Update: The cause of this issue was that the “User Profile Service” under “Services on Server” was running on both application server and web front end. I re-did everything, and before creating the User Profile Service Application I stopped the “User Profile Service” on the Front End. I also created a new application pool just for the User Profile Service (running under the Farm Account) when creating the User Profile Service Application. Now I had no problems removing the Farm Account from local administrators prior to running a succcessful sync.
So, if you want the User Profile Service Application to run only on your app server, make sure the User Profile Service is only running on the app server. Also, by creating the application pool and using it only for this purpose, I made sure that this application pool was only created on the app server.
The User Profile Service in Sharepoint 2010 provides some excellent functionality, but it is not bug free and can be rather slow to work with.
I set up a small farm (Windows Server 2008 R2, 1 SQL, 1 Application Server, 1 Front End) and set up the User Profile Service Application according to “best practise” which includes removing the Farm Account from Local Administrators after setting it up. Everything works like a charm – until I reboot the machine. Then I get
this error in the Event Log after each reboot (or restarting the ForeFront Identity Manager Service). When starting a User Profile Synchronization from Central Admin (Full or Incremental), nothing happens – Profile Synchronization Status is just idle. The services both in Central Admin and services on server are running just fine. All I can see are
this,
this,
this,
this,
this and
this error in the Event Log on the App server, and
this error on the Front End.
I had of course read
this and
this post till my eyes were sore.
Solution: Finally, I added the Farm Account back as Local Admin both on App Server and Front End, rebooted and everything works. Far from ideal, but when I seem to be having a functional User Profile Service Application, from now on I won’t touch it…:)
Related Event Log errors:
————–
Event 22, Microsoft.ResourceManagement.ServiceHealthSource
The Forefront Identity Manager Service cannot connect to the SQL Database Server. The SQL Server could not be contacted.
The connection failure may be due to a network failure, firewall configuration error, or other connection issue.
Additionally, the SQL Server connection information could be configured incorrectly.
Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running,
that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly.
This configuration is stored in the Windows Registry.
————–
Event 1015, MsiInstaller
Failed to connect to server. Error: 0x80070005
————–
Event 1001, MsiInstaller
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{1681AE41-ADA8-4B70-BC11-98A5A4EDD046}'
————–
Event 1004, MsiInstaller
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1AE472A9-E94A-41DC-9E98-F89A2821658F}' failed.
The resource 'C:\Program Files\Microsoft Office Servers\14.0\Tools\makecert.exe' does not exist.
————–
Event 1015, MsiInstaller
Failed to connect to server. Error: 0x80070005
—————
Event 1001, MsiInstaller
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{9AE4D8E0-D3F6-47A8-8FAE-38496FE32FF5}'
—————
Event 1004, MsiInstaller
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1AE472A9-E94A-41DC-9E98-F89A2821658F}' failed.
The resource 'C:\Program Files\Microsoft Office Servers\14.0\Tools\makecert.exe' does not exist.
—————
Event 6398, Sharepoint Foundation
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID cf3ce95f-3b38-4c2a-9a6c-35451cb5bb47) threw an exception.
More information is included below.
Access denied
Sharepoint 2010 User Profile Pictures two-way
The October 2010 Cumulative Update for Sharepoint Server 2010 brings an interesting update. Finally, you can now not only export profile pictures to Active Directory, but you can also import pictures from AD to Sharepoint without much hassle. Check my resources page for a link to the downloads. Quote from the kb:
“Consider the following scenario. You try to import pictures in a user profile from the Active Directory thumbnailPhoto attribute to the PictureURLattribute in Microsoft SharePoint Server 2010. You set up an import PictureURL mapping. Then, you perform a full synchronization in the SharePoint server. In this scenario, the pictures are not added to the user profile in the SharePoint server.
Note You can use following command to perform the import operation:
Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation http:///my”
Update: Microsoft has removed this update for the time being. Anyway, I downloaded it while it was available, and it does work. You have to run the Powershell command after syncing for the images to appear on My Site etc. I guess it will be available again when Microsoft has fixed whatever was the problem. This update has been re-released, and is available for download again.
A note here is that if you delete the picture from AD the thumbnail will not be deleted from Sharepoing even after running the Powershell command.
A second note is that the user running this Powershell command must have permissions on the User Profile Service Application, if not you’ll get an error message.
No comments:
Post a Comment