Home > FIM 2010, FIM 2010 CM > FIM 2010 CM: Management Agent Configuration

FIM 2010 CM: Management Agent Configuration

July 23rd, 2010 Almero

FIM_logo_small_tr If you are in the process of setting up FIM 2010 Certificate Manager or CLM 2007 there is two very important tasks that need to be completed in order to get imports from your Certificate Management MA to work.

  1. Ensure the username and password in the management agent is properly formatted. It should be specified as DOMAIN\User.
  2. The ConnectTo variable should be set to the URL of the CM portal. (http://server/certificatemanagement)
  3. Ensure that the account used within the CM Management Agent has access to all the profile templates within the organization. These can be checked under the “Active Directory Sites and Services – Services – Public Key Services – Profile Templates” If you cannot see the Services node be sure to select “Show Services Node” under the View options.
  4. Verify that you have configured the CM web.config to allow the CM Management to access the service. In order to do this, add the statement below to the CM web.config.
  5. Choose the correct authetication method under the management agent additional properties. (Set ‘authType’ to either ‘Negotiate’ or NTLM’)


<wellknown mode="Singleton" type="ExtensibleWfMA.ClmMaProxy, Microsoft.Clm.ClmMaProxy" objectUri="clmManagementAgent.rem"/>

If you run into any of the following error messages be sure to check the list above since it will most likely sort you out.

If you did not configure your web.config correctly you will get the error shown below. (See http://support.microsoft.com/kb/955581)

There was an error in beginImportCode_ExecuteCode.Type: System.Runtime.Serialization.SerializationException

Message: The input stream is not a valid binary format. The starting contents (in bytes) are: 53-79-73-74-65-6D-2E-52-75-6E-74-69-6D-65-2E-52-65 …

Stack Trace:
Server stack trace:
   at System.Runtime.Serialization.Formatters.Binary.SerializationHeaderRecord.Read(__BinaryParser input)
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadSerializationHeaderRecord()
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at ExtensibleWfMA.ClmMaProxy.connectionTest()
   at ExtensibleWfMA.ImportWF.beginImportCode_ExecuteCode(Object sender, EventArgs e)

 

If you have an incompatible authentication type or a profile template that you do not have access to read you will be the error listed below.

"Microsoft.MetadirectoryServices.ExtensibleExtensionException: The remote server returned an error: (401) Unauthorized.
   at ExtensibleWfMA.ImportWF.beginImportCode_ExecuteCode(Object sender, EventArgs e)
   at ExtensibleWfMA.MACallExport.GenerateImportFile(String filename, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fullImport, TypeDescriptionCollection types, String& customData)
Forefront Identity Manager 4.0.3531.2"

 

If you have specified your username and password without the NetBIOS prefix you will get the error listed below.

"Microsoft.MetadirectoryServices.ExtensibleExtensionException: Index was outside the bounds of the array.
   at ExtensibleWfMA.ClmMaHelper.ConfigureRemoteObjectForAuthentication(ClmMaProxy clmMaProxy, String user, String password, String authenticationType)
   at ExtensibleWfMA.ImportWF.beginImportCode_ExecuteCode(Object sender, EventArgs e)
   at ExtensibleWfMA.MACallExport.GenerateImportFile(String filename, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fullImport, TypeDescriptionCollection types, String& customData)
Forefront Identity Manager 4.0.3531.2"

Categories: FIM 2010, FIM 2010 CM Tags: ,
Comments are closed.