PROBLEM STATEMENT
You are a FIM CM Administrator working inside of Forefront Identity Manager 2010 – Certificate Management. You navigate to "Manage profile templates" on the main menu. You attempt one of the following actions on the "FIM CM Sample Smart Card Logon Profile Template":
You receive the error message "Object reference not set to an instance of an object". TROUBLESHOOTING
To troubleshoot the issue, we reviewed the FIM Certificate Management Event Log, as well as enabled FIM CM Tracing.
FIM CERTIFICATE MANAGEMENT EVENT LOG
Log Name: FIM Certificate Management
Source: System.Web
Date: 8/29/2011 7:44:18 AM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
Message:Exception of type 'System.Web.HttpUnhandledException' was thrown.
Type:System.Web.HttpUnhandledException
Source:System.Web
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.content_idn_profiles_profiledetails_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\certificatemanagement\a8741d44\95e9fa81\App_Web_mgtpi_xa.4.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception:Message:Object reference not set to an instance of an object.
Type:System.NullReferenceException
Source:Microsoft.Clm.BusinessLayer
Stack Trace: at Microsoft.Clm.BusinessLayer.Templates.LoadTemplate(String oidOrName)
at Microsoft.Clm.Web.ProfileDetails.LoadCertificateTemplatesIntoInterface()
at Microsoft.Clm.Web.ProfileDetails.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
CERTIFICATE MANAGER TRACE LOG
In reviewing the trace log, we searched for the keyword "exception" and we found the following:
CLM TRACE FILE
Translating user name <DOMAIN>\<USER> from Unknown to Guid
"2011-08-11 09:30:27.32 -04" "Microsoft.Clm.BusinessLayer.UserProfiles" "System.Guid CopyProfileTemplate(Microsoft.Clm.Common.AD.UserProfile, System.String, System.String)" "<DOMAIN>\<USER>" "<DOMAIN>\FIMCMAuthAgent" 0x00000ACC 0x00000007
General Information
*********************************************
Additional Info:
Error copying profile template with uuid: to Copy Of FIM CM Sample Smart Card Logon Profile Template
1) Exception Information
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2147016426
Message: Name translation: Could not find the name or insufficient right to see name. (Exception from HRESULT: 0x80072116)
Data: System.Collections.ListDictionaryInternal
TargetSite: Void Set(Int32, System.String)
HelpLink: NULL
Source: Microsoft.Clm.Interop.activeds
StackTrace Information
at Microsoft.Clm.Interop.activeds.NameTranslateClass.Set(Int32 lnSetType, String bstrADsPath)
at Microsoft.Clm.DS.NameTranslator.Translate(String name, NameType from, NameType to)
at Microsoft.Clm.DS.NameTranslator.ConvertToGuid(String name)
at Microsoft.Clm.BusinessLayer.Users.ConvertNameToGuid(String name)
at Microsoft.Clm.BusinessLayer.Security.get_CurrentUserUuid()
at Microsoft.Clm.BusinessLayer.UserProfiles.WriteProfileTemplateHistory(UserProfile profileTemplateOld, UserProfile profileTemplateToSave, ProfileTemplateHistoryActionType actionType)
RESOLUTION
We can see in the event log, that we are experiencing problems loading the template. "Microsoft.Clm.BusinessLayer.Templates.LoadTemplate(String oidOrName)"
In the FIM CM Trace, we can see that we are failing on Name Translation because of sufficient permissions.
We were able to resolve the issue by reviewing the permission on the Smart Card Logon Template. There we noticed that Authenticated Users was not listed. We added Authenticated Users and gave it Read access. Logged Off and back on, and we were now able to work with the certificate.