Could we create a second User Profile Service Application ?

07/02/2012 Leave a comment

Yes you can but ,
If you have only one server in your farm you can use just one User Profile Service Application (UPA) in this server because the windows Service of User Profile Syncronization Service just configurable only one UPA. So if you have more than one sharepoint server in your farm for example 3 server;  you can create more than 3 UPA but you can only syncronize 3 of them.

For Another scenario, i assume that you have only one server and already provisioned one UPA and configured the syncronization connection. After adding second UPA as you know you can not able to add any Sycronization connection for Second UPA . But if you stop CA-> Services On Server -> User Profile Syncronization Service and restart it will prompt you to select UPA options mean you can change the relation for specific UPA . Still only one UPA can able to sync for one server.

Filed under Sharepoint 2010 Tagged with , , , , , , , ,

Recursive Triggers on SQL Server and User Profile Service Problem

25/07/2011 Leave a comment

Recently Microsoft has published a “FAST PUBLISH” article about User Profile Application service starting problem with FIM Syncronization service.In KB defined problem is caused by The ‘Recursive Triggers Enabled’ property for the Model database is set to ‘True’ in the SQL instance. And the error is in your application log

The server encountered an unexpected error and stopped.
“ERR: MMS(6016): sql.cpp(5580): Query (update [mms_run_history] set [is_run_complete] = 1,[run_result] = N’stopped-server’,[end_date] = <Date & Time> where ([is_run_complete] = 0)) performed with error
ERR: MMS(6016): sql.cpp(5633): Maximum stored procedure, function, trigger, or view nesting level exceeded (limit 32).
….

What is a Recursive Triggers ?
A requirsive trigger is a trigger that fired by the other triggers or intreacting object that fire the trigger when executed recursively.

SQL Server also allows for recursive invocation of triggers when the RECURSIVE_TRIGGERS setting is enabled using ALTER DATABASE.

Recursive triggers enable the following types of recursion to occur:

  • Indirect recursion
    With indirect recursion, an application updates table T1. This fires trigger TR1, updating table T2. In this scenario, trigger T2 then fires and updates table T1.
  • Direct recursion
    With direct recursion, the application updates table T1. This fires trigger TR1, updating table T1. Because table T1 was updated, trigger TR1 fires again, and so on.

The following example uses both indirect and direct trigger recursion Assume that two update triggers, TR1 and TR2, are defined on table T1. Trigger TR1 updates table T1 recursively. An UPDATE statement executes each TR1 and TR2 one time. Additionally, the execution of TR1 triggers the execution of TR1 (recursively) and TR2. The inserted and deleted tables for a specific trigger contain rows that correspond only to the UPDATE statement that invoked the trigger.

Note:The previous behavior occurs only if the RECURSIVE_TRIGGERS setting is enabled by using ALTER DATABASE. There is no defined order in which multiple triggers defined for a specific event are executed. Each trigger should be self-contained.

Disabling the RECURSIVE_TRIGGERS setting only prevents direct recursions. To disable indirect recursion also, set the nested triggers server option to 0 by using sp_configure.

If any one of the triggers performs a ROLLBACK TRANSACTION, regardless of the nesting level, no more triggers are executed.

How to change “Recursive Triggers Enabled” property to false ?

From the SQL Server Management Studio, expand ‘System Databases’ > Right-click ‘Model’ | Properties | Options | under Miscellaneous section, set ‘Recursive Triggers Enabled’ property to ‘False’.

or.

The recursive trigger setting works on a database level . For checking the status of the recursive setting, use this command:

 EXEC sp_dboption '<name of db>', 'recursive triggers' -

for enabling Recusive Triggers:

 EXEC sp_dboption '<name of db>', 'recursive triggers', 'true'

for disabling Recursive Triggers:

 EXEC sp_dboption '<name of db>', 'recursive triggers', 'false'

For our senario use like this:

EXEC sp_dboption 'Model', 'recursive triggers', 'false'

Resources:
http://msdn.microsoft.com/en-us/library/ms189799.aspx
http://support.microsoft.com/kb/2579951

 

 

Filed under Sharepoint 2010, T-SQL Tagged with , , , , , ,

How to rename Sharepoint database server

25/07/2011 Leave a comment

In some cases User Profile service is in “starting” mode but not started after a while getting “stopped” . one of the cause this situation is Sharepoint server name is using an ip address instead of using netbios name. You can check if from Central Administration -> Servers in farm section.

