Thursday, December 17, 2009

FIM 2010 RC1 Self Service Password Reset Registration Error

In my last post, I discussed an issue with creating the FIM Service MA when you are building an all-in-one demo environment.  This is another one of those issues.   My single VM is a Server 2008 machine, so in addition to FIM 2010 RC1, it has AD DS, Exchange 2007, SQL 2008, SharePoint Services, and Visual Studio 2008.

If you are unaware, Exchange 2007 creates a self-signed computer certificate during install and uses that for securing its connections by default.  In my case, Exchange 2007 was installed prior to FIM so the certificate was there when I installed FIM.  During the FIM install, it recognizes the certificate’s presence and uses it for the Security Token Service (though that’s not very clear).

The issue I ran into was during registration for Self Service Password Reset.  The user was prompted to register, confirmed their identity by re-entering their password, and answered the gate questions.  Immediately up submitting the answers, I received the following error:

An error was encountered. Please call helpdesk or your system administrator for further assistance.

After some digging on forums I discovered this post regarding the certificate.  After copying the self-signed certificate to the “Trusted People” store, I was able to successfully register for SSPR.