FIM 2010 Enable Advanced Error Logging

Published on Wednesday, June 16, 2010 in ,

When you’re encountering weird errors you might try enhancing the logging to find out which component is bothering you. This post will provide two ways to get some additional information.

An example I have encountered the Service Not Available error.


The event viewer is helpful, but it does not go into detail:

Log Name:      Application
Source:        Microsoft.ResourceManagement.PortalHealthSource
Date:          17/11/2009 11:23:50 a.m.
Event ID:      10
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      hostname.domain
The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly.

The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration

In my case I entered a wrong service URL during the installation. I configured the following options to get a real detailed error in IE instead of the “service not available” error. To achieve this alter the following parameters in the web.config of the FIM Portal Sharepoint Site (default: C:\inetpub\www\wss\virtualdirectory\80\web.config)

<SafeMode MaxControls="200" CallStack="True" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">

<customErrors mode="Off" />


<clear />

<!-- <add name="ILMError" type="Microsoft.IdentityManagement.WebUI.Controls.ErrorHandlingModule, Microsoft.IdentityManagement.WebUI.Controls, Version=4.0.3531.2, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> -->

<add name="…


In words: set CallStack to True, switch customErrors Off and make sure to comment out the “ILMError” part.

After enabling this logging and doing an IISRESET, visiting the portal gave the following error below. There I could clearly see that the URL being used was wrong.


My source: Anthony Ho on the TechNet Forums: Register user to complete self-service password reset

An alternative, which I haven’t tested yet is enabling the server side tracing for the FIM Service in the Microsoft.ResourceManagement.Service.exe.config file which can be found in C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\, follow the following steps:

  1. Uncomment the 3 sections in the config file as explained in the config file itself
  2. change "fimDiagnostics.svclog" to "C:\Logs\fimDiagnostics.svclog"
  3. Update Error to "Verbose" (capital V) in <source name="Microsoft.ResourceManagement" switchValue="Error">
  4. Create the folder C:\Logs
  5. restart FIMService

My source is Anthony Ho again on the TechNet Forums: FIM - "An error occured when attempting to reset your password, please try again”

Related Posts

1 Response to FIM 2010 Enable Advanced Error Logging

05 June, 2021 13:11
This comment has been removed by a blog administrator.

Add Your Comment