Share via

Support-Info: (SSPR) : Troubleshooting SSPR 3001 and 3008

PRODUCTS INVOLVED / SOLUTIONS INVOLVED

  • Forefront Identity Manager 2010 R2 SP1
  • Microsoft Identity Manager 2016 SP1
    • Self Service Password Reset / Registration Portals

PROBLEM SCENARIO DESCRIPTION

Attempting Self-Service Password Reset Registration, a communication error was receiving that was generating the Exception 3008.  Once that exception was resolved, the exception 3001 appeared.

CAUSE

Cause - Exception 3008

IIS Authentication Settings

Logged in user was not a user in the MIM Service Database

  • Ensure that the user is in the MIM Service Database (can search in the MIM Portal for Users to verify) and ensure this user account has the correct values for ___domain, accountName, and objectSID

Cause - Exception 3001

Management Policy Rule Configuration

  • In this instance, there were Custom Management Policy Rules and Workflows that were created for Self-Service Password Reset and Registration

RESOLUTION - PASSWORD REGISTRATION (3008)

  1. Adjusted the authentication settings for the SSPR Registration site so that only the Windows Authentication was enabled
    1. Troubleshooting FIM: SSPR Error 3000 - IIS Authentication Settings - https://social.technet.microsoft.com/wiki/contents/articles/15429.troubleshooting-fim-sspr-error-3000-iis-authentication-settings.aspx
  2. From an Administrative Command Prompt, execute an IISRESET
  3. Received an exception - an IdentityNotFound Exception
  4. Found that the user we were logged in with was not a user in the MIM Service database
  5. Found a user account that was in the MIM Service and were able to successfully register for password reset

RESOLUTION - PASSWORD RESET (3001)

  1. Enabled all of the custom SSPR Configuration, and tested with success Password Reset and Registration

ADDITIONAL INFORMATION