Table of Contents





OVERVIEW / PURPOSE / GOAL

The purpose of this wiki is to share the knowledge gained while troubleshooting an issue that I recently worked concerning Forefront Identity Manager 2010 Certificate Management (FIM CM).  The goal of this wiki is hopefully to provide knowledge to help others resovle this issue as well.

PROBLEM STATEMENT

You are attempting to recover a certificate in the FIM CM 2010 portal, and receive the following error message in the GUI.

Error Message:
CCertRequest::GetCAPropertyFlags: The version of the OLE on the client and server machines does not match. 0x80010110.

CERTIFICATE MANAGEMENT VERBOSE LOG INFORMATION

"2012-07-12 19:33:57.15 -04"       "Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration"                "Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)"              ""                "DOMAIN1\FIMCMWebPool01" 0x00000D60        0x00000003
Mapping path: [error.aspx]
"2012-07-12 19:33:57.15 -04"       "Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration"                "Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)"              ""                "DOMAIN1\FIMCMWebPool01" 0x00000D60        0x00000003
Path: [error.aspx] was not found in the configuration section.

CERTIFICATE MANAGEMENT EVENT LOG

Log Name:      FIM Certificate Management
Source:        System.Web
Date:          7/12/2012 7:33:57 PM
Event ID:      0
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <COMPUTER NAME>
Description:
The description for Event ID 0 from source System.Web cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Message:Exception of type 'System.Web.HttpUnhandledException' was thrown.
Type:System.Web.HttpUnhandledException
Source:System.Web
Stack Trace:   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.content_sm_requests_subscriberrecoverexecute_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_chusznfi.4.cs:line 0
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception:Message:Current user 'DOMAIN1\user1' is not authorized to self-service the DOMAIN1\user1 request.
Type:System.UnauthorizedAccessException
Source:Microsoft.Clm.BusinessLayer
Stack Trace:   at Microsoft.Clm.BusinessLayer.UserPrincipal.ThrowUnauthorizedForRequestException(Guid requestUuid)
   at Microsoft.Clm.BusinessLayer.UserPrincipal.IsAuthenticatedForRequestAndThrow(Guid requestUuid)
   at Microsoft.Clm.Web.BasePage.CheckAuthorizedForRequestAndThrow(Guid requestUuid)
   at Microsoft.Clm.Web.SubscriberRecoverExecute.get_RequestUuid()
   at Microsoft.Clm.Web.SubscriberRd44\95e9fa81\App_Web_chusznfi.4.cs:line 0
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception:Message:Current user 'DOMAIN1\user1' is not authorized to self-service the DOMAIN1\user1 request.
Type:System.UnauthorizedAccessException
Source:Microsoft.Clm.BusinessLayer
Stack Trace:   at Microsoft.Clm.BusinessLayer.UserPrincipal.ThrowUnauthorizedForRequestException(Guid requestUuid)
   at Microsoft.Clm.BusinessLayer.UserPrincipal.IsAuthenticatedForRequestecoverExecute.Page_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

CAUSE

The issue can be caused by a few different items:

  1. UID Authentication
  2. Delegation of WebPool and/or SQL Server Accounts
  3. SPNs on the accounts

RESOLUTION

Review the following Microsoft TechNet Article:
Perform FIM CM Post-Installation Tasks: http://technet.microsoft.com/en-us/library/hh230239(WS.10).aspx

ADDTIONAL INFORMATION

FIM LANDING PAGE: Resource Wiki Page Index