SharePoint Happenings: Posts

Unexpected error when browsing to User Profile Service Application

BENDER\pwicklund — Sat, 17 Jul 2010 21:29:39 GMT

Body:

So I'm working on configuring the SharePoint 2010 user profile service application in partitioned mode. However, after the service application was created I was getting these weird errors in the ULS log (just a generic "unexpected error" in the user interface):

UserProfileServiceUserStatisticsWebPart:LoadControl failed, Exception: System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)

at Microsoft.SharePoint.Portal.WebControls.UserProfileServiceStatisticsWebPartBase.LoadControl(Object sender, EventArgs e)

UserProfileServiceAudienceStatisticsWebPart:LoadControl failed, Exception: System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)

at Microsoft.SharePoint.Portal.WebControls.UserProfileServiceStatisticsWebPartBase.LoadControl(Object sender, EventArgs e)

UserProfileServiceImportStatisticsWebPart:LoadControl failed, Exception: System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut)

at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)

at Microsoft.SharePoint.Portal.WebControls.UserProfileServiceStatisticsWebPartBase.LoadControl(Object sender, EventArgs e)

This error is because either the user profile service application's app pool or the farm service account isn't set to DBO on the profile sync database. To fix this, go find the PROFILE SYNC database in SQL, and under security, select the farm service account and change the default schema to be dbo instead of the account name:

ALSO – MAKE SURE TO DO THIS FOR THE APP POOL ACCOUNT AS WELL! They both need DBO on the database and neither is granted it by default!!!

After you change the schema, perform and IISRESET and attempt to browse to the service application again. It should work!

Phil

Published: 7/17/2010 4:29 PM

BlogTitleForUrl: unexpected-error-when-browsing-to-user-profile-service-application

Managed Metadata service application not available for SharePoint sites

BENDER\pwicklund — Thu, 15 Jul 2010 05:36:27 GMT

Body:

So I was setting up the managed metadata service application today and things were going fine. I created the service app, and associated the service app with my web application. However, after I added the Enterprise Keywords site column on a list to test it out, I was noticing that the keywords box was greyed out (Figured below). I couldn't specify and enterprise metadata values.

The fix is very easy. The first problem is around permissions. Even know the service app is associated with my web application, the user I'm running under didn't have access to the term store. So the first step is to grant the running user read access to the Term Store. Within Central admin, manage service applications, select the managed metadata service application and select permissions. Then grant the user (or in my case all users) read and restricted read permissions (Figure below):

You need restricted read selected to allow users to contribute terms to the Keywords term set in the System group.

The next problem is by default the managed metadata service application proxy won't be set as the default provider of terms. If this is not set you'll get an error that says "The site does not contain a default keywords termstore" (Figure below):

To set it as the default provider, select the service application proxy and then click properties. Then, check the top check box to tell it to be the default provider of terms for all associated web apps (figure below).

(you only get the red warnings if you have more than one service app set as the default)

Thereafter, you should be able to start adding keywords and managed metadata to your documents!

Phil

Published: 7/15/2010 12:36 AM

BlogTitleForUrl: managed-metadata-service-application-not-available-for-sharepoint-sites

Claims error when publishing service applications in SharePoint 2010

BENDER\pwicklund — Wed, 14 Jul 2010 16:40:32 GMT

Body:

So – the other day I was trying to publish service applications in SharePoint 2010 from a provider farm to a consumer farm. I did all the steps I knew possible, but was stilling getting errors in the ULS and in the browser was getting the famed "Unable to connect to the specified address. Verify the URL you entered and contact the service administrator for more details."

The first thing to say is go to the ULS for BETTER error, in which case I was getting:

SharePoint Foundation Claims Authentication fo1t Monitorable SPSecurityTokenService.Issue() failed: System.TypeInitializationException: The type initializer for '' threw an exception. ---> System.TypeInitializationException: The type initializer for '' threw an exception. ---> .ModuleLoadException: The C++ module failed to load while attempting to initialize the default appdomain. ---> System.Runtime.InteropServices.COMException (0x800703FA): Illegal operation attempted on a registry key that has been marked for deletion. (Exception from HRESULT: 0x800703FA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at .GetDefaultDomain() at .DoCallBackInDefaultDomain(IntPtr function, Void* cookie) ...

SharePoint Foundation Claims Authentication fo1t Monitorable ... at .LanguageSupport._Initialize(LanguageSupport* ) at .LanguageSupport.Initialize(LanguageSupport* ) --- End of inner exception stack trace --- at .LanguageSupport.Initialize(LanguageSupport* ) at .cctor() --- End of inner exception stack trace --- at .ThrowModuleLoadException(String , Exception ) at .LanguageSupport.Initialize(LanguageSupport* ) at .cctor() --- End of inner exception stack trace --- at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(IntPtr type) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) ...

