Forefront Identity Manager errors when starting the SharePoint 2010 User Profile Synchronization Service Application

Joshua
  • Forefront Identity Manager errors when starting the SharePoint 2010 User Profile Synchronization Service Application Joshua

    After following Spence Harbar's Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization (http://www.harbar.net/articles/sp2010ups.aspx) exactly (and having it work several times for other implementations) in this particular instance, starting the user profile synchronization service generates the following errors (these can be found in the windows logs of the server attempting to start and run the UPS Sync) and eventually fails:

    Error ID: 22 - The Forefront Identity Manager Service cannot connect to the SQL Database Server.

    The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

    Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

    AND

    Error ID: 3 - .Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered

    at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException) at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection1& activeHostedWorkflowDefinitions, ReadOnlyCollection1& workflowControlMessages, List`1& requestsToRedispatch) at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator() at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHosts(Object source, ElapsedEventArgs e)

    .Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
    at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlDataReader.ConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
    at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
    at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader() at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection1& activeHostedWorkflowDefinitions, ReadOnlyCollection1& workflowControlMessages, List`1& requestsToRedispatch)

    AND

    Error ID: 234 - ILM Certificate could not be created.

    (Note: There are several of these, one for each stage of ILM certificate creation failure).

    The system is a multi (3) server farm:

    WFE Windows 2008 64Bit SharePoint 2010

    APP (UPS and UPS Sync Running Here) Windows 2008 64Bit SharePoint 2010

    SQL (Default Instance) SQL Server 2008 R2 64 Bit

    All the necessary steps in Spence's guide (domain accounts, permissions, rights, etc.) have been followed.

    The two FIM services on the APP server are starting and are using the FARM account.

    The ILMMA and MOSS- folders are NOT present in %Programfiles%\Microsoft Office Servers \14.0\Synchronization Service\MaData.

    A similiar thread by others (no defined resolution) can be found here:

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/bac36f2b-0d7b-4e88-830b-ebb0a85f111e

    Thoughts? Suggestions? Solutions?

    UPDATE

    It turns out the Secure Store Service Application was deployed, but not configured and missing a key. Completing this took care of all of the errors above with the exception of the first:

    Error 22: The Forefront Identity Manager Service cannot connect to the SQL Database Server.

    This error now only exists once in the logs. The User Profile Sync service is now stuck at starting rather than fails. The FIM sync service doesnt start due to login failure (hence the error).

    Restarting does nothing. As mentioned the steps in Spence's guide have been followed and the appropriate account is in the right groups with the right permissions.

    Thoughts?

    UPDATE

    The SQL Server now has the following error, repeatedly:

    Event 17806

    SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.

    Event 18452

    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

    UPDATE

    Switching to mixed mode authentication (?) on SQL fixed these problems.

    I then ensured a bunch of my other service applications were started and configured.

    I then did a couple of reboots.

    I then used powershell to unprovision the synchronization service.

    I then started (provisioned) the synchronization service.

    The original errors are back, though BOTH the FIM services are started on the APP server.

    UPDATE

    From the ULS, this seems to be the error that is my plague.

    07/09/2010 13:09:02.06 OWSTIMER.EXE (0x04C4) 0x1398 SharePoint Portal Server User Profiles 9q15 High UserProfileApplication.SynchronizeMIIS: Failed to configure ILM, will attempt during next rerun. Exception: System.Runtime.InteropServices.COMException (0x80070035): The network path was not found. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at Microsoft.Office.Server.Administration.UserProfileApplication.AddAccountToMIISUsersList(String strAccount, Hashtable htPermittedUsers, Hashtable htNewlyAddedUsers) at Microsoft.Office.Server.Administration.UserProfileApplication.SetupProfileSynchronizationEnginePermissions() at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance). 6d80e09e-5883-43c1-9ca0-2377646b6f00

    I should add, WINS is enabled on the DCs and clients. So is local DTC access. I've even gone as far as to create a HOSTS file on the machines pointing to the right servers.

  • UPDATE

    Everything is working. On a whim, I added my FARM account to the domain admin group for the provisioning process. Then I rebooted. Everything has started, the sync service in Central Admin AND the two FIM services.

    Now, that SHOULDN'T have been required. But, it worked.

    Anyway, things are working fine now.

    If you end up doing this, don't forget to REMOVE your FARM account from the domain admin and local admin groups you have added it to.

    Additionally, if you have this much trouble, it is recommended that you wipe everything and start fresh. A lot happens with the UPS service during provisioning and its better to have a clean system than a dirty functioning one.

