Non è possibile creare una connessione di sincronizzazione dei profili utente

Question

Ho un nuovo server farm SharePoint 2010 che sto cercando di configurare. L'installazione è andato benissimo. Ma sto avendo difficoltà a raggiungere i profili utente per l'importazione.

Ho creato l'applicazione di servizio profili utente, e i due servizi profilo utente sono in esecuzione. Tuttavia, ogni volta cerco di creare una connessione di sincronizzazione per i nostri server AD, sto ottenendo il seguente errore: "L'operazione è stata interrotta perché è stato superato il limite di timeout lato client".

Nei registri di SharePoint, quando ho filtro in base l'ID di correlazione, ottengo i seguenti messaggi:

Name=Request (POST:http://poc-bi-sp:8080/_layouts/EditDSServer.aspx?ApplicationID=b24e2e83%2D4d0a%2D4015%2D9f02%2D7969967e9733)
Site=/
LoadConnections failed trying to fill the connections list. Most likely during RetriveResources because of permissions --- {1}.  Available parameters: System.ServiceModel.EndpointNotFoundException: Could not connect to http://poc-bi-sp:5725/ResourceManagementService/MEX. TCP error code 10061: No connection could be made because the target machine actively refused it 10.32.8.190:5725.  ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.32.8.190:5725     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& sock...
...et, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)     at System.Net.HttpWebRequest.GetRequestStream()     at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()     --- End of inner exception stack trace ---    Server stack trace:      at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()     at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.RequestChannel.Request...
...(Message message, TimeSpan timeout)     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at System.ServiceModel.Description.IMetadataE...
...xchange.Get(Message request)     at Microsoft.ResourceManagement.WebServices.MetadataClient.Get(String dialect, String identifier)     at Microsoft.ResourceManagement.WebServices.Client.ResourceManagementClient.SchemaManagerImplementation.RefreshSchema()     at Microsoft.ResourceManagement.WebServices.ResourceManager.get_SchemaManager()     at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(String typeName, LocaleAwareClientHelper localePreferences, ContextualSecurityToken securityToken)     at Microsoft.Office.Server.UserProfiles.ConnectionManager.LoadConnections() .
ConnectionManager.LoadConnections(): Could not find MOSS MA despite being marked as fully configured, was it deleted?
Leaving Monitored Scope (Request (POST:http://poc-bi-sp:8080/_layouts/EditDSServer.aspx?ApplicationID=b24e2e83%2D4d0a%2D4015%2D9f02%2D7969967e9733)). Execution Time=66685.955058534

Come nota a margine, la nostra struttura AD è impostato con 1 dominio principale, e 3 domini figlio. Il server di SharePoint e di tutti gli account di servizio sono in esecuzione nel dominio principale, ma sto cercando di impostare una connessione a uno dei domini figlio. L'account del servizio di connessione è stata concessa l'autorizzazione "Replica modifiche directory" sia la radice e il dominio figlio di destinazione.

Qualcuno può aiutarmi a capire questo fuori? Grazie.

Answer 1

Worked with MS Support on this and finally got it working. A couple things that we had to do:

1) Increase the LdapConnectionTimeout value to 60 seconds on the user profile proxy. More info on how to do that can be found on Spence's latest UP Sync article.

2) Change the "LDAP client security requirements" on the SharePoint server from "Negotiate Signing" to "None". This can be found under the Local Policy --> Security Options --> "Network Security: LDAP client signing requirements".

Answer 2

Make sure that both FIM services is started on the server running the UPS.

Answer 3

What Wictor said + read Spence's UPS guide http://www.harbar.net/articles/sp2010ups.aspx

Answer 4

forget about permissions. this is a known issue with timeouts - full ULS is needed to diagnose.

Answer 5

One tool i find very usefull, besides various tips on the web, is the new tool called MSIISCLient.exe. To monitor your User Profile imports go to C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\ and run MSIISClient.exe.

Keep that running while launching your syncronization. If still doesn't give you anything, may I suggest you re-do it, but make sure all pre-requisites that Spence H. and Shane Young(http://msmvps.com/blogs/shane/archive/2010/07/09/configuring-profile-import-in-sharepoint-2010.aspx) are mentioning, REBOOT, REBOOT and REBOOT (particularly after changing stuff in AD) and try re-creating your services, add PERMISSIONS.

Hope it helps, C. Marius

Answer 6

Start the "SQL server agent" from the windows service's.