Sharepoint 2010 Add-Spprofilleader failed User has a Manager

SharePoint 2010 SP2 64 bit Farm
Windows 2012 R2 64 Bit
Windows 2003 Active Directory Domain

Trying to add another profile leader using the command below. I have added another profile leader successfully
But for some reason this account thinks it has a manager

PS C:\> $upaproxy = get-spserviceapplicationproxy 898a761d-8bf1-4bdd-bd7c-9ee19838906d
PS C:\> Add-SPProfileLeader -ProfileServiceApplicationProxy $upaProxy -Name "mydom\spfarm"

Confirm
Are you sure you want to perform this action?
Performing operation "Add-SPProfileLeader" on Target "mydom\spfarm".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y
Failed. User 'mydom\spfarm' has a manager.
PS C:\>

I ran a powershell AD queury

PS C:>  Get-ADUser -Filter * -Properties * | Select Name, Enabled, PasswordExpired, Manager, MemberOf | Export-Csv "c:\AllUsers.csv"
PS C:>


It also showed a blank Manager field.

At one point this account did have a manager assigned but I removed it from using the AD interface.

Any thoughts?
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas GrassiSystems AdministratorAuthor Commented:
Update

Today I tried to run a profile Synchronization manually which it ran  but I got these two errors

Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          6/16/2015 1:12:02 PM
Event ID:      6398
Task Category: Timer
Level:         Critical
Keywords:      
User:          mydom\spfarm
Computer:      serv013.fqdn.com
Description:
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID beb73004-85d4-4712-9735-4402fcb9856c) threw an exception. More information is included below.

Operation is not valid due to the current state of the object.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
    <EventID>6398</EventID>
    <Version>14</Version>
    <Level>1</Level>
    <Task>12</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-16T17:12:02.230693000Z" />
    <EventRecordID>22480</EventRecordID>
    <Correlation ActivityID="{59159F8F-F409-4C32-8251-9F0DD16F9A9F}" />
    <Execution ProcessID="12652" ThreadID="7980" />
    <Channel>Application</Channel>
    <Computer>serv013.fqdn.com</Computer>
    <Security UserID="S-1-5-21-3054588571-1341459584-784128302-3142" />
  </System>
  <EventData>
    <Data Name="string0">Microsoft.Office.Server.UserProfiles.UserProfileImportJob</Data>
    <Data Name="string1">beb73004-85d4-4712-9735-4402fcb9856c</Data>
    <Data Name="string2">Operation is not valid due to the current state of the object.</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Microsoft-SharePoint Products-Web Content Management
Date:          6/16/2015 1:12:36 PM
Event ID:      7362
Task Category: Publishing Cache
Level:         Warning
Keywords:      
User:          mydom\spfarm
Computer:      serv013.fqdn.com
Description:
Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources.
 To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl'. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
 Additional Data:
 Current default super user account: SHAREPOINT\system
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-SharePoint Products-Web Content Management" Guid="{0119F589-72D7-4EC3-ADF5-1F082061E832}" />
    <EventID>7362</EventID>
    <Version>14</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-16T17:12:36.656972000Z" />
    <EventRecordID>22481</EventRecordID>
    <Correlation ActivityID="{9A26ED6B-83C1-451B-B629-DE3087B18795}" />
    <Execution ProcessID="9608" ThreadID="3592" />
    <Channel>Application</Channel>
    <Computer>serv013.fqdn.com</Computer>
    <Security UserID="S-1-5-21-3054588571-1341459584-784128302-3142" />
  </System>
  <EventData>
    <Data Name="string0">SHAREPOINT\system</Data>
  </EventData>
</Event>

Related ?
0
Thomas GrassiSystems AdministratorAuthor Commented:
Update

The Event Id 6398 appears daily at 1:00 AM from this Timer Job
User Profile Service Application - User Profile Incremental Synchronization

Maybe this will help
0
martushaProduct managerCommented:
I had few year ago the same issue with failing UserProfileSync timer job.
This helped me, so hope it helps you too:

1. Set up FIM service start up mod to Automatic (Delayed Start)
2. grant the Network Service account basic “Read & Execute/List folder contents/Read” permissions to the “%ProgramFiles%\Microsoft Office Servers\14.0″ directory for SharePoint 2010
3. Run Profile Sync

reference: https://sharepoint4admin.wordpress.com/2014/09/27/critical-error-6398-with-user-profile-synchronization-timer-job/

PS: regarding deleted manager in AD, try to run Full Profile Syncronization.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Thomas GrassiSystems AdministratorAuthor Commented:
Martshu

Which service I have two FIM

PS C:\Users\administrator> get-service -name fim* |fl


Name                : FIMService
DisplayName         : Forefront Identity Manager Service
Status              : Running
DependentServices   : {}
ServicesDependedOn  : {}
CanPauseAndContinue : False
CanShutdown         : True
CanStop             : True
ServiceType         : Win32OwnProcess

Name                : FIMSynchronizationService
DisplayName         : Forefront Identity Manager Synchronization Service
Status              : Stopped
DependentServices   : {}
ServicesDependedOn  : {winmgmt}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : False
ServiceType         : Win32OwnProcess

Which one?
0
martushaProduct managerCommented:
FIMSynchronizationService
I specially checked this on my SP2010 server:
 FIM services
And it is stopped on your server! Should be running.
Check in Central Admin services if both UPS services are running.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martshu


And it is stopped on your server! Should be running.
 Check in Central Admin services if both UPS services are running.


