UPA 2010 : Setting up the User Profile Service Application – Part2
In the first part of our document on User Profile Service Application we talked about various SharePoint & Windows components involved, we talked about the Need & utility of User Profile Service Application. This is part two, which talks about the Details of setting up the User profile Service application along with details of events which happen under the hood on SharePoint & SQL servers.
Let’s get into the details of Setting up the User Profile Service Application
Start the “User Profile Service”
1) When we start the “User Profile Service” from the Central Administration UI, we first start with provisioning the User Profile Service instance.
w3wp.exe (0x1330) 0x0FA4 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject UserProfileServiceInstance. Version: 2695 Ensure: False, HashCode: 62397089, Id: 015a5fa0-9411-4261-8c33-9f67f24b3c2d,
Stack Trace:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPServiceInstance.Provision()
at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()
w3wp.exe (0x1330) 0x0FA4 SharePoint Foundation Topology umbj Verbose Deserializing the type named Microsoft.Office.Server.Administration.UserProfileServiceInstance, Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c and with id d246fe04-de1e-48f1-9c9e-a57ee2392d98.
Create the “User Profile Service Application”
Now that the “User Profile Service” has started, the next step is to create the “User Profile Service Application” from the CA UI. When we do this, we see the following activities,
1) We do a HTTP POST to the Central Admin Site’s /NewProfileServiceApplicationSettings.aspx file with “CreateNewProfileServiceApplication” parameter.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:https://o14mss-srv:8000/_admin/NewProfileServiceApplicationSettings.aspx?scenarioid=CreateNewProfileServiceApplication&IsDlg=1)
2) We start with creating an Application-Pool for the User Profiles Service Application
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SPIisWebServiceApplicationPool Name=UPASrvAPP. Version: -1 Ensure: False, HashCode: 11644687, Id: 90f0851a-3497-4f5e-88d8-d2cbfaf45ab9
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool.Update()
at Microsoft.SharePoint.WebControls.IisWebServiceApplicationPoolSection.GetOrCreateApplicationPool()
3) We then update the Objects table with each of the databases that we created during the provisioning of the UPA Service.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject ProfileDatabase Name=Profile DB. Version: -1 Ensure: False, HashCode: 2151613, Id: 6e4d6dff-6f48-42c2-8bf8-ae7fd306c4cc
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SynchronizationDatabase Name=Sync DB. Version: -1 Ensure: False, HashCode: 62396789, Id: b2578d3b-3811-47a7-858e-c713cc150e75
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SocialDatabase Name=Social DB. Version: -1 Ensure: False, HashCode: 64676437, Id: 309c639e-e042-4f9d-9ed9-0685c25eb31f
4) In this step we create the databases and provision the schema of the databases.
The database scripts which are located in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\ are used to provision the Profile, Social & the Sync database. Once the databases are created, we update the objects table in the configuration database with this new DB objects.
Note: we just create the blank Sync DB but don’t have any schema for it at this stage.
ProfileDB
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 7t68 High Provisioning the Profile DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\ProfileSRP.sql
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Upgrade fbv7 Medium [w3wp] [ProfileDatabaseSequence] [DEBUG] [8/24/2010 4:11:50 PM]: Executing SQL DDL Script.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject ProfileDatabase Name=Profile DB. Version: 4676 Ensure: False, HashCode: 2151613, Id: 6e4d6dff-6f48-42c2-8bf8-ae7fd306c4cc
SyncDB
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 7t68 High Provisioning the Sync DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\drop_procs.sql.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SynchronizationDatabase Name=Sync DB. Version: 4678 Ensure: False, HashCode: 62396789, Id: b2578d3b-3811-47a7-858e-c713cc150e75
SocialDB
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 7t68 High Provisioning the Social DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\SocialSRP.sql.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Upgrade fbv7 Medium [w3wp] [SocialDatabaseSequence] [DEBUG] [8/24/2010 4:12:04 PM]: Executing SQL DDL Script.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SocialDatabase Name=Social DB. Version: 4680 Ensure: False, HashCode: 64676437, Id: 309c639e-e042-4f9d-9ed9-0685c25eb31f
5) Next the account that is used to provision the UPA is added to the db_owner group of the 3 databases which were created.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Profile DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Sync DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Social DB.
6) Next step is to install User profile localization.
The XML file used while installing the localization is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\PeopleDBLoc.xml
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles 62tn Medium UserProfileLocalizationInstaller.Install (BEGIN)
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles 62to Medium End- FileStream(templateFile = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\PeopleDBLoc.xml, FileMode.Open)
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles 62tv Medium UserProfileLocalizationInstaller.Install (END)
During the User profile localization, we provision the schema of the profile DB and tables like PropertyList & PropertyListLoc get updated.
Verbose ULS logs should be used for details on the tables that are updated.
