Jaa


Troubleshooting the Profiles System

This section contains information related to troubleshooting some problems that you might experience when programming the Profiles System.

Event Viewer

Commerce Server Core Systems stores all events and errors in a single event log. You can view this log by using the Event Viewer provided with the operating system.

Performance Issues

Using SQL Server Windows Authentication

If a high rate of SQL Server logons affects your Web site's performance and you are using Windows authentication to connect to SQL Server, you can change one of the following registry settings to improve performance:

  • If you are using the 32-bit version of Commerce Server Core Systems, change the value of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007\Profiles\UnsafeAuthenticatedConnectionSharing registry key to 1.

  • If you are using the 64-bit version of Commerce Server Core Systems, change the value of the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Commerce Server 2007\Profiles registry key to 1.

You must consider your environment and security requirements before changing this registry value. The default value of 0 (zero) offers better security but potentially slower performance because it forces a logon and logoff for each Profiles System database connection. If your Web site uses impersonation to connect to Profiles System resources, there is a security risk when you change the default value. When you set the value to 1, new SQL Server logons are not forced for each connection to the Profiles System database from the connection pool. Instead, old connections from the connection pool are recycled and retain the security permissions from the last impersonated user. As a result, a new Web user connects to the Profiles database under the security context of a previous user. This poses a security risk.

Common Errors

Active Directory Password Complexity Policy

System.Runtime.InteropServices.COMException (0xC1003E84): A failure was encountered while attempting to set the 'unicodePwd' attribute on the newly created User object in Active Directory. Please verify that the user context under which this operation is being attempted has sufficient privileges, and try this operation again.

If you see this error message, the password complexity policy for Active Directory directory service may not have been met when a new user was created. To resolve this error, make sure that passwords comply with password complexity policies.

Loading Editor error message

This error message relates to the default security settings on Windows Server 2003 Enterprise Edition. The profile editor contains some VBScript and Jscript. The script cannot be loaded when the Internet Explorer security level is set to high. You must change the security level in Internet Explorer.

To change the security level in Internet Explorer

  1. In Internet Explorer, on the Tools menu, click InternetOptions.

  2. In the InternetOptions dialog box, on the Security tab, click the TrustedSites icon.

  3. In the TrustedSites section, click Sites.

  4. In the TrustedSites dialog box, select Selecta Web content zone to specify the security settings, and then click OK.

  5. In the InternetOptions dialog box, click Sites.

  6. In the TrustedSites section, in the Add this Web site to the zone section, type http://<Commerce Server2007API Web server computer name>, and then click Add.

  7. Close all dialog boxes and Internet Explorer.

Miscellaneous Tips

Using Direct Mail Static Lists to Send Personalized E-Mails

You can use direct mail static lists to send personalized e-mail messages only if the list contains the UserID field that Commerce Server Core Systems exports from the Profiles System. Commerce Server Core Systems uses this GUID value to uniquely identify a user in the Profiles System. If your exported list does not contain the UserID field or it is blank, you can create a static list by appending an expression instead of entering individual e-mail addresses. This way Commerce Server Core Systems extracts the UserID value from the Profiles System. For more information about how to create static lists, see How to Create a New Direct Mail List.

By default, cookies are encrypted on Commerce Server Core Systems sites. However, you can disable encryption. This can be useful for debugging. Never disable cookie encryption on a production site. To disable encryption, use the Commerce Server Manager in the CS Authentication node under Global Resources. Set the Enable Encryption property to a value of 0. For more information about how to configure the CS Authentication Resource, see https://go.microsoft.com/fwlink/?LinkId=76899. Make sure that you set the value back to -1 to re-encrypt cookies. For more information about how to set this property, see Global Resources Node.

Note

The CS Authentication node only applies if you are using legacy authentication. We recommend in Commerce Server Core Systems to use the UPM membership provider for authentication.

Deprecated Issues

AuthManager and AuthFilter are deprecated features in Commerce Server Core Systems. In Commerce Server Core Systems, the Commerce Server Membership Provider replaces them. However, if you are using AuthManager, you may experience technical issues. This section will help you troubleshoot issues that may occur.

AuthManager

If you are using AuthManager, you may see the following error when you try to retrieve the query string for an authenticated user:

UPM-AUTH: Error: while getting the query string for authenticated user.

To troubleshoot this error and to determine the contents of the cookie, perform a Network Monitor trace to view the cookie header for the incoming request and for the outgoing response.

AuthFilter with Active Directory Accounts

If you are using AuthFilter with Windows authentication, the Active Directory or local Windows account settings do not take effect. Upon disabling an account, the Siteauth.dll component does not appear to honor user-password TTL. You can resolve this issue by altering the Microsoft Internet Information Services (IIS) security token cache settings. For more information about this issue, see KB article 840582 at https://go.microsoft.com/fwlink/?LinkId=79820.

See Also

Other Resources

Developing with the Profiles System