Ok got it  Made that change and now both  FIM services are running on Server
Both UPS servies are running in Central Admin services

Now I am getting Event ID 3 and Event ID 234  over and over

Log Name:      Application
Source:        FIMSynchronizationService
Date:          7/2/2015 8:36:44 AM
Event ID:      2001
Task Category: Server
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
The service was started successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="16384">2001</EventID>
    <Level>4</Level>
    <Task>6</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:36:44.000000000Z" />
    <EventRecordID>27988</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      Application
Source:        ILM Web Service Configuration
Date:          7/2/2015 8:36:48 AM
Event ID:      234
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
ILM Certificate could not be created: Cert step 2 could not be created: C:\Program Files\Microsoft Office Servers\14.0\Tools\MakeCert.exe -pe -sr LocalMachine -ss My -a sha1 -n CN="ForefrontIdentityManager" -sky exchange -pe -in "ForefrontIdentityManager" -ir localmachine -is root
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ILM Web Service Configuration" />
    <EventID Qualifiers="0">234</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:36:48.000000000Z" />
    <EventRecordID>27989</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ILM Certificate could not be created: Cert step 2 could not be created: C:\Program Files\Microsoft Office Servers\14.0\Tools\MakeCert.exe -pe -sr LocalMachine -ss My -a sha1 -n CN="ForefrontIdentityManager" -sky exchange -pe -in "ForefrontIdentityManager" -ir localmachine -is root</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        ILM Web Service Configuration
Date:          7/2/2015 8:36:49 AM
Event ID:      234
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5725/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ILM Web Service Configuration" />
    <EventID Qualifiers="0">234</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:36:49.000000000Z" />
    <EventRecordID>27990</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5725/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        ILM Web Service Configuration
Date:          7/2/2015 8:36:49 AM
Event ID:      234
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ILM Web Service Configuration" />
    <EventID Qualifiers="0">234</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:36:49.000000000Z" />
    <EventRecordID>27991</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:37:16 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
System.Data.ConstraintException: Schema validation failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:37:16.000000000Z" />
    <EventRecordID>27994</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>System.Data.ConstraintException: Schema validation failed.</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:37:16 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:37:16.000000000Z" />
    <EventRecordID>27995</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:38:01 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
System.Data.ConstraintException: Schema validation failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:38:01.000000000Z" />
    <EventRecordID>27996</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>System.Data.ConstraintException: Schema validation failed.</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:38:01 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:38:01.000000000Z" />
    <EventRecordID>27997</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:39:01 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
System.Data.ConstraintException: Schema validation failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:39:01.000000000Z" />
    <EventRecordID>27998</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>System.Data.ConstraintException: Schema validation failed.</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Forefront Identity Manager
Date:          7/2/2015 8:39:01 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-02T12:39:01.000000000Z" />
    <EventRecordID>27999</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</Data>
  </EventData>
</Event>


What missing?

Thanks
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Now I remember why that service was stopped it causes all the errors above


Any ideas on the Event Id 3 and 234?
0
martushaProduct managerCommented:
Could you check ULS log for related issue? maybe there will be more explanation.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

I found this for the 234 error

https://nanddeepnachantechtalks.wordpress.com/2012/05/30/sharepoint-2010-troubleshooting-user-profile-synchronization/

Going thru that now

Event 3 is the problem

Where are the ULS logs?
0
martushaProduct managerCommented:
Event Is3 could be if in central admin under UPS service applicaiton administrators are inserted AD users or groups wich has a blank somewhere in a name field of this account in AD.
0
martushaProduct managerCommented:
For SharePoint 2010, by default, ULS log is at
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS
0
Thomas GrassiSystems AdministratorAuthor Commented:
ULS Log

07/02/2015 08:39:01.37       OWSTIMER.EXE (0x26E0)                         0x2BC8      SharePoint Portal Server            User Profiles                       a3y3      High          UserProfileApplication.SynchronizeMIIS: Error updating users with FIM permissions: Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Unable to process Create message     at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()     at Microsoft.Office.Server.Administration.UserProfileApplication.UpdateFIMUser(SchemaManager schemaManager, String userName, String accountName, String domain, Byte[] userSid)     at Microsoft.Office.Server.Administration.UserProfileApplication.SynchronizeMIISAdminsList(Hashtable htPermittedUsers)     at Microsoft.Office.Server.Administration.UserProfileApplication.SetupProfileSynchronizationEnginePermissions().      ad58b42d-50df-4831-b915-e0089b8f9186


I started FIM at 8:36 AM




Event Is3 could be if in central admin under UPS service applicaiton administrators are inserted AD users or groups wich has a blank somewhere in a name field of this account in AD.

