MIM: The Portal cannot connect to the middle tier using the web service interface

Problem

After installing the MIM Service and Portal successfully, you are greeted by a portal that never loads and eventually displays a generic 503-error or a “Service not available notice”.

image

Analysis

This is a list of things I checked while trying to smoke out the badger causing this issue:

  • IIS bindings, even though I tested this prior to running the installer
  • The enormous setup log (verbose logging).
  • IISRESET.
  • Sharepoint alternate access mappings, also checked and found to be working prior to the installation.
  • Service status, both the FIM service and the Sharepoint services were running.
  • Restarted the server (have you tried turning it off and on again?).
  • FIM Event log, empty

And then I finally had the bright idea to check the application event log. It looked like the remnants of a great battle, only red and yellow messages in sight:

image

I dug in and found this one particularly interesting, Event 10 from Microsoft.ResourceManagement.PortalHealthSource:

The Portal cannot connect to the middle tier using the web service interface.  This failure prevents all portal scenarios from functioning correctly.


The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.


Ensure the portal configuration is present and points to the resource management service.

SNAGHTML2be3c711

I suddenly remembered that the load balancer was not yet configured and went to check the DNS records for the MIM urls. As I suspected, they were pointing to the load balancer, but the load balancer did not know where to redirect the traffic and thus did nothing.

Solution

For once, a simple solution without much of a risk factor:

  • Change the DNS record for the load balanced addresses, in this case the MIM Service server address to point directly to one of the portal servers.
  • Perform an IISRESET on the portal servers

I could of course fix the load balancer as well, but that requires a minion with access, and as the local time is 00:18 on a Saturday I will just add it to the list of things to fix later.

Author: DizzyBadger

SQL Server DBA, Cluster expert, Principal Analyst

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.