UPGRADE TO FIM 2010 R2 SSPR - RICH CLIENT ERROR: The remote server returned an unexpected response: (407) Proxy Authorization Required

Hi

In urgent need of help with fFIM 2010 R2 Rich Client on WIN7.

Scenario:

- just upgraded fim service, portal and sync to R2...
- current workstations dont have upgraded rich client installed.
- have allowed legacy support for older rich clients from fim portal
- sspr portals are installed on same server as fimportal with fimservice account.
- passwordreset and passwordregistration are my portal URLS.
- both of the above work in web browser.
-have set SPNs for two portal URLS for IIS Machine account.
- all is happening in INTRANET (no extranet)
- have added proxy exceptions to the web proxy

Problems

- trying to reset password at logon screen. Get the vague error: "an error has occurred..please contact you helpdesk. blah blah blah"

- Turned on Verbose logging on client. Get the below errors in the event vwr...(note it looks like it fails after this action "Retrieving the first gate from the STS."

WARNING: FlushFileBuffers failed on pipe [[Unknown]] with error code [109].

ERROR 1: 

mscorlib: System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (407) Proxy Authorization Required. ---> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.LayeredChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ResourceManagement.WebServices.WSTrust.ISecurityTokenService.RequestSecurityToken(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityToken(Message request)
   at Microsoft.ResourceManagement.WebServices.SecurityTokenServiceClient.RequestSecurityToken(RequestSecurityTokenType request, ClientOptionsHelper clientOptionsHelper, MessageBuffer& messageBuffer)
   at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(AuthenticationChallengeResponseType[] authenticationChallengeResponses, MessageBuffer& messageBuffer, ClientOptionsHelper clientOptionsHelper)
   at Microsoft.ResourceManagement.WebServices.Client.AuthenticationRequiredException.Authenticate(ClientOptionsHelper clientOptionsHelper)
   at Microsoft.IdentityManagement.PasswordReset.GinaOperation.STSInitiateCommunication()

ERROR 2:

PwdMgmtProxy: Microsoft.IdentityManagement.PasswordReset.Utilities.UserFailureException: An unexpected error has occurred.  Please contact helpdesk or your administrator.
   at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.WriteGetNGateMsg(ClientPipeContext& client)
   at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.GetNextGate(ClientPipeContext& client, Boolean registering)
   at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Authenticate(ClientPipeContext& client)
   at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)

I actn for the life of me figure out whatis going on. Can someone please assist?

cheers

stu