Application Log Warning - ILM Certificate Could not be Created
If you see these either or both of the warnings messages below in your Application Event Logs after provisioning the SharePoint 2010 User Profile Synchronization Service (ILM/FIM), don’t be concerned. These warnings are thrown when the ILM/FIM client is trying to ACL the two endpoints it creates, but since the User Profile Synchronization Service has already provisioned on the server, they are already ACL’d and the execution returns a non-zero return value, which is why the event log entry is created. Yes, I agree with you, we should have thought of this test case and had the code ignored it, but I didn’t write the product, I only support it.
As you can see from the warning messages below, the commands being executed are:
netsh http add urlacl url=https://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834
104-1389553038-1153)netsh http add urlacl url=https://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834
104-1389553038-1153)
If you were to run these commands from a command prompt, you would see this message for each execution:
Url reservation add failed, Error: 183
Cannot create a file when that file already exists.
If you would like to confirm they are ACL’d correctly, you can execute:
netsh http show urlacl
The output will list all the endpoints and their ACLs, the two endpoints you are be concerned about for this case look like the following:
Reserved URL : https://+:5725/
User: LAB\sp2010farmadmin
Listen: Yes
Delegate: Yes
SDDL: D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)Reserved URL : https://+:5726/
User: LAB\sp2010farmadmin
Listen: Yes
Delegate: Yes
SDDL: D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)
If you see these endpoints and your farm account listed, you can safely ignore the event log warnings.
Example of the two warning messages in your application event log:
Log Name: Application
Source: ILM Web Service Configuration
Date: 2/1/2012 5:35:55 PM
Event ID: 234
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.COM
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=https://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)
Event Xml:
<Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ILM Web Service Configuration" />
<EventID Qualifiers="0">234</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-01T23:35:55.000000000Z" />
<EventRecordID>37475</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER.DOMAIN.COM</Computer>
<Security />
</System>
<EventData>
<Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=https://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)</Data>
</EventData>
</Event>
Log Name: Application
Source: ILM Web Service Configuration
Date: 2/1/2012 5:35:55 PM
Event ID: 234
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.COM
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=https://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)
Event Xml:
<Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ILM Web Service Configuration" />
<EventID Qualifiers="0">234</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-01T23:35:55.000000000Z" />
<EventRecordID>37474</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER.DOMAIN.COM</Computer>
<Security />
</System>
<EventData>
<Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=https://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)</Data>
</EventData>
</Event>
Comments
Anonymous
April 30, 2013
www.cleverworkarounds.com/.../more-user-profile-sync-in-sp2010-certificate-provisioning-issuesAnonymous
April 25, 2014
Thanks, great info. Saved me a lot of further digging or wondering.Anonymous
June 25, 2014
Hello, I am having a strange issue with the User Profile Service. If I select Manage User Properties I get the error: Your search encountered an error. If the problem persists, contact the portal site administrator. After some troubleshooting I could not identify a fault so I decided to recreate the User Profile Service. I deleted everything including the databases and started again. I have created a new User Profile Service and everything looked fine when I click on Manage User Properties the properties showed correctly. When I then started the Sync service the error returned. If I stop the sync service the error goes away. I have looked at the ULS logs etc and I cannot see any errors that jump out at me. Any advice would be appreciated.