Month: March 2014

Note-to-self: #FIM2010 Language packs downloads (RTM/R2/R2 SP1)

Microsoft® Forefront® Identity Manager 2010 R2 SP1 Language Packs

Note: These language packs are only for use with FIM 2010 R2 SP1.

The respective FIM 2010 R2 SP1 client or server components must first be installed before installing their language packs. >
See the FIM 2010 TechNet library* for specific requirements of those components.


For the FIM 2010 R2 language packs, see the download at


For the FIM 2010 language packs, see the download at


*As a refresher: Hardware and Software Requirements,

@pdtit & @microspecialist invite you to the Good Bye Win XP event.


Soon Microsoft Windows XP and Microsoft Windows Server 2003 come to an official end. Many companies worldwide are still relying heavily on these two Operating Systems and need to change as soon as possible.

The event we organize aims at helping end-users in migrating / switching from XP and 2003 to Windows 8.1 and Windows Server 2012 R2. Not from a marketing perspective, but showing with real-life examples and scenarios how to achieve this in your own organization.

Register at:!register/c24vq

Note-to-self: Packt Publishing has launched a new campaign for the 2000th Title

This time of the year Packt Publishing has launched a ‘Buy One Get One Free’ offer across all eBooks for a limited period only.

This sale covers all 2000 eBook and Video in the range and customers can grab as many as they like until the end of this campaign.

Check out #Packt’s amazing Buy One, Get One Free offer .


Microsoft announced additional connectors for FIM 2010 R2 (#FIM2010)

Source: Forefront Identity Manager 2010 group at

The FIM team has announced the availability of some additional Connectors for FIM2010R2.

General Availability of PowerShell Connector

The PowerShell Connector can be used to communicate with a system through PowerShell scripts. This allows an easy and flexible way to communicate with other systems but also to pre-/post-process data and files before handed over to the FIM Synchronization Service. We believe the community will help providing scripts for this Connector for various systems and will open a place where scripts can be published for reuse.

TechNet docs:

Release Candidate of Generic SQL Connector

The Generic SQL Connector will allow you to connect to any database where you have an ODBC driver available. It enables new features compared to the built-in MA such as support for Stored Procedures, running SQL scripts, built-in delta import support, import multiple object types, connect to multiple tables, and much more. This Connector is built on ECMA2.3 which allows schema discoverability to be customized in the Sync Engine UI. A pre-release of the next Sync Engine hotfix is included with the Connector download and is required for the Connector to work.


Release Candidate of SAP Users and Roles/Groups

The updated SAP templates for Users and Roles/Groups allows you to manage Users, Roles, and Groups in SAP. This also include password sync for Users to SAP. The Connector will make sure roles are represented as groups to make it possible to manage these with bhold. This template will require the previously published WebService Connector:


Participation on Connect

If you have participated in any other Connector preview program you will have access to the Release Candidate downloads. If you have not participated before then to get access to the preview programs on Connect either join the program “Identity and Access Management”, “FIM Synchronization Service Connectors Pre-release” on or follow this link

Generic LDAP Connector (build 4.3.1082.0)

We have also published an update to the Generic LDAP Connector adding support for some additional LDAP directories, see If you have additional LDAP directories you think we should support, please feel free to contact provide feedback on the Connect Site or via the FIM 2010 forum on technet.

Note-to-self: Find articles you published on Technet Wiki + RSS feed (#TNWIKI, repost)

It can be pretty useful to get an overview of the articles you published on  Technet Wiki.

First and best option is to search the TN Wiki for articles you created.

Go to the TNWiki site, and search for: site: “First published by <your user name>”
Then you’ll see a RSS link, that you can use to read the RSS feed.

For example: Search Technet Wiki with my name (only the originally authored articles)

The RSS feed for this search is then:

The advantage of this search is, that it still works even if you changed your  profile or user name.

Another option: tag your articles with a specific tag and use the feed. Disadvantage of this method is you might not find all your articles in case you did not tag all articles.
To get the list of articles, use the tag search like<yourtag>/default.aspx

The related RSS feed is :<yourtag>&refinement=90

For example, searching with my tag: pgtag

Another option is direct search your favorite search engine like Bing for it, searching the source site (TNWIKI) and your name. Let me provide you with some examples, which you can customize very  easily to fullfil your needs.

Using Bing, search for : site: “First published by Peter Geelen”


This search is available as RSS Feed like (notice the format:rss tag in the URL):

#FIM 2010 Quicktip: Troubleshooting the FIM 2010 portal loading a blank page

Working on a case where a FIM configuration has moved from development to production.
The customer’s production environment is a highly secured environment with a server security lockdown. The customer is using a custom tool for server profiling and local security lockdown.

After installing and configuring FIM, the FIM portal was loading blank.


The Application Pool account had changed. When adding the Application pool account to the local administrators group, the portal loaded again…

So we needed to investigate what was going wrong.

Some references we got from our Sharepoint colleagues…

Plan for administrative and service accounts (Office SharePoint Server)

How to change service accounts and service account passwords in SharePoint Server 2007 and Windows SharePoint Services 3.0

They also advised to run a security reset on the SharePoint portal, see: Command-line reference for the SharePoint Products and Technologies Configuration Wizard (Office SharePoint Server)

secureresources Performs SharePoint Products and Technologies resource security enforcement on the server. For example, security is enforced on files, folders, and registry keys.


psconfig.exe -cmd secureresources

Although very useful to reset the security, it didn’t change the behaviour on the portal (still loading blank page).

Using procmon (, we found out that we had quite some errors.
Just a hint: exclude ‘success’ messages and filter on the targeted application pool account.

We first checked the default WSS group memberships for the AppPoolAccount.

For reference:


Just to double check, during troubleshooting we removed the WSS_WPG group from the FIM Portal application pool (default Sharepoint Application pool).

This is the result:

HTTP Error 500.19 – Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.


So that made the situation even worse.

Back to the procmon results, as procmon threw errors on the impersonation of the application pool account we checked the local security policy. And the AppPool account appeared to be removed from the setting or was not member of the groups referenced in the setting.


Do not make the Application pool account member of the local admins.

Make sure the Application Pool account has the “Impersonate a client after authentication” right in the local Security Policy.



Need more information? Check these articles …

Account permissions and security settings in SharePoint 2013

Plan for administrative and service accounts (Office SharePoint Server)