Is this what you mean I see several Account names with blanks in them

What do we do about that
Sharepoint-Admin-for-UPS.png
0
martushaProduct managerCommented:
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Page not found

bad link?
0
martushaProduct managerCommented:
For me it is working. Coping from it:

After a lot of research, verbose logging, and the use of this usefull utility founded on Codeplex (FIMQueryTool - thanks a lot to the author), I was able to have more datail about the Failing Request.

 The problem was related to a recently change of the permission of my SharePoint User Profile Service Application.

 Basically I've garanted "Edit Profile permission" to a specific Active Directory Security Group.

This AD Security Group contains a blank in "PreWindows 2000 Name".

 This blank was causing FIM Service to fail in validating Schema during the process of the Request related to this AD Group.

Removing the blank will fix everything.

Also the another related link http://sharepointholygrail.blogspot.com/2014/05/sharepoint-2010-user-profile-service.html
0
martushaProduct managerCommented:
I do not like your "sp farm" account with space...
0
Thomas GrassiSystems AdministratorAuthor Commented:
Should I rename all those account in Active Directory?
0
Thomas GrassiSystems AdministratorAuthor Commented:
Also the last link I can not open either

Also the another related link http://sharepointholygrail.blogspot.com/2014/05/sharepoint-2010-user-profile-service.html
0
martushaProduct managerCommented:
Is your spfarm account only have a display name with space, but username without space? Then I think you could fix that in AD. And also for "sharepoint service" . But if you have a usename with space, when renaming it could get to more problems with a sharepoint farm...
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Update

I checked in Active Directory SP Farm that account has no spaces SPFARM the SP FARM is the Display Name

Same for Sharepointservice just the display name

Is that the problem

Should I change the display names?
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

I changed all the display names now no spaces listed
I remove my account from the list too not needed.

This should take care of the 3 error correct?

What about the 234 error?
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Upddate

Restarted the UPS and no Error 3 the blank  display names was the issue.

Still getting event 234

Thoughts
0
martushaProduct managerCommented:
Good morning,

Here is the solution to event 234 with description:
ILM Certificate could not be created: Cert step 2 could not be created: C:\Program Files\Microsoft Office Servers\14.0\Tools\MakeCert.exe -pe -sr LocalMachine -ss My -a sha1 -n CN="ForefrontIdentityManager" -sky exchange -pe -in "ForefrontIdentityManager" -ir localmachine -is root

http://www.cleverworkarounds.com/2010/08/15/more-user-profile-sync-in-sp2010-certificate-provisioning-issues/

According to this http://blogs.msdn.com/b/josrod/archive/2014/04/25/10263701.aspx , for Events 234 with description like:

ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5725/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)

and

ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=OUR\spfarm sddl=D:(A;;GA;;;S-1-5-21-3054588571-1341459584-784128302-3142)

If you see these endpoints and your farm account listed, you can safely ignore the event log warnings.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

I saw that article in my research  thanks

I will delete the FIM  certificates  then will see on next restart.

I did not get a 6398 last night so that error was because the FIM services were not started that one is ok not

I did get this error tho

Log Name:      Application
Source:        FIMSynchronizationService
Date:          7/3/2015 1:00:04 AM
Event ID:      6125
Task Category: Management Agent Run Profile
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV013.FQDN.com
Description:
The management agent "MOSS-a65b9b2e-c296-4f18-b726-491009168484" completed run profile "MOSS_DELTAIMPORT_61bcf4c0-3d4b-4fca-a845-8aa0e27595b3" with a delta import step type before completing a full import.
 
 User Action
 Run the management agent with a step type of full import.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="32768">6125</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-03T05:00:04.000000000Z" />
    <EventRecordID>28332</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>MOSS-a65b9b2e-c296-4f18-b726-491009168484</Data>
    <Data>MOSS_DELTAIMPORT_61bcf4c0-3d4b-4fca-a845-8aa0e27595b3</Data>
  </EventData>
</Event>

Run the management agent with a step type of full import.
How do I do this?
0
martushaProduct managerCommented:
Did you run full user profile sync? If no, run it.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

No I only run the incremental sync that is what is scheduled I guess you need to run a full one first correct.

Also I was looking at the "Central Administration : Manage Profile Service: User Profile Service Application " and saw the Active Directory was not listed in the statistics see image attached.

Do I need to go here "Central Administration : Synchronization Connections " and create a new connection" for active directory"

Thoughts
Sharepoint-2010-User-Profile-Service-App
0
Thomas GrassiSystems AdministratorAuthor Commented:
Guys

PS C:\> $upaproxy = get-spserviceapplicationproxy 898a761d-8bf1-4bdd-bd7c-9ee19838906d
 PS C:\> Add-SPProfileLeader -ProfileServiceApplicationProxy $upaProxy -Name "mydom\spfarm"

Now worked

Had to create new connection  
Central Administration : Synchronization Connections

setup SharePoint 2010 to talk to Active Directory.  

Yes it needed a full sync also.

Had a few errors doing the full sync after I added this new connection

I will test later doing more sync's if the errors still happen then I will post new question.

We got it guys
0
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha


Thanks for all your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.