André Krijnen

When I started to work with SharePoint 2010 I’ve noticed that there are alot of issues regarding the User Profile Synchronization. Alot of people mentioned the following event viewer problems:

Microsoft.ResourceManagement.ServiceHealthSource
Event ID: 22
Level: Error

The Forefront Identity Manager Service cannot connect to the SQL Database Server.

The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

ILM Web Service Configuration
Event ID: 234
Level: Warning

ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=MSSDEVIA\MSSFARM sddl=D:(A;;GA;;;S-1-5-21-3647457175-3930976156-3381717532-1106)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: Cannot open database “User Profile Service Application_SyncDB_1d4b979635654411b18ce834c5c0a76a” requested by the login. The login failed.
Login failed for user ‘MSSDEVIA\mssfarm’.
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(SqlConnection connection)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(DataStore store)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction, IsolationLevel isolationLevel, DataStore dataStore)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction)
at Microsoft.ResourceManagement.Data.DataAccess.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.Initialize()
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at Microsoft.ResourceManagement.WindowsHostService.OnStart(String[] args)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection`1& activeHostedWorkflowDefinitions, ReadOnlyCollection`1& workflowControlMessages, List`1& requestsToRedispatch)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHosts(Object source, ElapsedEventArgs e)

Of course I’ve watched the different blog posts from different MVP’s and others. But there still seems to be alot of different issues regarding the UPS of SharePoint 2010. Yet, I’ve found out that there are more issues as they speak of.
In my case the scenario was alot different then rights on the local machine or on the domain. The users had all the rights to perform Replicate Directory Changes on the domain, and yet I’ve had these errors.

I’d Visual Studio 2010 installed and it came up with the Jit-In-Time debugger with errors.

An unhandled exception (‘System.ServiceModel.ProtocolException’) occurred in OWSTIMER.exe [5630]

Application Error
Event ID: 1000
Level: Error

Faulting Application name: OWSTIMER.exe, version: 14.0.4762.1000, time stamp: 0x4bad920c
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 04xa5bdfe0
Exception code: 0xe0434f4d
Fault offset: 0x000000000aa7d
Faulting Process id: 0xa58
Faulting application start time: 0x01cb2cacfed18e83
Faulting application path: C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\14\Bin\OWSTIMER.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report id: f3b92d5f-98a3-11df-b4fd-000c29240fea

So, I’ve opened a new instance of Visual Studio 2010 Debugger, and it came up that the internal Proxy Server needed authentication. I did get a 407: Proxy Authentication Required.

If you think you’ve done everything to the different blog posts you’ve writtend, and you can’t find any issues, it can be that something else blocking your way to use the different SharePoint Application Services.

MS is not helping you with these kind of issues, but when you need some help, try to use Visual Studio on your application server, or server that is going to host the UPS service to identify which errors it comes up with.

If you can’t use Visual Studio because it’s a production environment, try to get a test environment in the same environment your production environment is in, and install there Visual Studio.

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in E:\Vhosts\mysticslayer.com\httpdocs\wp-content\plugins\highlight-source-pro\highlight_source_pro.php on line 128

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead in E:\Vhosts\mysticslayer.com\httpdocs\wp-content\plugins\highlight-source-pro\highlight_source_pro.php on line 128

SharePoint sites using hostnames (HOSTS) with Internet Explorer 8 (IE8) have logon failures

I like to use beta programs. You can see what new functionality will be available before the product is released. But using betas of Internet Explorer is something i have a lot of bad experiences with. Currently we got a report on one of our websites that it had some problems running under Internet Explorer 8. Ofcourse i checked this in my virtual machine by installing the released version of Internet Explorer 6/7/8.

For some reason i was not able to access my SharePoint websites anymore. It kept me asking for my login over and over again. Doing some googling i found out that this issue was also under the beta release and that there is a solution. Keep in mind that this issue is still present in the released version.

It seems that Internet Explorer 8 does a loopback check. This causes SharePoint sites using hostnames (in your HOSTS file) with a logon to have logon failures.I like to use the HOSTS file, because you do not have to use specific port numbers for running your websites. Als for doing demos on events and at customers it looks better.

There are two solutions for the problem. This one i think is the best and less work:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer. (it seems that this was not needed on my virtual machine).

For more information: http://support.microsoft.com/default.aspx/kb/896861

For a company I work for we have an different kind of situation regards the SharePoint site. We have a DMZ with all the webservers we need. We also got a small MOSS 2007 farm where the company hosts his two SharePoint sites. Both sites are on the same farm and on the intranet it works perfectly.

On of these sites is hosted normally on the http port, and the other on is hosted as an extranet application on the https port. The site hosted on the public http port is good, and doesn’t show any problems.

The certificate for the private site is at the reverse proxy server, although it is also a kind of firewall. We used the technet documentation for implementation (link). We did use the Alternative Access Mappings and we did redirect our https port(proxy) to the http port(Site farm).

Everything works perfectly, except for the Document Library. Normal documents can be opened without any problems, but when you want to access a folder in the document library we got a permission denied error from the proxy server. Why you may ask? Well the document library has folders and show all http:// instead of https://. So it redirects from an secure site into a insecure site were the port is blocked on the DNS.

So we maybe thought that this was related to the firewall instead of SharePoint, well forget that. The problem resists in the Document Library and nothing else. Now we contact Microsoft for this issue, but the problem is that Microsoft has only helpdesk people with knowledge of SharePoint or ISA Server. Microsoft helpdesk wants to relate the problem to the firewall instead of their own product, and I can’t blame them, because it’s their product. Well I’m not happy at all with this, because we won’t change anything in the firewall. We tried everything there is needed to work.

The company were I work for doesn’t have this problem to Exchange Server 2003, and this is the same kind of product, and they have the exact same rules and same implementation… Probably this a bug (or feature) and they can’t solve it… maybe later on…

Well I will keep you informed… when I have a solution my blog will keep you informed about it…