Support-Info: (SSPR) : Troubleshooting SSPR 3001 and 3008

PRODUCTS INVOLVED / SOLUTIONS INVOLVED

  • Forefront Identity Manager 2010 R2 SP1
  • Microsoft Identity Manager 2016 SP1
    • Self Service Password Reset / Registration Portals

PROBLEM SCENARIO DESCRIPTION

Attempting Self-Service Password Reset Registration, a communication error was receiving that was generating the Exception 3008.  Once that exception was resolved, the exception 3001 appeared.

CAUSE

Cause - Exception 3008

IIS Authentication Settings

Logged in user was not a user in the MIM Service Database

  • Ensure that the user is in the MIM Service Database (can search in the MIM Portal for Users to verify) and ensure this user account has the correct values for domain, accountName, and objectSID

Cause - Exception 3001

Management Policy Rule Configuration

  • In this instance, there were Custom Management Policy Rules and Workflows that were created for Self-Service Password Reset and Registration

RESOLUTION - PASSWORD REGISTRATION (3008)

  1. Adjusted the authentication settings for the SSPR Registration site so that only the Windows Authentication was enabled
    1. Troubleshooting FIM: SSPR Error 3000 - IIS Authentication Settings - https://social.technet.microsoft.com/wiki/contents/articles/15429.troubleshooting-fim-sspr-error-3000-iis-authentication-settings.aspx
  2. From an Administrative Command Prompt, execute an IISRESET
  3. Received an exception - an IdentityNotFound Exception
  4. Found that the user we were logged in with was not a user in the MIM Service database
  5. Found a user account that was in the MIM Service and were able to successfully register for password reset

RESOLUTION - PASSWORD RESET (3001)

  1. Enabled all of the custom SSPR Configuration, and tested with success Password Reset and Registration

ADDITIONAL INFORMATION