The purpose of this wiki is to share the knowledge gained while troubleshooting an issue that I recently worked concerning Forefront Identity Manager 2010 Certificate Management (FIM CM). The goal of this wiki is hopefully to provide knowledge to help others resovle this issue as well.
You are attempting to recover a certificate in the FIM CM 2010 portal, and receive the following error message in the GUI. Error Message: CCertRequest::GetCAPropertyFlags: The version of the OLE on the client and server machines does not match. 0x80010110.
"2012-07-12 19:33:57.15 -04" "Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration" "Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)" "" "DOMAIN1\FIMCMWebPool01" 0x00000D60 0x00000003 Mapping path: [error.aspx] "2012-07-12 19:33:57.15 -04" "Microsoft.Clm.Web.Authentication.CustomAuthenticationConfiguration" "Microsoft.Clm.Web.Authentication.FilteredApplication MapPathToApplication(System.String)" "" "DOMAIN1\FIMCMWebPool01" 0x00000D60 0x00000003 Path: [error.aspx] was not found in the configuration section.
Log Name: FIM Certificate Management Source: System.Web Date: 7/12/2012 7:33:57 PM Event ID: 0 Task Category: None Level: Error Keywords: Classic User: N/A Computer: <COMPUTER NAME> Description: The description for Event ID 0 from source System.Web cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Message:Exception of type 'System.Web.HttpUnhandledException' was thrown. Type:System.Web.HttpUnhandledException Source:System.Web Stack Trace: at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.content_sm_requests_subscriberrecoverexecute_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_chusznfi.4.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception:Message:Current user 'DOMAIN1\user1' is not authorized to self-service the DOMAIN1\user1 request. Type:System.UnauthorizedAccessException Source:Microsoft.Clm.BusinessLayer Stack Trace: at Microsoft.Clm.BusinessLayer.UserPrincipal.ThrowUnauthorizedForRequestException(Guid requestUuid) at Microsoft.Clm.BusinessLayer.UserPrincipal.IsAuthenticatedForRequestAndThrow(Guid requestUuid) at Microsoft.Clm.Web.BasePage.CheckAuthorizedForRequestAndThrow(Guid requestUuid) at Microsoft.Clm.Web.SubscriberRecoverExecute.get_RequestUuid() at Microsoft.Clm.Web.SubscriberRecoverExecute.Page_Load(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
The issue can be caused by a few different items: UID Authentication Delegation of WebPool and/or SQL Server Accounts SPNs on the accounts
The issue can be caused by a few different items:
Review the following Microsoft TechNet Article: Perform FIM CM Post-Installation Tasks: http://technet.microsoft.com/en-us/library/hh230239(WS.10).aspx