7) We then install the following timer jobs for the User Profile Application. Note here that the User profile Application name used during this setup is 'UPASrvAPP'. You will observe here that the object name that is installed is “Microsoft.Office.Server.ActivityFeed.ActivityFeedUPAJob”, however the timer job name in UPASrvAPP_ActivityFeedJob.
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.ActivityFeed.ActivityFeedUPAJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject ActivityFeedUPAJob Name=UPASrvAPP_ActivityFeedJob. Version: -1 Ensure: False, HashCode: 44930099, Id: 63d3ad1c-fa71-4d4c-b3b3-d34fd30b6115
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.ActivityFeed.ActivityFeedCleanupUPAJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject ActivityFeedCleanupUPAJob Name=UPASrvAPP_ActivityFeedCleanupJob. Version: -1 Ensure: False, HashCode: 27904457, Id: 0a438c5f-4091-4688-8aba-ee0e269f2b1f
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileChangeCleanupJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject UserProfileChangeCleanupJob Name=UPASrvAPP_UserProfileChangeCleanupJob. Version: -1 Ensure: False, HashCode: 3922893, Id: 252b7f3c-57a7-4192-9f49-95267c49d1fc,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileChangeJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject UserProfileChangeJob Name=UPASrvAPP_UserProfileChangeJob. Version: -1 Ensure: False, HashCode: 46655038, Id: 573bffc2-2437-41f9-9c68-d0387c400066,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileImportJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject UserProfileImportJob Name=UPASrvAPP_ProfileImportJob. Version: -1 Ensure: False, HashCode: 10818822, Id: cac98965-5331-4b65-a6f2-a1f7db7c6372,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.MySiteEmailJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject MySiteEmailJob Name=UPASrvAPP_MySiteSuggestionEmailJob. Version: -1 Ensure: False, HashCode: 45310382, Id: b79887b1-fd09-4c57-9f10-7c4bb8795815,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.Administration.UserProfileApplication+LanguageSynchronizationJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject LanguageSynchronizationJob Name=UPASrvAPP_LanguageSynchronizationJob. Version: -1 Ensure: False, HashCode: 38932675, Id: 4195a48d-041d-405c-8c33-f3a4f3286360,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.Administration.ILMProfileSynchronizationJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject ILMProfileSynchronizationJob Name=UPASrvAPP_ProfileSynchronizationJob. Version: -1 Ensure: False, HashCode: 55305768, Id: 133ceb63-41b0-4a5f-9388-08de6ec54625,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.Audience.AudienceCompilationJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject AudienceCompilationJob Name=UPASrvAPP_AudienceCompilationJob. Version: -1 Ensure: False, HashCode: 60363419, Id: ad941c97-e871-4db2-941c-74ba1e45fddf,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2ni High Installing scheduled job 'Microsoft.Office.Server.SocialData.SocialDataMaintenanceJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SocialDataMaintenanceJob Name=UPASrvAPP_SocialDataMaintenanceJob. Version: -1 Ensure: False, HashCode: 5708714, Id: aa8c4651-be3e-4ee6-81a0-baf324b06ddc,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2nl High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.WSSSweepSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject WSSSweepSyncJob Name=UPASrvAPP_SweepSync. Version: -1 Ensure: False, HashCode: 14950152, Id: 9e5b5276-eb4d-47bc-b03b-f8fa57ec98ca, Stack:
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2nl High Installing scheduled job 'Microsoft.Office.Server.UserProfiles.WSSProfileSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject WSSProfileSyncJob Name=UPASrvAPP_ProfSync. Version: -1 Ensure: False, HashCode: 30901231, Id: a48bf385-9946-4c1d-beda-33bc889ccfb5,
w3wp.exe (0x13AC) 0x1364 SharePoint Portal Server User Profiles f2nl High Installing scheduled job 'Microsoft.Office.Server.SocialData.SocialRatingSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SocialRatingSyncJob Name=UPASrvAPP_SocialRatingSyncJob. Version: -1 Ensure: False, HashCode: 23720487, Id: 57e1fe31-323b-4235-a8ef-bd6b2fd6ba75,
8) After we have finished with the Timer jobs creation, the Service Account is given read access to configuration database and added to the “WSS_Content Application Pool” roles for the SharePoint configuration and Admin databases.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 944s High Granting S-1-5-21-####93##-345###178#-25#####213-#### read access to the configuration database, SharePoint_Config.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, WSS_Content_Application_Pools, in the database, SharePoint_Config.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, WSS_Content_Application_Pools, in the database, SharePoint_AdminContent_10a69e01-7256-40f7-940f-6091b30abc8f.
