<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
No; but in my scenario I had to be in local Administrators group to
be able to access the certificate store on the machine where
Connector Server runs.<br>
<br>
Can you be more precise about the Access Denied exception?<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06/24/2015 02:04 PM, Ващенков
Алексей wrote:<br>
</div>
<blockquote
cite="mid:23F96C83E30B7E4DA253EBD07C550836014DC8EE@EX-MB2.solar.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">The
user is in both groups local and domain administrators.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Do
you suppose that user must be only in local administrator
group?<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US"><o:p> </o:p></span></b></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US">Sent:</span></b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US"> Wednesday, June 24, 2015 2:55 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Subject:</b> Re: [midPoint] Self-signed SSL
certificate problem with exchange connector<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
lang="EN-US">Please try to add that account to local
Administrators on that computer (not Domain Administators).
I remember situation where this helped. I also remember to
have written it somewhere :-(<br>
<br>
Ivan</span><span
style="font-size:12.0pt;mso-fareast-language:RU"
lang="EN-US"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 06/24/2015 01:50 PM, Ващенков Алексей
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Thanks.</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
helped a little bit. The documentation doesn’t pointed
that also I need to add the certificate to trusted roots
using mmc.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">After
we imported certificate and add it ti trusted roots I’ve
got an access denied exception. We try to start connector
as System and as Administrator but in both cases access
exception throws.
</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">May
be I miss some preferences?</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><span
lang="EN-US"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US">From:</span></b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US"> midPoint [</span><a
moz-do-not-send="true"
href="mailto:midpoint-bounces@lists.evolveum.com"><span
style="mso-fareast-language:RU" lang="EN-US">mailto:midpoint-bounces@lists.evolveum.com</span></a><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US">]
<b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Wednesday, June 24, 2015 10:54 AM<br>
<b>To:</b> </span><a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"><span
style="mso-fareast-language:RU" lang="EN-US">midpoint@lists.evolveum.com</span></a><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US"><br>
<b>Subject:</b> Re: [midPoint] Self-signed SSL
certificate problem with exchange connector</span><span
lang="EN-US"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
lang="EN-US">Hi </span>Алексей<span lang="EN-US">,<br>
<br>
please check your steps with </span><a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server"><span
lang="EN-US">https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server</span></a><span
lang="EN-US"><br>
<br>
Last time I was connecting AD through SSL, it helped me.<br>
<br>
Regards,<br>
Ivan<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 06/24/2015 09:42
AM, </span>Ващенков Алексей<span lang="EN-US"> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hi. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We use self-signed
certificate for connection to powershell. In process to
add account using Exchange connector throws an exception
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">====<o:p></o:p></span></p>
<div style="border:none;border-bottom:double windowtext
2.25pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal"><span lang="EN-US">The SSL
certificate is signed by an unknown certificate
authority. For more information, see the
about_Remote_Troubleshooting Help topic. Cannot
validate argument on parameter 'Session'. The argument
is null. Supply a non-null argument and try the
command again.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US">We have added
certificate to trusted roots in internet settings. But
it doesn’t take any effect.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What should we do to
prevent this exception throwning?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"
lang="EN-US"><br>
<br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"
lang="EN-US"><br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US"> Ing. Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US"> Senior Identity Management Engineer & IDM Architect<o:p></o:p></span></pre>
<pre><span lang="EN-US"> evolveum.com evolveum.com/blog/<o:p></o:p></span></pre>
<pre><span lang="EN-US"> ___________________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US"> "Semper Id(e)M Vix."<o:p></o:p></span></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"
lang="EN-US"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"
lang="EN-US"><br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US"> Ing. Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US"> Senior Identity Management Engineer & IDM Architect<o:p></o:p></span></pre>
<pre><span lang="EN-US"> evolveum.com evolveum.com/blog/<o:p></o:p></span></pre>
<pre><span lang="EN-US"> ___________________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US"> "Semper Id(e)M Vix."<o:p></o:p></span></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>