Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
After installing v4.4.1642, we were unable to elevate. Running Get-PAMUsers returned a not authorize error. Steps that were taken to resolve the issue:
On the Sync server modify the object deletion run as below – this is done on the Person metaverse person object 
- Delete the connector space of the CTRL MA
- Ran Full import on the CTRL MA, this step triggers the metaverse deletion rule and then FIM MA deprovisioning rule. Note: No sync profile was needed here. This action delete all the users in the metaverse.
- Ran Export on FIM MA deleting all the users in FIM Service . Except for the Bulit-In Syanchronization serviceand dte.* accounts
- Reverted the change done in step 1
- Ran Full Import Full Sync on CTRL MA
- Ran Export on FIM MA
- Ran Full Import Full Sync on FIM MA
- Ran Export on FIM MA
- Ran powershell script to set each users ResourceSID in the CtrlPortal
- Removed and re-added Users into PAM Roles in the portal.
- Corrected DNS entry for ctrlpamportal (one address was correct and one was wrong
- In IIS removed host header for the MIM Privileged Access Management API (was ctrlportal.dte.ic.gov)
- Add ctrlpamportal as the host header for MIM Access Management Portal
- Change MIM Access Management Portal App Pool to PamRestApiAppPool
- Did iisreset