

Note

Make sure the above commands are typed correctly. Any typos will cause it to fail. 

 

CAVEAT

Implementing this workaround will allow notifications to be sent successfully from the FIM Service account, but breaks all functionality of outlook client plugins for approvals and group membership.