Share via


Web Service Configuration Settings

There are configuration settings for the FIM Service web services stored in the .NET app.config file and in the local computer registry. By default, the app.config file is named Microsoft.ResourceManagementService.exe.config. This file is consumed once when the FIM Service starts; therefore, the service must be restarted to consume any changes.

Web Service Configuration File Settings

The web service configuration is stored in two parts of the app.config file. The first part is the ResourceManagementService section and the second part is .NET appSettings. Generally, settings related to the service behavior such as endpoint addresses or workflow host configuration is stored in the ResourceManagementService section. Some settings, however, are also stored in the appSettings section. All of the configuration settings are optional, and the common settings are configured by initial setup. Some settings should only be changed as directed by customer support; they are included in this list for completeness. When making changes to an existing deployment, it may be necessary to edit the app.config file directly rather than running a change install.

Configuration setting Description Default Value

workflowManagerEndpointBaseAddress

Used to create a service principal identity for all FIM endpoints. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/WorkflowManager

dataReadTimeoutInSeconds

The timeout used in all SQL select commands. Increase this when receiving SQL timeouts when processing complex queries.

58

dataWriteTimeoutInSeconds

The timeout used in all SQL update, insert, and delete commands. Increase this when receiving SQL timeouts when processing complex atomic web service requests.

58

defaultKeySize

The key sized used in SecurityToken service tokens. Do not edit this setting unless instructed to do so by customer support.

256

defaultTokenLifetimeInMinutes

The lifetime (in minutes) of tokens issued by the security token service.

10

externalHostName

The base URI to use when responding with CreateResponse and Authentication response. Use this for load-balanced scenarios. Also update the unified client resourceManagementServiceBaseAddress to have outgoing requests also hit the load-balanced server. The unified client settings are stored in the web.config file in the portal and in the app.config file for the password reset client.

The default value is the first IP address of the server.

hostActivationIntervalInMilliseconds

The interval between the host activator polling workflow instances for status. Do not edit this setting unless instructed to do so by customer support.

120000

intranetRegistrationEndpointAddress

The name of the intranet password reset registration endpoint. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/SecurityTokenService/Registration

metadataEndpointAddress

The name of the metadata endpoint. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/MEX

passwordResetEndpointAddress

The name of the password reset endpoint. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/Alternate

policyManagerIntervalInMilliseconds

The interval between running stored procedure DequeuePolicyApplication. Do not edit this setting unless instructed to do so by customer support.

5000

receiveTimeoutInSeconds

The timeout used for receiving messages on all FIM endpoints. Do not edit this setting unless instructed to do so by customer support.

300

resourceEndpointAddress

The name of the WS-Transfer resource endpoint. The full address to the endpoint will be the following: https://localhost:5725/ResourceEndpointName. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/Resource

resourceMailEndpointAddress

The name of the Resource Mail endpoint. The full address to the endpoint will be the following: https://localhost:5725/ResourceMailEndpointName. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/ResourceMail

resourceFactoryEndpointAddress

The name of the WS-Transfer ResourceFactory endpoint. The full address to the endpoint will be the following: https://localhost:5725/ResourceFactoryEndpointName. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/ResourceFactory

synchronizationEngineAccountName

The logon name for the sync engine's account. This enables the server to provide elevated access to the sync engine without special configuration in FIM.

SyncEngineAccount

mailServer

URL pointing to the Exchange 2007 web service. It typically looks similar to the following: https://server/ews/exchange.asmx.

(None)

isExchange

String literals “1" or “0" indicating whether the mail sender should instantiate an SMTP client or Exchange client. Note that “true" and “false" are both treated as false.

1

exchangeListenerInterval

Integer representing number of seconds to wait between polling Exchange.

30

securityTokenServiceEndpointAddress

The name of the WS-Trust security token endpoint. The full address to the endpoint will be the following: https://localhost:5726/SecurityTokenEndpointName. Do not edit this setting unless instructed to do so by customer support.

ResourceManagementService/SecurityTokenService

securityTokenServiceMetadataEndpointAddress

The name of the WS-Trust security token metadata endpoint. The full address to the endpoint will be the following: https://localhost:5726/SecurityTokenServiceMetadataEndpointName. Do not edit this setting unless instructed to do so by customer support.

SecurityTokenService/MEX

servicePrincipalName

Used to create a service principal identity for all FIM endpoints. Do not edit this setting unless instructed to do so by customer support.

There is no default value. Omitting this value results in the endpoints having the default principle identity (which depends on the WCF implementation of endpoints).

maxReceivedMessageSizeInBytes

The maximum size of messages in bytes the server will receive

10 megabytes

mailBatchSize

The maximum number of Exchange mail items to retrieve during one poll. Do not edit this setting unless instructed to do so by customer support.

100 items

Example

The following is an example Web service configuration file.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <!-- ... -->

 <resourceManagementService workflowManagerEndpointBaseAddress="ResourceManagementService/WorkflowManager" 
               dataReadTimeoutInSeconds="58" 
               dataWriteTimeoutInSeconds="58" 
               defaultKeySize="256" 
               defaultTokenLifetimeInMinutes="10" 
               externalHostName="identitymanagement.fabrikam.com" 
               hostActivationIntervalInMilliseconds="120000" 
               intranetRegistrationEndpointAddress="ResourceManagementService/SecurityTokenService/Registration" 
               metadataEndpointAddress="ResourceManagementService/MEX" 
               passwordResetEndpointAddress="ResourceManagementService/Alternate" 
               policyManagerIntervalInMilliseconds="5000" 
               receiveTimeoutInSeconds="300" 
               resourceEndpointAddress="ResourceManagementService/Resource" 
               resourceMailEndpointAddress="ResourceManagementService/ResourceMail" 
               resourceFactoryEndpointAddress="ResourceManagementService/ResourceFactory"
               securityTokenServiceEndpointAddress="ResourceManagementService/SecurityTokenService" 
               securityTokenServiceMetadataEndpointAddress="SecurityTokenService/MEX" 
               servicePrincipalName="fimservice@fabrikam.com" 
               maxReceivedMessageSizeInBytes="10485760"
               mailBatchSize="100"
 />
 <appSettings>
  <add key="synchronizationEngineAccountName" value="fimsyncservice"/>
  <add key="mailServer" value="http://exchange.fabrikam.com/ews/exchange.asmx"/>
  <add key="isExchange" value="1"/>
  <add key="exchangeListenerInterval" value="30"/>
 </appSettings>
</configuration>

Web Service Registry Settings

The registry settings configure how the FIM Service are stored in the current control set of the FIM Service. All of these settings may be updated by running a change install. Additional registry values may be present in the same registry key, but these are not used by the FIM Service.

Registry Value Class Type Description

DatabaseServer

HKLM

DWORD

Name of the FIM Service database server.

DatabaseName

HKLM

DWORD

Name of the FIM Service database name.

CertificateThumbprint

HKLM

DWORD

The cryptographic thumbprint of the certificate the FIM Service uses to authenticate its endpoint identity and to encrypt claims on SecurityTokenService tokens (see Security Token Service Endpoint).

PollExchangeEnabled

HKLM

DWORD

Indicates whether this instance of the FIM Service should monitor the Exchange mailbox for incoming mail. The FIM Service still may send outgoing mail even if the value is false. Only one instance of the FIM Service should poll the Exchange mailbox.

Remarks

There is no general principle behind why some settings are stored in the registry and others are in the app.config file. When configuration settings are available in both locations, the registry generally takes precedence.

See Also

Other Resources

Web Services API