Microsoft Land

Archive for the ‘Service Applications’ Category

SPPersistedObject Could not be updated becuase the current user is not a farm administrator Microsoft.SharePoint.Administration.SPWebService.ContentService.RemoteAdministratorAccessDenied

Posted by: on: July 27, 2012

We are working a Self Service SharePoint Site Creation Web Part which allows users to create a site by filling in a Form with the information about the content database / site collection / managed path / list of administrators etc., and upon approval perform the logic to create the Web with the information given by the user.

SPPersisted Object could not be updated because the current user is not a Farm Administrator.

I know that the creation process is running under an account which is a farm administrator. After detailed look at the event logs (Detailed level Verbose enabled), found that we can resolve this with a simple Power Shell script.

[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”) > $null
[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint.Administration”) > $null
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$contentService.RemoteAdministratorAccessDenied = $false
$contentService.Update()

Tags: , , ,

SharePoint – Active Directory – 2 way & 1 way Replication

Posted by: on: January 4, 2012

I am sure many Server Administrators / HR department will be initially worried about exposing the user profile information from Active Directory to SharePoint (when we especially say we are going to replicate / synchronize) and ask to do required configuration at the Active Directory end.

This is becuase of the reason that updating the user profile information in SharePoint could overwrite the updates in Active Directory which leads to a scenario where HR / Active Directory Server administrators will loose control over it.

SharePoint / User Profile Service is capable of handling both Uni-Directional and Bi-Directional Replication of the user profiles between Active Directory and SharePoint.

When we configure the user profile service initially all the Mapped User Profile Properties are by default configured as “Import” (Uni-Directory).  This makes that only the changes in Active Directory will be replicated into the SharePoint user profile store.  Any changes done by the users / administrators at the SharePoint end will get overridden by AD changes when the Sync service runs.  We can make the changes update back to Active Directory by Editing the user profile properties and configuring the Mapping as “Export” between the SharePoint User Profile Property and Active Directory Mapped Property.

This ability will also help us in creating custom properties in active directory for user profiles which can be managed through SharePoint, thus those properties can be consumed in other systems for various business functions.  Remember the size limit of each user profile property (7500 bytes and 3600 for double byte types) when exporting them back to Active Directory.

Tags: , ,

Replication access was denied error code 8453

Posted by: on: January 4, 2012

First of all Happy New Year to everyone.

I am actually trouble shooting one of the SharePoint 2010 newly setup Service Farm which is causing issues during Replicating the user profile from Active directory.

When i looked at the Error Log and details it shows me

Replication access was denied error code with an error code 8453

When i look at the event log on the service to see what the problem is i found a error message which took me to the next step.  Refer to the link to continue to that error message and resolution.

Tags: , , , ,

The management agent “” failed on run Profile “DS_DELTAIMPORT” because of connectivity issues

Posted by: on: January 4, 2012

First of all Happy New Year to everyone.

I am actually trouble shooting one of the SharePoint 2010 newly setup Service Farm which is causing issues during Replicating the user profile from Active directory.

This is the error that i found in the Event Viewer that is related to the User Profile Synchronization Service.

The management agent “” failed on run Profile “DS_DELTAIMPORT” because of connectivity issues. View the management agent run history for details

Refer this link to debug the issue from management agent.

Tags: , , ,

Unable to connect to the Synchronization Service, Synchronization service manager (miisclient.exe)

Posted by: on: January 4, 2012

First of all Happy New Year to everyone.

I am actually trouble shooting one of the SharePoint 2010 newly setup Service Farm which is causing issues during Replicating the user profile from Active directory.

Background

When you configure the User Profile service successfully, there are two services related to Forefront Identity manager that will automatically be started on the server on which User Profile Service is Configured.  You don’t need to start them manually (actually you should not), and they will be configured automatically when you configure the User Profile Service.  They are

Forefront Identity Manager (User Profile Service in SharePoint Service Applications) and Forefront Identity Manager Synchronization Service (User Profile Synchronization Service in SharePoint Service Applications).  The Synchronization Service is the key one which does the Sync between the Active Directory and SharePoint while User Profile Service is the one which managed the show from SharePoint standpoint.

The Physical path of the Sync Service is C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miisclient.exe.

Issue

So, to debug the issue when i launch it to see what the actual error is (it shows a great detailed level of logging on what it is doing)

Unable to connect to the Synchronization Service.

Some possible reasons are: 1) The service is not started. 2) Your account is not a member of a required security group.

I double checked that the User profile administrative account is in the required secuirty groups on that Server from which the Sync Service is running.  And the service is running properly.  So the next issue is issue with the Active Directory.

Refer to the link on how to resolve that issue at Active Directory end.

Tags: , , , ,

Troubleshooting SharePoint user profile service – Replicate Directory Changes

Posted by: on: January 4, 2012

First of all Happy New Year to everyone.

I am actually trouble shooting one of the SharePoint 2010 newly setup Service Farm which is causing issues during Replicating the user profile from Active directory.

One simple step that the Administrator of the Farm who installed it forgot was, giving the “Replicate Directory Changes” permission to the user account which is configured as the administrative account for the User Profile Service Application. In order to make the Fore Front Identity Manager properly do it’s job of replicating the content this permission has to be given to the account which is the administrative account that does the replication BETWEEN the active directory and SharePoint.

Login to the Active Directory Server (i am assuming Windows 2008 R2) and perform the following steps to give the permissions.

1) Launch “Active Directory Users and Computers”

2) Right click on the domain which needs to be replicated and click on properties.

3) Click on “Delegate Control”, Add the User Profile administrative account user and click on next.

4) Make sure ”This folder, existing objects in the folder and Creation of new objects in the folder” radio button is selected and click on Next

5) “General” checkbox is checked by default, and from the list of permissions select “Replicating Directory Changes” checkbox and click on next and finish.

This will grant the administrative account to perform the replication of the objects between Active Directory and SharePoint.

Tags: , , , , ,

My Tweets

Blog at WordPress.com.

Theme: Albeo by Design Disease.

Follow

Get every new post delivered to your Inbox.

Join 119 other followers