I got a call from a friend earlier the week about a issue he was having with the FIM portal. Any new users we was creating did not get portal access. They all got “Service not available”. In the Windows Event log an error was logged stating:
Requestor: Internal Service
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Exception of type ‘Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException’ was thrown.
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Enumerate(Message request)
He tried everything from recreation to full admin access and nothing worked. The fix is actually quite simple and is hidden in the error. The FIM portal relies on the objectSID of and AD user to authenticate into the portal and since he was not exporting the objectSid back to the FIM store once the user was created the portal could not ‘find’ the user. (Check the “GetCurrentUserFromSecurityIdentifier“ method being called in the error).
It turns out he was exporting the value but the portal had a higher precedence. A simple rule change and a sync fixed it up.