What I will be describing has been explained before to be honest:
However I want to add some additional context information. The issue I was seeing is that with a FIM Portal setup, which has quit some objects in it’s database, certain actions failed. I got the generic FIM Service error when trying to add some conditions to a dynamic set. The errors you receive might differ. Perhaps it’s the generic “an error has occurred”, or you get “Access denied”, or like shown below: Timed out.
In the Event log some errors are displayed as well:
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly. The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration. Ensure the portal configuration is present and points to the resource management service.
And in the Forefront Identity Manager log:
The description for Event ID 3 from source Microsoft.ResourceManagement cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Microsoft.ResourceManagement.Service: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(CreateRequestDispatchParameter dispatchParameter)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Put(Message request)
The handle is invalid
As Darryl explained, and this is has been added in the troubleshooting guide as well, you can extend certain timeouts. A general advice: take a backup copy of configuration files you edit. I tend to copy them and change the extension to .dateOfToday.bak or something like that.
For starters we have the web.config for the WSS site hosting the FIM Portal. Typically this is located below c:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config but of course this might be environment specific. If you look for the following part in the web.config you can add “timeoutInMilliseconds” to the resourceManagementClient line.
<resourceManagementClient requireKerberos="true" resourceManagementServiceBaseAddress=http://fimsvc.contoso.com:5725 timeoutInMilliseconds="360000" />
An other location where you can adjust timeouts is the FIM Service configuration file. This file is typically located in: "c:\Program Files\Microsoft Forefront Identity Manager\2010\Service\” and is called Microsoft.ResourceManagement.Service.exe.config. Look for the following lines:
<resourceManagementClient resourceManagementServiceBaseAddress="fimsvc.contoso.com" timeoutInMilliseconds="360000" />
<resourceManagementService externalHostName="fimsvc.contoso.com" dataReadTimeoutInSeconds="180" dataWriteTimeoutInSeconds="180" />
In this example I added dataReadTimeoutInSeconds="180" dataWriteTimeoutInSeconds="180" to the resourceManagementService line as well as timeoutInMilliSeconds=”360000”. This will ensure the FIM Service waits long enough when writing or reading data from SQL. After changing the above configuratin files, make sure to perform an iisreset and a restart of the FIM Service!
Besides modifying these timeouts, it’s also advised to regularly update the statistics and rebuild the indexes of your FIM Service Database. To conclude: a TechNet article with addition information regarding the mentioned parameters: TechNet: Registry Keys and Configuration File Settings in FIM 2010