You are a FIM CM Administrator working inside of Forefront Identity Manager 2010 – Certificate Management. You navigate to "Manage profile templates" on the main menu. You attempt one of the following actions on the "FIM CM Sample Smart Card Logon Profile Template":
To troubleshoot the issue, we reviewed the FIM Certificate Management Event Log, as well as enabled FIM CM Tracing.
Log Name: FIM Certificate Management
Source: System.Web
Date: 8/29/2011 7:44:18 AM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
Message:Exception of type 'System.Web.HttpUnhandledException' was thrown.
Type:System.Web.HttpUnhandledException
Source:System.Web
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.content_idn_profiles_profiledetails_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_mgtpi_xa.4.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception:Message:Object reference not set to an instance of an object.
Type:System.NullReferenceException
Source:Microsoft.Clm.BusinessLayer
Stack Trace: at Microsoft.Clm.BusinessLayer.Templates.LoadTemplate(String oidOrName)
at Microsoft.Clm.Web.ProfileDetails.LoadCertificateTemplatesIntoInterface()
at Microsoft.Clm.Web.ProfileDetails.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
In reviewing the trace log, we searched for the keyword "exception" and we found the following:
CLM TRACE FILE
Translating user name <DOMAIN>\<USER> from Unknown to Guid
"2011-08-11 09:30:27.32 -04" "Microsoft.Clm.BusinessLayer.UserProfiles" "System.Guid CopyProfileTemplate(Microsoft.Clm.Common.AD.UserProfile, System.String, System.String)" "<DOMAIN>\<USER>" "<DOMAIN>\FIMCMAuthAgent" 0x00000ACC 0x00000007
General Information
*********************************************
Additional Info:
Error copying profile template with uuid: to Copy Of FIM CM Sample Smart Card Logon Profile Template
1) Exception Information
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2147016426
Message: Name translation: Could not find the name or insufficient right to see name. (Exception from HRESULT: 0x80072116)
Data: System.Collections.ListDictionaryInternal
TargetSite: Void Set(Int32, System.String)
HelpLink: NULL
Source: Microsoft.Clm.Interop.activeds
StackTrace Information
at Microsoft.Clm.Interop.activeds.NameTranslateClass.Set(Int32 lnSetType, String bstrADsPath)
at Microsoft.Clm.DS.NameTranslator.Translate(String name, NameType from, NameType to)
at Microsoft.Clm.DS.NameTranslator.ConvertToGuid(String name)
at Microsoft.Clm.BusinessLayer.Users.ConvertNameToGuid(String name)
at Microsoft.Clm.BusinessLayer.Security.get_CurrentUserUuid()
at Microsoft.Clm.BusinessLayer.UserProfiles.WriteProfileTemplateHistory(UserProfile profileTemplateOld, UserProfile profileTemplateToSave, ProfileTemplateHistoryActionType actionType)
We can see in the event log, that we are experiencing problems loading the template. "Microsoft.Clm.BusinessLayer.Templates.LoadTemplate(String oidOrName)"
In the FIM CM Trace, we can see that we are failing on Name Translation because of sufficient permissions.
We were able to resolve the issue by reviewing the permission on the Smart Card Logon Template. There we noticed that Authenticated Users was not listed. We added Authenticated Users and gave it Read access. Logged Off and back on, and we were now able to work with the certificate.
Fernando Lugão Veltem edited Revision 1. Comment: added toc