OWSTimer then takes over from here
9) OWSTimer starts with creating the application pool in IIS for the User profile service application. After creating the application pool, we start with adding service account to IIS_WPG, WSS_SPG and PerformanceMonitorUsers group.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmt5 High Creating new application pool '90f0851a34974f5e88d8d2cbfaf45ab9'.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology 96ft Medium Adding O14NETWORK\spadmin to local group IIS_WPG.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology 96ft Medium Adding O14NETWORK\spadmin to local group WSS_WPG.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology 96ft Medium Adding O14NETWORK\spadmin to local group PerformanceMonitorUsers.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology 9sis Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user O14NETWORK\spadmin
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology 9sit Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user O14NETWORK\spadmin
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmt6 High Application pool '90f0851a34974f5e88d8d2cbfaf45ab9' provisioning complete.
10) We then provision the User Profile service application in IIS under the Web Application – “SharePoint Web Services”. The name of the site in IIS is the GUID itself - 7893b48ca91a4a869ec58af25f298a16.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmu8 High Provisioning application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' with application pool '90f0851a34974f5e88d8d2cbfaf45ab9'.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmu9 High Adding new application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' at physical path 'C:\Program Files\Microsoft Office Servers\14.0\WebServices\Profile'.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmv2 High Setting application pool for application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' to '90f0851a34974f5e88d8d2cbfaf45ab9'.
We enable the HTTP & HTTPS protocol for the UPA Service Application
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology bmv3 High Setting enabled protocols for application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' to 'http,https'.
Last we update the web.config file for the Web Services root saying that UPA service Application is provisioned.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology umav High Updating web service application id to '7893b48c-a91a-4a86-9ec5-8af25f298a16' for web.config 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root\web.config'.
OWSTIMER.EXE (0x0F90) 0x0F88 SharePoint Foundation Topology umaw High Updating web.config 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root\web.config' for web service application 'UPASrvAPP' (7893b48ca91a4a869ec58af25f298a16).
Finally we commit these IIS configuration changes.
After finishing with above steps within owstimer.exe process we shift back to W3wp.exe process and continue from where we left off.
NOTE:
- The service account and the farm account is O14network\Spadmin.
- The default site application pool is running with user account O14network\webAppPoolAcc and the SID info for these accounts are,
O14network\Spadmin (SID S-1-5-21-####93##-345###178#-25#####213-####)
O14network\webAppPoolAcc (S-1-5-##-146#####74-####581781-2#####213-1###)
11) Now we add both the user account O14network\Spadmin & O14network\webAppPoolAcc as DB_Owner for Profile, Sync & Social databases.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Profile DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Sync DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Social DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Profile DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Sync DB.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Database 944r High Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Social DB.
12) We finish up by provisioning the UPA service application Proxy & updating the Proxy Group.
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject UserProfileApplicationProxy Name=UPASrvAPP. Version: 4750 Ensure: False, HashCode: 56602301, Id: d72a5832-4fc7-4b8e-9ce7-5798b30d936c,
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.Provision()
w3wp.exe (0x13AC) 0x1364 SharePoint Foundation Topology 8xqz Medium Updating SPPersistedObject SPServiceApplicationProxyGroup. Version: 4275 Ensure: False, HashCode: 30854021, Id: c629550c-1fbe-4ee2-b81d-bf497578b683,
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPServiceApplicationProxyGroup.Update()
at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.NewProfileServiceSettingsPage.DoCreateApplication()
at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.NewProfileServiceSettingsPage.OnOkButtonClick(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender,
Start the “User Profile Synchronization Service”
NOTE:
1. Owstimer.exe is the process that we use while starting the “User Profile Synchronization Service”.
2. Identity Lifecycle Manager (ILM) is Microsoft Identity Lifecycle Manager Synchronization (formerly known MIIS or Identity Integration Server).
When we start the “User Profile Synchronization Service” from Central Administration,
1) We begin with enabling the “User Profile Synchronization Service” in the services panel.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles erx1 Medium Provisioning service instance User Profile Synchronization Service.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles erx2 Medium The service instance User Profile Synchronization Service is successfully provisioned.
After provisioning the service, we start the setup for the UPA Sync by starting the FIM service. We start the Windows Service “Forefront Identity Manager Synchronization Service” C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe and also update account details under which this service runs.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i1s Medium UserProfileApplication.SynchronizeMIIS: Begin setup for 'UPASrvApp'.
Now, you will observe “ILM Configuration:” in the logs, this shows that the configuration is happening within the FIM component. The logging for this will be more detailed in the FIM logs. SharePoint just calls in FIM component to do the necessary configuration.
NOTE: Enabling Verbose logging for FIM related troubleshooting.
Edit the config file (C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe.config) and
Change
<source name="Microsoft.ResourceManagement" switchValue="Error,ActivityTracing">
to
<source name="Microsoft.ResourceManagement" switchValue="Verbose,ActivityTracing">
And also uncomment the Step1 and Step2 in the Configuration file.
