I was getting this error (remote procedure call failed 0x800706BE) when doing a sync on any of the management agents except the FIM MA.
I have custom rules extensions for all of my management agents except FIM MA and they all rely on one Utils.dll I wrote.
It turns out there was an error in one of the methods in the Utils.dll and, because I had turned off my debugging feature, I wasn’t getting any other information about the error. Reverting to an older version of the dll fixed the problem.
I was running into an issue where I had set a host header for a SharePoint site, but was unable to authenticate. I’d get prompted for credentials three times and then receive a 401 error. (The site worked with the computername and ip address.)
This registry change for BackConnectionHostNames fixed the issue for me: http://support.microsoft.com/kb/896861
I need to read up a bit more on what that is actually doing to be sure it’s OK for our needs though.
In a lab environment, I wasn’t able to access the password registration portal from any server other than the FIM portal server. Turns out, I’d missed setting the SPN for the HTTP/Password Registration and Reset portals.
While installing reporting for FIM, I left the management packs deploying overnight. To my surprise, they weren’t finished this morning. (I know it takes a while, but not THAT long.)
Checking the Event Viewer “Operations Manager” log on the data warehouse server revealed that there was a problem starting the Health Service.
Starting the System Center Management service (which was, indeed, in a stopped state) seems to have cleared up the issue.
Microsoft Support had me set FIM into single request mode to get around an issue in the Beta version of R2. I had to ask for instructions, so thought I’d post them here for future reference:
“There is configuration file for sync service:
C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe.config
You will have to change default value for “aggregate” attribute of “resourceSynchronizationClient” section to “false”.
Basically, if you haven’t modified this file before and everything is default, then your “resourceSynchronizationClient” node will change from this:
After you make this change you will have to close “Synchronization Service Manager” and restart the “Forefront Identity Manager Synchronization Service”. Once it is done you’re switched to single request mode for synchronization.”
When I tried to access the password registration site from the FIM portal home page, I received this error:
“Password reset registration cannot be completed because configuration data are missing from this computer.”
There was nothing in the Event Viewer.
Not sure if this is the correct approach, but I went to “Home Page Resources” under the “Administration” menu and selected “Register for password reset”. I changed the Navigation Url in the Behavior tab to:
That seemed to work.
So, I could login to my new SharePoint site with the Administrator account when I was logged into the server, but not when logged into another machine.
I was able to pull up Central Administration from the other machine.
After much puzzling, it looks like the SharePoint service account for my site isn’t correctly configured. When I switched the service account to the same one Central Administration is using, I could log in just fine.
Turns out the service account hadn’t had the SPNs set:
setspn -s HTTP/FIMServerName domain\SPService
setspn -s HTTP/FIMServerName.domain.com domain\SPService
setspn -s FIMService/FIMServerName domain\FIMService
setspn -s FIMService/FIMServerName.domain.com domain\FIMService