Closed IAmStevenJohnson closed 6 years ago
Do you have a proxy for fiddler installed? The error message is complaining about the certificate itself.
The remote certificate is invalid according to the validation procedure
If you need to disable certificate validation, you can do so by modifying the miiserver.exe.config file (provided you are running the MA in process)
<configuration>
<configSections> <!-- add the line below if there is an existing <configSections> element -->
<section name="lithnet-google-ma" type="Lithnet.GoogleApps.MA.MAConfigurationSection, Lithnet.GoogleApps.MA" />
</configSections>
<lithnet-google-ma http-debug-enabled="true"/>
...
</configuration>
Ryan, thanks for your response. I don't have a fiddler proxy installed. But we do go through a regular web proxy. I tried disabling certificate validation as you mentioned, but that didn't see to make any difference.
However, we did find the solution. I was logged into the FIM server with my credentials and changed the proxy from our normal autoproxy script to a specific server proxy. That was enough to get us through the initial connectivity screen on the MA. But since the FIM Sync service runs under a service account, we had to login with that service account and change the proxy server for it too. Then we were able to read the schema no problem.
So thanks for your help and for this MA. Really appreciate it. We'll be running a test shortly with a couple hundred thousand user accounts. If that works well and we move to production, we'll be attempting it with groups--including some large ones. Hoping this can replace GCDS.
Glad to hear you got it sorted. Am using it myself in production with 200k users and about 50k groups, so you should be fine. If you run into any issues reach out.
Don't want to bother you with another one of these errors but your help on others' issues like this have been helpful to me. So maybe this will also help others.
I've got this working on our dev and production servers but on our test server I can't get past the Schema 1 screen when creating the MA.
It seems to be an SSL/TLS issue but I can't figure out, or find, an answer. The registry settings for SCHANNEL Ciphers and Protocols are the same on all three servers.
So I thought I'd ask you here after much gnashing of teeth and running out of other ideas. Just to see if you have any thoughts on where to look next for a solution. Thanks for any help.
The event log error is this: