UPS - going in circles!
ok I'll do my best to explain but I've hit so many obstacles and gone round in circles it may end up being bullet points!
I suspect UPS sync is not doing it's thing. I see this status on the user profile page in central admin:
Profile Synchronization Settings
User Profile Sync is not currently provisioned.
Synchronization Schedule (Incremental) Every day at 01:00 a.m.
So I start to see what I need to do to get it up and runing.
I try to click create connection but get "unable to navigate to that page while sync in progress"
I read some more I see that sp2010 uses FIM to do syncs. I check the 2 services - both disabled. I enable them and set logon to be the farm account.
I reset IIS
Back to the screen, still can't create a connection.
Back to services and realise I hadn't started them FIM service and FIM sync service... so I try
Cannot start service error 2 file cannot be found
back to Google to read that the UPS service should be stopped before trying to start FIM services.
Can't stop the service - the service cannot accept control messages at this time.
am I in and endless loop? help!
SP enterprise upgraded (in place) from MOSS 2007.
1x WFE 1 x SQL Server (different servers)
I suspect UPS sync is not doing it's thing. I see this status on the user profile page in central admin:
Profile Synchronization Settings
User Profile Sync is not currently provisioned.
Synchronization Schedule (Incremental) Every day at 01:00 a.m.
So I start to see what I need to do to get it up and runing.
I try to click create connection but get "unable to navigate to that page while sync in progress"
I read some more I see that sp2010 uses FIM to do syncs. I check the 2 services - both disabled. I enable them and set logon to be the farm account.
I reset IIS
Back to the screen, still can't create a connection.
Back to services and realise I hadn't started them FIM service and FIM sync service... so I try
Cannot start service error 2 file cannot be found
back to Google to read that the UPS service should be stopped before trying to start FIM services.
Can't stop the service - the service cannot accept control messages at this time.
am I in and endless loop? help!
SP enterprise upgraded (in place) from MOSS 2007.
1x WFE 1 x SQL Server (different servers)
jessc7
What state is your User Profile Synchronization Service in? Look in Central Administration (Not Windows Services), under Manage services on server. Based on your post, it should be "Stopped" or "Starting".
I'll echo jesse. NEVER start the FIM services through services.msc. Stop them and put them back to disabled.
You need to start the User Profile Sync service through Central Admin - Services on Server.
You need to start the User Profile Sync service through Central Admin - Services on Server.
Yes, starting from Central Admin is what provisions the services, including setting up the FIM Windows Services. It may take ~15 minutes to start the first time, as it provisions out.
You need to determine if you can start it through Central Admin, or if it gets stuck on "Starting" or goes directly to "Stopped."
That will help provide next steps.
You need to determine if you can start it through Central Admin, or if it gets stuck on "Starting" or goes directly to "Stopped."
That will help provide next steps.
ASKER
It says starting for a few minutes then goes back to stopped
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If not, add it, and try again.
ASKER
I'll check when back Monday but would be amazed if it wasn't especially as the sync seemed to work ok until a while back (since the upgrade I'm guessing)
Another thing to consider - you may need to reprovision the User Profile service. See this:
http://www.harbar.net/articles/sp2010ups2.aspx#ups9
There are also other troubleshooting scenarios on that page as well. Good resource.
http://www.harbar.net/articles/sp2010ups2.aspx#ups9
There are also other troubleshooting scenarios on that page as well. Good resource.
ASKER
I rebooted the server as it's doing some strange things. The 2 FIM services disabled themselves.
I searched for manage services on server while I was RDPd to it thinking I was going blind! I had to RDP to a different server and go to central admin to see it? Same account used so no idea why it wasn't there.
Anyways now when I click start it starts!
I go to manage profile services and the status is synchronizing.
I tried so many things I'm not sure what fixed it. I did reboot but then the network admin had donethat 2 days prior. Still no connection defined. I guess it finds AD by itself.
No idea how long it will take or how I can confirm that it's behaving, current stage is sharepoint server import(0) whatever that means
I searched for manage services on server while I was RDPd to it thinking I was going blind! I had to RDP to a different server and go to central admin to see it? Same account used so no idea why it wasn't there.
Anyways now when I click start it starts!
I go to manage profile services and the status is synchronizing.
I tried so many things I'm not sure what fixed it. I did reboot but then the network admin had donethat 2 days prior. Still no connection defined. I guess it finds AD by itself.
No idea how long it will take or how I can confirm that it's behaving, current stage is sharepoint server import(0) whatever that means
ASKER
Ok that went through the motions without actually importing anything happening. But now I can add a connection (which I have) and started a full sync. Now sitting at active directory import(0)
ASKER
Back again :)
This is starting to feel more like a blog than a question!
No luck with the above so this time I specified the actual DC rather than let it try to find it.
Ran it again.
Got the error that it errored on an unexpected step.
Back to Google.
One thing about this mission, I am certainly learning alot more than I would have if I flicked the switch and it worked.
Opened up uls viewer and didn't get much more than that so opened miisclient.exe and found out that the account didn't have replication rights for AD.
So I guess I am going to have to ask the network admin to grant this access for the farm account and maybe, just maybe, I will finally get there!
This is starting to feel more like a blog than a question!
No luck with the above so this time I specified the actual DC rather than let it try to find it.
Ran it again.
Got the error that it errored on an unexpected step.
Back to Google.
One thing about this mission, I am certainly learning alot more than I would have if I flicked the switch and it worked.
Opened up uls viewer and didn't get much more than that so opened miisclient.exe and found out that the account didn't have replication rights for AD.
So I guess I am going to have to ask the network admin to grant this access for the farm account and maybe, just maybe, I will finally get there!
There are specific permissions you need to apply on Active Directory for SharePoint 2010 to be able to import. This is different than it was with SharePoint 2007.
Here are the steps from TechNet:
Grant Active Directory Domain Services permissions for profile synchronization (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/hh296982.aspx
NOTE: Don't follow the steps for "Grant Create Child Objects and Write permission" unless you want to allow SharePoint 2010 to be able to write back to Active Directory.
Here are the steps from TechNet:
Grant Active Directory Domain Services permissions for profile synchronization (SharePoint Server 2010)
http://technet.microsoft.com/en-us/library/hh296982.aspx
NOTE: Don't follow the steps for "Grant Create Child Objects and Write permission" unless you want to allow SharePoint 2010 to be able to write back to Active Directory.
You may also want to set up exclusion filters, to filter out certain accounts. For example, you may want to exclude disabled user accounts.
Here's a good post on exclusion filters:
Creating User Profile Synchronization Exclusion Filters using the userAccountControl attribute
http://www.harbar.net/archive/2011/02/22/323.aspx
Here's a good post on exclusion filters:
Creating User Profile Synchronization Exclusion Filters using the userAccountControl attribute
http://www.harbar.net/archive/2011/02/22/323.aspx
ASKER
Thanks for those 2 links, great help especially the filtering which I would have never got bitwise=2 etc.
In fact I never would have got anywhere near this stage without your help.
Did a incremental sync after setting the filter to userAccounctControl bit on equals 2 OR userAccounctControl bit on equals 17 and let it go. Now I see user profiles 707. This org has at most 300 current users. It looks like it has brought through service accounts and other non-human stuff despite the filter 17.
I checked out one user who was shown as account name and he now shows as his display name (excellent) but 2 other users still show as account names (no idea why)
This would be the first sync since the upgrade so it recommends doing a users only followed by users/groups so I'll do that.
But should I do a full? I see the page has warning about being absolutely sure and other scary stuff. Is it safe?
In fact I never would have got anywhere near this stage without your help.
Did a incremental sync after setting the filter to userAccounctControl bit on equals 2 OR userAccounctControl bit on equals 17 and let it go. Now I see user profiles 707. This org has at most 300 current users. It looks like it has brought through service accounts and other non-human stuff despite the filter 17.
I checked out one user who was shown as account name and he now shows as his display name (excellent) but 2 other users still show as account names (no idea why)
This would be the first sync since the upgrade so it recommends doing a users only followed by users/groups so I'll do that.
But should I do a full? I see the page has warning about being absolutely sure and other scary stuff. Is it safe?
ASKER
ignore bit about some users still showing as account name, must have needed a few minutes to filter through. All fine now.
ASKER
Awesome help, answered my question and helped me to learn about UPS along the way. many thanks!
Glad you got it going! Many hours have been spent by many a SharePoint admin getting User Profile Sync working. :)
ASKER
I'm almost glad I had to go through it. Best way to learn IMO.
But as I'm finding with Sharepoint, one thing fixed means another thing pops up in it's place!
New question time
But as I'm finding with Sharepoint, one thing fixed means another thing pops up in it's place!
New question time