How can we change the ip address of SQL server to netbios name? Answer is simple use stsadm.
Run the following command to rename the server from IP address to netbios name sucessfully:

Stsadm -o renameserver -oldservername <ipaddress> -newservername <netbios name of the sql server>

Example: Stsadm -o renameserver -oldservername 192.168.10.2 -newservername POSTSQL

Now you can try starting the User Profile Synchronization Service. It should start successfully, unless there is some other User Profile Sync Service related issue.

..

 

Filed under Sharepoint 2010 Tagged with , , , , ,

Sharepoint 2010 User Profile Syncronization Services can not syncronize user domain alias information correctly

27/04/2011 Leave a comment

If you have already running UPA and have correct sync connection than after changed NetBIOSDomainNamesEnabled true and already get full import but domain names still FQDN name instead of Netbios names.
(not any CU loaded)

Solution:
1) Check AD Replication Directory Changes Permission is set correctly .
see article:

Checking Replication Directory Changes for account by PowerShell

2) Clear all syncronization connections.

3) Clear all imported users
see article:

Sharepoint 2010 Delete all imported profile users by PowerShell


4) Set NetBIOSDomainNamesEnabled true of your User Profile Service Application

$upsa = Get-SPServiceApplication –Id <Your UPSA id>
$upsa.NetBIOSDomainNamesEnabled=1
$upsa.Update()
# To get the GUID of the User Profile Service Application run Get-SPServiceApplication.

5) Reset OWSTimer and complete iisreset.

6) Recreate your synchronization configuration

7) Start Full Import.

Filed under Sharepoint 2010 Tagged with , , ,

Checking Replication Directory Changes for account by PowerShell

27/04/2011 Leave a comment

This power shell script checks Replication Directory Changes rights for specific user. You can use this script for detect sharepoint 2010 user profile service account has correct rights

Important !!!: this script not work with Domain Administrator’s accounts .

#Save to script a file named CheckRDC.ps1
usage syntax:
open Sharepoint 2010 PowerShell Console
PS> .\CheckRDC.ps1 “DOMAIN\username”

param( [string] $userName="")
function Check-ADUserPermission(
    [System.DirectoryServices.DirectoryEntry]$entry, 
    [string]$user, 
    [string]$permission)
{
    $dse = [ADSI]"LDAP://Rootdse"
    $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext)

    $right = $ext.psbase.Children | 
        ? { $_.DisplayName -eq $permission }

    if($right -ne $null)
    {
        $perms = $entry.psbase.ObjectSecurity.Access |
            ? { $_.IdentityReference -eq $user } |
            ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value }

        return ($perms -ne $null)
    }
    else
    {
        Write-Warning "Permission '$permission' not found."
        return $false
    }
}

# Globals

$replicationPermissionName = "Replicating Directory Changes"

# Main()

$dse = [ADSI]"LDAP://Rootdse"

$entries = @(
    [ADSI]("LDAP://" + $dse.defaultNamingContext),
    [ADSI]("LDAP://" + $dse.configurationNamingContext));

Write-Host "User '$userName': "
foreach($entry in $entries)
{
    $result = Check-ADUserPermission $entry $userName $replicationPermissionName

    if($result)
    {
        Write-Host "`thas a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" `
            -ForegroundColor Green
    }
    else
    {
        Write-Host "`thas no a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" `
            -ForegroundColor Red
    }
}

The synchronization account for a connection to Active Directory Domain Services (AD DS) must have the following permissions:

It must have Replicate Directory Changes permission on the domain that you will synchronize with. See Grant Replicate Directory Changes permission on a domain for instructions to grant this permission.

If the domain controller is running Windows Server 2003, the synchronization account must be a member of the Pre-Windows 2000 Compatible Access built-in group. See Add an account to the Pre-Windows 2000 Compatible Access group for instructions to grant this permission.

If the NetBIOS name of the domain differs from the domain name, the synchronization account must have Replicate Directory Changes permission on the cn=configuration container. See Grant Replicate Directory Changes permission on the cn=configuration container for instructions to grant this permission.

If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with. See Grant Create Child Objects and Write permission for instructions to grant this permission.

for more info :
http://technet.microsoft.com/en-us/library/ee721049.aspx

Filed under Sharepoint 2010 Tagged with , , ,

Older posts

Newer posts