Unable to check CA in Edit Profile template
Something is wrong with the SQL connection between the CA Exit Module and the SQL Server.
Try to check the password if using SQL Auth. Try to check kerberos' spn elsewise.
Check log: Application and Services Logs > FIM Certificate Management
Restart AD CS, and check 10 seconds later if any warning is raised inside that log.
Value cannot be null. Parameter name byte
If you installed manually certificates in agents store, you have to fill certificate hashes in web.config. Please see Installation > Edit the web.config
Open the web.config file of certificatemanagement.
Search for "Hash", and check that the hash is the one of the fim cm agent certificate.
Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Automation server can't create object
If you are on a x64 system, please install FIM CM x64 and user Internet explorer 64 bits.
FIM CM: while reading the smart card
Client encountered an unexpected error while trying to communicate with the server.
Error number: -2146828218
Error description: Permission denied
If using v3 certificate templates for the agents (windows 2008) instead of v2 (win. 2003)
Then the following errors will appear.
Currently, FIM 2010 RC1 CM only does support v2 templates.
Not sure if for RTM any improvments will be made.
Please note that this event is related to the following ones:
Windows Logs > Security > Failed login - Key Migration failed
Event ID 5059. Key operation migration failed
clmAgent ; User key ; RSA ; import of persistent cryptographic key 0x80090029 The requested operation is not supported;----------------------------------
Key migration operation.
...
Cryptographic Parameters:Provider Name: Microsoft Software Key Storage ProviderAlgorithm Name: RSA
...Additional Information:Operation: Import of persistent cryptographic key.Return Code: 0x80090029
----------------------------------
Consequences:
- When performing an enroll request on behalf of another user: Data at the root level is invalid. Line 1, position 1
- When executing a software certificate enroll: Invalid provider type specified.
Check http://www.apollojack.com/2009/06/invalid-provider-type-specified.html
No comments:
Post a Comment