Hi, Are there any issues with the version of IE and the FIM Portal? We have been getting intermittent errors when using IE8 to connect to http://idm.fabrikam.com We have reviewed the following: SPN registrations listed at the end of this post FIM Portal added to IE trusted sites Hardware load balancer configured - no errors are being logged 'A' record in DNS (not CNAME) for the FIM Portal - idm.fabrikam.com The intermittent error when connecting to the Portal is: The request for security token could not be satisfied because authentication failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [FaultException: The request for security token could not be satisfied because authentication failed.] System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) +15424442 System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target) +18 System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) +169 [SecurityNegotiationException: The caller was not authenticated by the service.] Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters) +1605 Microsoft.IdentityManagement.WebUI.Controls.UIUserDataUtils.IsMemberOfSet(Guid userId, Guid setId) +287 Microsoft.IdentityManagement.WebUI.Controls.UIUserData.get_IsCreateDeleteUserButtonsVisible() +175 Microsoft.IdentityManagement.WebUI.Controls.PersonList.get_ActionBarItems() +61 Microsoft.IdentityManagement.WebUI.Controls.NewListViewHostCtrl.InitializeNewListView() +31 Microsoft.IdentityManagement.WebUI.Controls.NewListViewHostCtrl.CreateChildControls() +981 System.Web.UI.Control.EnsureChildControls() +146 System.Web.UI.Control.PreRenderRecursiveInternal() +61 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3394 Our SPN results are as follows: Query 1: setspn -Q http/idm.fabrikam.com Result 1: CN=WSS_Service_Account,OU=MISC,DC=fabrikam,DC=com HTTP/FIMPortal1.fabrikam.com HTTP/FIMPortal1 HTTP/FIMPortal2.fabrikam.com HTTP/FIMPortal2 HTTP/idm HTTP/idm.fabrikam.com Query 2: setspn -Q FIMService/idm.fabrikam.com Result 2: CN=FIM_Service_serviceaccount,OU=MISC,DC=fabrikam,DC=com FIMService/idm FIMService/idm.fabrikam.com Any ideas? we have seen a similar post on http://social.technet.microsoft.com/Forums/en-ZA/ilm2/thread/7de42bac-2341-4360-ac3a-5ef37e9096b0 thank you

From which point are you testing this? A workstation? One of the nodes which is loadbalanced? Do you have "IP Afinitiy" configured on your loadbalancer? Have you set "useAppPoolCredentials=true" in you applicationHost.config on your Portal nodes? http://setspn.blogspot.com

Apologies for the delay - still waiting for a confirmation from the hardware team

Apologies for the delay - still waiting for a confirmation from the hardware team