Microsoft Test Lab Guides

The ongoing saga of Microsoft Test Lab Guides (TLGs) and the writers who love them...

Test Lab Guide: Forefront Identity Manager 2010

Test Lab Guide: Forefront Identity Manager 2010

  • Comments 3
  • Likes

The Test Lab Guide: Forefront Identity Manager 2010 ( is now available. This modular Test Lab Guide (TLG) contains an introduction to Forefront Identity Manager (FIM) 2010 and step-by-step instructions for extending the Base Configuration test lab to include FIM 2010.


A huge thanks to Technical Writer Bill Mathers on the Active Directory Domain Services (AD DS) writing team for putting this together. Bill is on a serious roll with three TLGs. Sweet!


Go forth, my friends, and manage identities in a test lab!



Joe Davies
Principal Writer
Windows Server Information Experience

For information about other modular TLGs, see Test Lab Guides in the TechNet Wiki.

  • Can't get it to work.  Get to step 6: Configuring IIS to Use CORP\SPService for Kerberos Delegation

    It says to edit C:\Windows\System32\inetsrv\config\ApplicationHost.config

    but upon making the change and resetting IIS (iisreset), I get error:


    Attempting stop...

    Internet services successfully stopped

    Attempting start...

    Restart attempt failed.

    The IIS Admin Service or the World Wide Web Publishing Service, or a service dep

    endent on them failed to start.  The service, or dependent services, may had an

    error during its startup or may be disabled.


    changing ApplicationHost.config back to the original solves, but then further on in step 8: "Implementing Secure Sockets Layer (SSL) for the FIM Portal"

    I can't expand the FIM1 web, get error:

    There was an error when trying to connect.  Do you want to retype your credentials and try again?




    Error: The configuration section 'moduleProviders' cannot be read because it is missing a section declaration.

    Can't you provide the correct text configuration files for download instead of us manually editing?  We should all have the same config files, so it would lead to a more robust TLG.

  • Okay,  be aware that in the ApplicationHost.config file there are several places where the term WindowsAuthentication exist.  Searching the ApplicationHost.config file, based on the TLG environment setup for FIM, for the word WindowsAuthentication will yield 14 hits.

    We are only changing 6 of these by appending useKernelMode="true" useAppPoolCredentials="true" to the end.  We are adding this to the lines that say WindowsAuthentication enabled="true"

    If you change any of the other lines that look like this:


    NOTICE:  There is no enabled="true"

    And then you attempt an iisreset you will get the error you described.  

    Be sure to search for WindowsAuthentication enabled="true" and only make the changes to these lines.

    Now if these changes are not made to the config file I would expect it to fail later on in step 8.

  • Hi Bill,

    Thanks for the info!


Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment