March 2011 - Posts

I’m adding another entry to my series of posts on User Profile Service Application errors in SharePoint 2010.  This particular error occurs after you pick the Active Directory OUs you want when creating a synchronization connection.  Specifically when trying to save the new connection, you might receive the following error.

Unable to process Create message

There are a variety of causes to it, but I wanted to share my specific resolution today.  I received this error after I went from December 2010 CU to February 2011 CU.  Although, upgrading to the latest CU resolved my error from earlier, it presented the new one I mentioned above.  When I applied the February CU, surprisingly, the User Profile Service did not require reprovisioning.  However, every time I tried to save my synchronization connection, I received the error.  Finally, to resolve the issue, I deleted the User Profile Service application and recreated it.  Once I did that, I restarted UPS and was able to create the connection.

We all know that @Harbars wrote the book when it comes to SharePoint 2010 User Profile Synchronization not to mention how to get it working again.  You need to follow the instructions in these guides word for word when setting up UPS  Many issues are caused by incorrect permissions.   I thought I would share the error you receive when you happen to miss one of the required permissions.  You will find this error in the ULS logs during the provisioning process.  I thought this was worth posting because I couldn’t find anything out there on this error at the time.

UpdateILMMA: Failed to update password. Exception: {1}..  Available parameters: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied   
at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime)   
at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)   
at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints)   
at Microsoft.Office.Server.UserProfiles.Synchronization.MAConfiguration..ctor(Guid resourceIdentifier)   
at Microsoft.Office.Server.UserProfiles.Synchronization.ILMMAConfiguration..ctor(Guid resourceIdentifier)   
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.UpdateILMMA(String databaseServerIlm, String databaseInstanceIlm, String databaseName, String domain, String userName, SecureString password) .

Obviously from the error message some kind of permissions are required that weren’t present, but which ones?  Well in this particular case, it is the result of the farm account not having log on locally permissions (clearly mentioned in Harbars article).  Here are a couple of things to keep in mind.  First, just because you have administrator access during provisioning does not mean you have log on locally permissions.  Second, even if you add the account to the Allow Log on Locally item in Local Security Policy, does not mean you actually have the permission.  In many cases, organizations have service accounts locked out using Group Policy which overrides any Local Security Policy setting. 

If you suspect you might not have permissions, you can verify it in a number of ways.  Although, it is never recommended to login with a farm account, if things aren’t working, you might as well break the rules and try logging in.  Usually, what I do is  go to the SharePoint Management Shell, hold down Shift, and right click the icon to see the Run as different user menu item.  Type the credentials in for your farm account and see if it works.  If you have the right permissions, the PowerShell prompt will open.  If you don’t, you will get an error saying you are denied the right to login (or something to that effect).  Be careful when attempting this because if you lock out your farm account, you will bring your entire SharePoint farm down.

Anyhow, I hope this helps.  I feel the more information on errors I can post, the more it might help people that receive them later.

Recently, when I was trying to configure a User Profile Synchronization Connection in SharePoint 2010, I received the following error message when clicking the Populate Containers button.

Method not found: 'Int32 Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_LdapConnectionTimeout()'.

I double checked my credentials and tried again, but I received the same error message.  After doing a ton of searching on the Internet, the results were pretty much inconclusive.  When I looked at the current patch level of the SharePoint installation, I discovered it was on December 2010 CU.  Having heard enough bad feedback about this particular cumulative update from others, I proceed to update to February 2011.  I installed the update on each server and ran the configuration wizard.   I then proceeded to try the Populate Containers button again.  Sure enough, it worked this time.  If you happen to receive this cryptic error message, try updating to a newer cumulative update to see if it resolves the issue.

I’m excited to be speaking at SPTechCon in Boston this year (June 1 – 3, 2011).  I’ll be giving my talks on ECM as well as Advanced BCS Connectivity.  I’m looking forward to attending and meeting some new people.  If you’re attending the conference this year, be sure and come by and see me!  For a complete list of sessions, see this link.