SharePoint Foundation Claims Authentication fo1t Monitorable ... at Microsoft.SharePoint.Administration.SPAutoSerializingObject.GetInstanceFromType(Type type, String typename) at Microsoft.SharePoint.Administration.SPPersistedObject.GetInstance(XmlNode xml, Guid classId, Boolean bResolveMissingTypes) at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id) at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id) at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache) at Microsoft.SharePoint.Administration.SPConfigurationDatabase.Microsoft.SharePoint.Administration.ISPPersistedStoreProvider.GetObject(Guid id) at Microsoft.Sha...

SharePoint Foundation Claims Authentication fo1t Monitorable ...rePoint.Administration.SPPersistedObjectCollection`1.get_Item(Guid objId) at Microsoft.SharePoint.Administration.SPPersistedObjectCollection`1.d__0.MoveNext() at Microsoft.SharePoint.Administration.SPPersistedObjectCollection`1.Enumerator`1.MoveNext() at Microsoft.SharePoint.Administration.SPWebApplication.LookupContextWebApplication() at Microsoft.SharePoint.Administration.SPWebApplication.Lookup(SPFarm farm, Uri requestUri, Boolean fallbackToHttpContext, SPAlternateUrl& alternateUrl, SPSiteLookupInfo& hostHeaderSiteInfo, Boolean& lookupRequiredContext) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetWebApplicationAndZoneForContext(Uri context, SPWebApplication& webApplication, Nullable`1& zone) at Microsoft.SharePoint.Adm...

SharePoint Foundation Claims Authentication fo1t Monitorable ...inistration.Claims.SPClaimProviderManager.GetClaimProvidersForContext(Uri context, SPClaimProviderOperationOptions mode, IEnumerable`1 providerNames) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderOperations.ClaimsForEntity(Uri context, SPClaimProviderOperationOptions mode, String[] providerNames, SPClaim entity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentClaimsIdentity(IClaimsIdentity identity, SPClaim identityClaim, RequestSecurityToken request) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request) ...

SharePoint Foundation Claims Authentication fo1t Monitorable ...at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)

SharePoint Foundation Claims Authentication fsq7 High Request for security token failed with exception: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTr... 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

SharePoint Foundation Claims Authentication fsq7 High ...ustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.. 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

SharePoint Foundation Topology 84cx High ServiceApplicationConnect.aspx: Unrecognized url. Exception: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.W... 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

SharePoint Foundation Topology 84cx High ...STrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) at Microsoft.SharePoint.SPSecurityContext.<>c__DisplayClass7.b__6() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurityContext.GetProcessSecurityTokenForServiceContext() at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri) at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress address, Uri via) at Mi... 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

SharePoint Foundation Topology 84cx High ...crosoft.SharePoint.SPChannelFactoryOperations.CreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress address) at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.EnumerateSharedServiceApplications(Uri endpointAddress, SPServiceLoadBalancerContext loadBalancerContext) at Microsoft.SharePoint.Administration.SPDiscoveryUtility.RetrieveSharedServiceApplicationInfo(String url) at Microsoft.SharePoint.ApplicationPages.ServiceApplicationConnectPage.BtnOK_Click(Object sender, EventArgs e) 8a7440ac-a08c-46da-87ad-5c2d79e19dd4

The weird thing is all the "Claims Authentication" error. What the? My Central admin servers were using NTLM, not claims. However, the topology service app (load balancing SA) is using claims so obviously it was a problem.

Here's some more background:

I have two farms (let's just say farm A, and farm B). I'm trying to get farm A to consume service applications published by farm B. I've exchanged root certificates and the sts certificates to setup the trust, and I've granted farm A full control on B's load balancer service app, as well as the service apps I'm trying to connect to. However, when I paste the service app's URL and click ok, I get the error that says to confirm that I have the correct URL. In 14/Logs, I get the above exception, which appears to be a COM exception.

Farm A is a two server farm with CA running on 01. Farm B is a single server farm.

The firewall is turn on between the two farms, three servers. TCP ports 12345 (central admin) and 32844 (topology service) have been opened between all three servers. I'm running as a farm and box admin.

Error message in UI:

Farm A's farm ID:

Perms on load balancing service app in farm B:

Perms on published service app:

(FYI – this isn't necessary but I did it to be safe/thorough)

Service app has been published over HTTP:

Trust on Farm A:

Trust on Farm B:

You'd think that after all this it would work just fine? The funny this is I did do all the publishing just fine, I just missed one small, important step. IISRESET.

Perform an IISRESET on all boxes in the provider farm, and all boxes in the consumer farm. Thereafter, try the connection again and it should work. I also created a key in the secure store service application, but I don't think this mattered. To be safe, create a secure store service app in the publishing farm, and click generate new key.

HURRAY!

Still having trouble – check these things for troubleshooting:

Troubleshooting Federation Issues:

Ensure domain trust (2-way for profile, 1-way for others)
Ensure consuming farm's service account has permissions to the topology service app
Try browsing to the topology service app http://*/topology.svc
Check the ACL on the publishing service app
Try using FQDNs for ALL URLs
Double check certs.

Cheers,

Phil

Published: 7/14/2010 11:40 AM

BlogTitleForUrl: claims-error-when-publishing-service-applications-in-sharepoint-2010