Restart the FIM services and now you should see a file created
C:\Program Files\Microsoft Office Servers\14.0\Service\fimDiagnostics.svclog
Reference: https://msdn.microsoft.com/en-us/library/ff357801.aspx#BKMK_enableDiagnosticTracing
2) We first start by validating the account (service account) that is used and then create the FIM groups.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i1y Medium ILM Configuration: Validating account.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i20 Medium ILM Configuration: Validating the system groups
3) We setup the Windows Management Instrumentation (WMI) in this step which is used for User-based password change management.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i23 Medium ILM Configuration: Setting up WMI
4) Setting the required permissions
In this process we update the service account for the both the FIM services and also update the registry. The registry value for registry key “ObjectName" changes from "LocalSystem" to "O14NETWORK\\spadmin". Here "O14NETWORK\\spadmin" which is the Service account.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i24 Medium ILM Configuration: Setting required permissions
5) Additional actions that take place within ILM are,
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i26 Medium ILM Configuration: Create install config file
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i28 Medium ILM Configuration: Update source project
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i29 Medium ILM Configuration: Changing service account credentials
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles d3bo Medium ILM Configuration: Setting policy for service account
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i2a Medium ILM Configuration: Configuring database
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1e Medium ILM Configuration: Configuring XML file.
6) OWSTimer.exe then restarts the FIM Synchronization Services.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i2b Medium ILM Configuration: Re-starting mms service
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i2d Medium ILM Configuration: Checking mms service
7) We check for the FIM data (which is the SYNC database that was created earlier with the provisioning the user profile service application).
We can also get the details of the FIM DB from the registry "DatabaseName"="Sync DB"
And then we start extending the schema of the SYNC database
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1f Medium ILM Configuration: Checking for existing FIM database.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles eee3 Medium ILM Configuration: Building database.
SQL Profiler trace will show the following:
- 8) We now configure the FIM certificate. You can get to Certificate admin from Start Menu >>RUN>> Type MMC >>File Menu >> Add/Remove Snap-in >>Select Certificates>> Select Computer Account >> Local Computer>>Finish .
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1h Medium ILM Configuration: Configuring certificate.
9) We then update the FIMService & FIMSynchronizationService registry keys.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1g Medium ILM Configuration: Configuring Registry keys.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMSynchronizationService]
10) We open the firewall ports for Resource Management services and the security token service.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1j Medium ILM Configuration: Opening firewall ports.
We open ports for “ILM Web Service – RMS” (Port 5725). Then we open “ILM Web Service – STS” (5726)
"ResourceManagementServiceBaseAddress"=https://localhost:5725
"SecurityTokenServiceBaseAddress"="https://localhost:5726"
11) Next we start the “Forefront Identity Manager Service”.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9q1k Medium ILM Configuration: Starting services.
“Forefront Identity Manager Service”
C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe
12) Next is “Post setup configuration”
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles d3bp Medium ILM Configuration: Post setup configuration.
Here we use the miiskmu.exe (MIISkmu: Encryption Key Management Tool) to export the encryption key.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles g4bk High Synchronization database was not previously initialized. Exporting the encryption key from the registry key to the database
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles g4bm High ILM Configuration: The ExportMiisEncryptionKey process completed successfully
13) We then update the Management Agents that are created and also the credentials for these agents. We can view the Agents created using the MIISClient.exe tool.
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles g136 Medium UpdateILMMA: Updated 'ILMMA' credentials
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles g12z Medium UpdateStoreAndCredentialsForInitialManagementAgents: ILMMachine O14MSS-SRV, Username O14NETWORK\spadmin
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles g131 Medium UpdateStoreAndCredentialsForInitialManagementAgents: Updated 'MOSS-31204da1-48ba-4e23-9833-e59e100c2fb1' credentials
Quick look at the MIISClient.exe and you can see that we have created a Connection in the management Agent of type “Extensible connectivity”.
Note : MiisClient.exe is located here - Drive Letter :\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell
OWSTIMER.EXE (0x0A44) 0x0BC0 SharePoint Portal Server User Profiles 9i1u Medium UserProfileApplication.SynchronizeMIIS: End setup for 'UPASrvApp'.
Once the two Forefront services namely “Forefront Identity Manager Service “& “Forefront Identity Manager Synchronization Service” have started, the UPA service application is provisioned successfully . At this point we need to go to Central Admin & Open up the UPA service application to confirm if it opens up fine.
List of Services & Applications involved during this configuration:
|
|
|
|
|
|
|
|
|
References:
Configuring UPA:
1) Plan for profile synchronization (SharePoint Server 2010)
Directory services supported in SharePoint Server 2010
Permissions
Synchronization connection filters
Profile properties