Share via


SharePoint 2010 service applications – UserProfile Synch service is not synching the profiles from AD ?

Recently I was working with a customer to setup their SharePoint 2010 environment and configure user profile service. We have created the service application and both user profile and synch service started successfully. After staring the profile synch from AD we waited for around 30 min but still there was no any user profile imported from AD , the count was showing as zero.

Once we checked the MISSClient.exe (under C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell) we saw that there was an error. It says that “Replication access was denied”.

clip_image002

Also application event log was showing the below message.

Event Log:

The Forefront Identity Manager Service cannot connect to the SQL Database Server.

The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

Log File:

0x1AE0 SharePoint Portal Server User Profiles et8j High UserProfileServiceUserStatisticsWebPart:LoadControl failed, Exception: System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID) at Microsoft.SharePoint.Portal.WebControls.UserProfileServiceStatisticsWebPartBase.LoadControl(Object sender, EventArgs e) 639a4bee-e242-43ab-8815-c3339d4453d1

After further research found that the profile synch account must need a special permission in the Active directory , it is documented in our public KB.

Resolution : https://support.microsoft.com/kb/303972

 

Setting permissions by using the ACL editor

1. Open the Active Directory Users and Computers snap-in

2. On the View menu, click Advanced Features.

3. Right-click the domain object, such as "company.com", and then click Properties.

4. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.

5. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.

6. Click OK to return to the Properties dialog box.

7. Click the desired user account.

8. Click to select the Replicating Directory Changes check box from the list.

9. Click Apply, and then click OK.

10. Close the snap-in.

 

Please refer Spencer’s excellent blog posts about user profile service application configuration here

Comments

  • Anonymous
    August 12, 2010
    Bonjour, je ne pense pas que le problème provienne du compte mais plutôt de SQLSERVER. Parceque j'ai le même problème sur mon serveur de production alors que sur le serveur de recette je n'ai pas ce problème. En effet, le serveur de recette arrive à se connecter à l'AD. Il utilise le même compte que le serveur de production qui lui n'arrive pas.

  • Anonymous
    August 17, 2010
    Even after performing the step the issue was still persisting.

  • Anonymous
    August 25, 2010
    Check the Eventlogs and ULS logs and see what is happening in behind.

  • Anonymous
    September 12, 2010
    Install latest CU - Aug 2010 , to get rid of most of the user profile issues...

  • Anonymous
    July 23, 2012
    I am tring to consume User Profiles from another farm. It is configured without exception but actual user profiles are not getting replicate to my local farm. If I do same process and configuration to consume local farm Service then it does synchronise all user profiles and shows all profile details.