    SOLUTION/END

    These errors are related to UPS provisioning incorrectly. This is likely related to issues with the existing active directory in the environment, e.g. not being able to read appropriate AD objects, the network path not found is actually related to this. The UPS is a beast. If you run into these errors and have exhausted EVERY recommended avenue, assess your active directory. Check its functional level, policies, standard permissions etc. For example, we found in this implementation that initially, some user accounts did not have basic read permissions. Then, start over, cleanly.

Related questions and answers
  • I have a new SharePoint 2010 server farm that I'm trying to configure. Installation went fine. But I'm having trouble getting the user profiles to import. I've created the User Profile service application, and the two user profile services are running. However, whenever I try to create a synchronization connection to our AD servers, I'm getting the following error: "The operation was aborted... of permissions --- {1}. Available parameters: System.ServiceModel.EndpointNotFoundException: Could not connect to http://poc-bi-sp:5725/ResourceManagementService/MEX. TCP error code 10061: No connection could

  • Connection) I get an error: Cannot navigate to the requested page while User Profile Synchronization is running. Please wait for the current Synchronization run to finish. There are no timer jobs running at the time, plus I tried a reboot and got the same error message. I also try to start Forefront Identity Manager Service and it stops straight away (domain account or local system.... Any ideas? Edit: User Profile Synchronization Service status is 'Stopped', but when I click 'Start' it asks for a password, where the account is 'NT AUTHORITY\NETWORK SERVICE' (and can't be changed

  • -Failed-Step8.png Event Viewer contains this entry: Log Name: Application Source: SharePoint 2010 Products Configuration Wizard Date: 2/9/2010 6:03:01 PM Event ID: 104 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SP2010 Description: Failed to create sample data. An exception of type...;Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="SharePoint 2010 Products Configuration Wizard" /> <EventID Qualifiers="0">

  • . The Reporting Services URL has been set within Central Administration. When I fill in the "Grant Database Access" form with a user account and click OK, the following message displays: 'A connection...On a single Windows 2008 Server I'm running SharePoint 2007 Enterprise (SP2, December 2009 CU) and SQL Server 2005 (SP3, CU 7). Authentication is NTLM. I've been trying to get SharePoint Reporting... and SharePoint (as it is impossible to only uninstall the Reporting Services component with SQL Server 2005) used the same service account for all SQL services and the same for all SharePoint services given all

  • Server 2008 R2 Server Core run the VM and joined my Windows 7 machine to that domain Installed SQL Server 2008 R2 on Wind7 machine Followed instructions http://msdn.microsoft.com/en-us... (Windows6.1-KB974405-x64.msu) Enabled all roles indicated in the list (IIS and WCF) Installed Sharepoint Foundation 2010 didn't run the product configuration wizard (yet) created two additional domain user accounts without any particular rights: SPF_DATABASE for database credentials SPF_ADMIN for farm credentials Added domain administrator in SQL Server 2008 R2 with sysadmin rights started Sharepoint

  • We recently migrated some applications from SharePoint 2007 to SharePoint 2010. The application uses the SiteData.asmx web service. After the migration there are Access Denied errors, withtout any additional information. The following sample code reproduces the problem: var service = new SiteData(); service.Url = url + "_vti_bin/sitedata.asmx"; string web;string site;string bucket;string list..., GetSiteAndWeb) The error happens when running as a farm administrator. The same error happens running on a local development machine, which makes me think it has nothing to do with user permissions

  • I have successfully configured a SharePoint farm of 4 nodes but I got intermittent database connection failure errors. I have to restart SharePoint services and IIS to fix the database errors. Mostly these are SSPI errors but sometimes the error message just says "unable to connect to config database". In SharePoint configuration I went to "Application Management -> Check Services Enabled... Windows SharePoint Services Database Update 2 Now I've again configured the SharePoint Farm as per your instructions but still getting the same warning. Please let me know if I am running any

  • " and DB Server Instance has the same user "domain\someuser" and has permission to Custom DB. Web.config entries: <authentication mode="Windows" /> <identity impersonate="true" />...We have an issue in accessing custom a DB from a SharePoint custom webpart. When we try to access the custom DB from SharePoint webpart we are getting the error "Login Failed for User NTAuthority... impersonate="true" username=”domain\someuser” password=”***” /> If we add “NTAuthority\Anonymous Logon” as a user in custom DB server instance. If we use Sql AuthenticationData Source=xxxx

  • . The only significant thing to change on the server between yesterday and today was the installation of the Citrix Web Interface for SharePoint webparts. UPDATE: I also receive the following error when starting Central Administration from the Start Menu (Start -> Microsoft Office Server -> SharePoint 3.0 Central Administration) A failure occurred when accessing the HKEY_LOCAL_MACHINE\Software... running the test console app that I get the following output: A first chance exception of type 'System.DllNotFoundException' occurred in Microsoft.SharePoint.dll which doesn't sound good. So I

Data information