SPTC_Boston_badge

We’ve been hearing about the new version of SharePoint Online in the cloud under the Office 365 umbrella for some time now, so I was excited when my company (Stonebridge) got our beta invite.  I’m just going to be talking about SharePoint Online today.  I’ll let the smart people who know about Exchange and Lync cover those products. :)  It was really easy to set up.  It prompted me for some basic information including what I want my subdomain to be.  I chose our company name which is used for various URLs throughout the environment.  You can also use your own domain name as well, but that’s beyond the scope of this trial run. 

The first thing you might be wondering is what does it look like.  Well it looks a lot like the SharePoint 2010 you know and love, but there are some differences.  It takes a while for your SharePoint site to be provisioned but you have immediate access to Exchange and Lync.  While SharePoint is being provisioned, you won’t see any links for it in the administration control panel.  You have to wait a while.  Once it does get created, when you visit the URL for your site you get prompted with a somewhat familiar login page.

image

Once you login, you get see a familiar SharePoint site.  In this case I used the blank site template.

image

I mentioned some things are different.  When you go to create a new site, take a look at this:

Office365NewSite

It’s a new addition to the New Site Silverlight application which has featured site definitions.   A new site template is available called the Express Site. This appears to be a new site template based upon the Team Site minus the Calendar, Tasks, and the Discussion Board.

There’s more though.  If I edit the page and choose Add New Web Part, I am welcomed with a new Silverlight application to pick web parts. 

Office365AddWebPart

Take note that there are currently web parts in the list that likely will not work because they use features not available in the cloud.

The Site Collection Settings page looks pretty similar but there are definitely fewer links but I haven’t done a real comparison yet.

Office365SiteCollectionSettings

Search appears to work by itself.  A search center was configured out-of-the-box and I did not have to make any configuration.  There is no direct navigation to it, but you can search from the master page as usual.  Also of note is that there is currently no way to get to the Search Service Application through Central Administration, so you can’t make any configuration changes there.  You can still create scopes at the site collection level.  However, if you want to create your own managed properties, I don’t think there is an option currently.

Speaking of Central Administration.  It doesn’t really exist.  There is an administration site accessible at https://yourname-admin.sharepoint.com but you won’t see the central admin site you know.  It’s a limited tenant-type administration page.  Currently, you can only configure site collections, send to connections, InfoPath Form Services, User Profile Service Application, and the Managed Metadata Term Store.  Clicking on any of the links will bring you to familiar screens to manage those components.

Office365TenantAdministration

If you are like me, you probably have had questions about SharePoint Online and other aspects of Office 365.  Here are the answers to a few questions that I think many of us have had.

Q: Do I have remote desktop or file system access to my SharePoint server?

A: No.  From what I can tell, you have no physical access to the server whatsoever.  If you can’t make the configuration change using the web browser or Visual Studio, it’s not going to happen.

Q: How do users login?  Do they need different usernames and passwords?

A: Accounts can be created manually or they can be bulk uploaded via CSV file.  You can also synchronize accounts with your on-premises Active Directory.  This creates copies of the user accounts and allows global address list synchronization in Exchange  You can also setup identity federation and use Active Directory Federation Services (ADFS 2.0) to authenticate into Office 365 as well.  I think both of these options provide the same functionality, but it sounds like there is more work involved in the setup.  It sounds like a better solution though.

Q: Can I develop custom applications using Visual Studio?

A: Yes, but you can use Sandboxed Solutions.  You have to develop the solution on a local SharePoint server and then manually upload the solution package to the Solutions gallery in “the cloud”.

Q: Can I host anonymous sites?

A: I would love to know the answer to that myself.  I haven’t seen an option.  I hope so.

Q: Can I create multiple web applications?

A: By the looks of it, you don’t have the ability to add additional web applications.  I could be wrong though and I just haven’t figure out how to do it yet.

Q: Can you use PowerShell?

A: I know you can use PowerShell remoting for Exchange tasks.  I’m unsure if SharePoint is supported or not.

Q: Is Feature X supported in SharePoint Online?

A: I always refer to this document to determine what is and is not supported in SharePoint Online.

Q: Is SharePoint Designer supported?

A: I connected to the site and it appears to work fine.

That’s it for now.  I plan on posting more specifics on the things you can do in SharePoint Online in subsequent posts.  This post was based on publically available information.