AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

Browse by Tags

Related Posts
  • Blog Post: Troubleshooting CLM: The directory property cannot be found in the cache

    After installing CLM 2007 in your domain, you may see the following error within the CLM enrollment web pages: The directory property cannot be found in the cache. If CLM debug logging is enabled through web.config you see the following in the CLM trace log file: CLM log Exception Information...
  • Blog Post: How to get email notifications about expiring certificates from FIM CM 2010

    Just stumbled over this great article on how to do this over on the Technet Wiki at http://social.technet.microsoft.com/wiki/contents/articles/9353.using-the-fim-cm-2010-notification-api.aspx. Using this example you can have email notifications sent to a mailbox or distribution list to warn about...
  • Blog Post: Getting FIM CM to inventory all certificate requests made outside of the FIM CM Portal

    There's a neat policy module plug-in called "Support for non-FIM CM certificate requests" that's available in the latest version of FIM CM 2010 R2 SP1: After adding this plugin as a custom policy module on the CA you need to do the following: put in the SQL connection string (should already...
  • Blog Post: How to install CLM 2007 on Windows Server 2008

    1) Get the updated CLM installation files (See issue 5 in KB946797 ) - The specific CLM FP1 build number which includes W2k8 support for CLM 2007 is 3.3.1087.2 which is currently (03/03/2009) only available through Microsoft Support. 2) Configure IIS on the CLM web server to have Windows Authentication...
  • Blog Post: Debug shortcuts for FIM/ILM/CLM

    When getting an error back from one of the CLM policy modules that are loaded by the CA (" denied by policy module ") it may be useful to enable CLM Policy module debug logging as well as CA server debug logging. You can manually edit the registry settings using the details on Technet but it's a bit...
  • Blog Post: The 4 basic principles of PKI Troubleshooting

    First of all; PKI is easy once you understand the basic principles. Don't give up :) When troubleshooting PKI, the key point to understand what operation each of the parties involved does in order to determine where the point of failure is. Most PKI cases I've handled over the years boil down to...
  • Blog Post: How FIM2010 CM & CLM 2007 search for users

    User with FIM2010/CLM/ILM management permissions logs on to the CM website, accesses one of the search pages and clicks Search The CLM Auth Agent service account makes an LDAP query to a DC and retrieves the names of all users matching the search criteria The FIM code steps through the list that...
  • Blog Post: OS Security settings that affect CLM

    This is a collection of non-CLM specific permissions and user rights which affect the operation of CLM 2007 and FIM2010 (CM part). These are commonly seen in scenarios where security hardening has been performed on the DC's or the member servers or if specific users have been placed in 'protected' OU...
  • Blog Post: Bad Data error message in FIM CM web portal

    A customer with a FIM CM installation called in with the following problem description: We have an issue with our FIM CM portal where some smartcards are failing unblock or retire operations. Some cards are working fine but others give a "Bad Data" error message when a management operation is attempted...