User Profile Sync Broken After Central Admin URL Change


Took quite a bit of time to track this down. If you change your Central Admin Default Zone Url after configuring the User Profile Synchronization Service, the User Profile Sync will fail.  The UI for the User Profile Service Application will not show you any errors, but there will be no profiles imported.  If you check out the trace log, you may see the following error that indicates an invalid URL is being used somewhere. 

05/06/2011 14:54:13.55 miiserver.exe (0x105C) 0x05D8 SharePoint Portal Server User Profiles cng5 High Error finalizing profile import: System.UriFormatException: Invalid URI: A port was expected because of there is a colon (':') present but the port could not be parsed. at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) at System.Web.HttpRequest.get_Url() at Microsoft.SharePoint.Administration.SPAlternateUrl.get_ContextUri() at Microsoft.SharePoint.WebControls.SPControl.SPSiteFromContextNoCache() at Microsoft.SharePoint.WebControls.SPControl.SPWebEnsureSPControl(HttpContext context) at Microsoft.SharePoint.SPContext.get_Current() at Microsoft.Office.Server.UserProfiles.ProfileManagerInstance.GetApplicationProxy() at Microsoft.Office.Server.UserProfiles.ProfileImportExportService.FinalizeProfileImportExportProcess(Int64 importExportId).

05/06/2011 14:54:13.96 miiserver.exe (0x105C) 0x13A0 SharePoint Foundation General avey High The application domain Extensible MA {DB7E73EE-103E-4B9B-B489-071D6E861C62} is unloading and going to be recycled.

05/06/2011 14:54:13.96 miiserver.exe (0x105C) 0x13A0 SharePoint Foundation General avez Medium Shutdown Reason:

05/06/2011 14:54:14.16 OWSTIMER.EXE (0x04D0) 0x08F0 SharePoint Portal Server User Profiles a3xx Unexpected UserProfile Synchronization: Encountered unexpected step result: stopped-extension-dll-exception. 3006bf44-bb0c-4712-b053-81c47d55e438

 

You’ll also see an event log entry with the Invalid URI error:

Log Name: Application
Source: FIMSynchronizationService
Event ID: 6801
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Description:
The extensible extension returned an unsupported error.

The stack trace is:

"System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. --->
System.UriFormatException: Invalid URI: A port was expected because of there is a colon (':') present but the port could not be parsed.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at System.Web.HttpRequest.get_Url()
at Microsoft.SharePoint.Administration.SPAlternateUrl.get_ContextUri()
at Microsoft.SharePoint.WebControls.SPControl.SPSiteFromContextNoCache()
at Microsoft.SharePoint.WebControls.SPControl.SPWebEnsureSPControl(HttpContext context)
at Microsoft.SharePoint.SPContext.get_Current()
at Microsoft.Office.Server.UserProfiles.ProfileManagerInstance.GetApplicationProxy()
at Microsoft.Office.Server.UserProfiles.ProfileImportExportService.FinalizeProfileImportExportProcess(Int64 importExportId)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.Office.Server.WebServiceDirectProxy.WebMethodInfo.Invoke(Object webServiceInstance, Object[] args)
at Microsoft.Office.Server.WebServiceDirectProxy.Invoke(String methodName, Object[] args)
at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportDirect.FinalizeProfileImportExportProcess(Int64 importExportId)
at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.Microsoft.MetadirectoryServices.IMAExtensibleCallExport.EndExport()
Forefront Identity Manager 4.0.2450.5"

 

If you open MIISClient.exe, you’ll see the stopped-extension-dll-exception there as well :

image

 

What’s going on here is that SharePoint adds an extension to Forefront Identity Manager (FIM) client to map properties back into SharePoint. This is configured when you start the User Profile Synchronization Service from Central Admin.  When you start the service, it maps up the Default Zone URL of Central Admin to the extension.  You can view this URL in MIISClient.exe :

  1. Open MIISClient.exe (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\Miisclient.exe)
  2. Click Management Agents
  3. Select the MOSS-GUID entry
  4. Under Actions, Click Properties
  5. Under Management Agent Designer, click Configure Connection Information
  6. The Connect To:  property has the URL back to Central Admin URL.  The URL looks similar to:  direct://server:8999/_vti_bin/ProfileImportExportService.asmx?ApplicationID=1999d753%2D0ee9%2D46ab%2Da6ef%2Dc51296998eea

If you change the Default Zone URL to Central Admin, you will have to stop/start the User Profile Sync service via Central Admin to get the URL to update in the FIM client to the new URL.  This will fix the stopped-extension-dll-exception for most scenarios involving a changed URL [there are other causes for the error, like BCS connections or mapping invalid properties]; however, there is a bug in this area that shows up if you try to use SSL, or a URL on port 80, in the Default Zone.  If you use SSL, the URL from FIM will show direct:// instead of HTTPS:// which results in failure.  In the scenario of using a URL on port 80, the FIM client makes the call and passes a –1 for the port.  In our case, we changed the URL to spca.domain.com.  When FIM goes to make the connection, it was passing the URL as http://spca.domain.com:-1 which was throwing the Invalid URL exception.  This leaves you with a couple options:

Option 1 : Switch back to MachineName:Port for the Central Admin Default Zone URL.  You can add an alternate access mapping to one of the non-default zones for a more friendly URL.  Here are the steps for that :

  1. Setup Central Admin on a specific port
    1. Open SharePoint 2010 Management Shell
    2. Run :  Set-SPCentralAdministration –Port 8999
  2. Add an alternate access mapping to the Web Application
    1. Application Management, Manage Alternate Access Mappings
    2. From the dropdown, select Central Admin
    3. In the Intranet zone, add http://spca.domain.com
    4. Click OK
  3. Add the host header to IIS
    1. Open IIS Manager
    2. Select the Central Admin Web Site
    3. Click Binding
    4. Add an entry for port 80 and spca.domain.com
    5. Click OK
  4. Restart the User Profile Synchronization Service – this will setup the FIM client to use the new Default Zone URL
    1. Browse Services on server
    2. Click Stop next to User Profile Synchronization Service
    3. Wait for the service to stop
    4. Click Start next to User Profile Synchronization Service
    5. Wait for the service to start
  5. Validate the change in MIISClient.exe
    1. Open MIISClient.exe (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\Miisclient.exe)
    2. Click Management Agents
    3. Select the MOSS-GUID entry
    4. Under Actions, Click Properties
    5. Under Management Agent Designer, click Configure Connection Information
    6. The Connect To:  property has the URL back to Central Admin URL. 
  6. Perform a profile sync

Option 2 : Patch to the October 2010, or later, Cumulative Update.  After you patch, you may need to go into Services on Server and start the User Profile Synchronization Service.  This step seems shorter, but in reality, the time to patch will be longer than the time to switch out the URL, and will likely require some validation in your environment.


Comments (3)

  1. Bob says:

    Similar issue, we left the port the same but enabled SSL.  Seems like restarting the Sync Service doesn't tell UPA to look for a SSL CA.  Any thoughts?

  2. Pasi says:

    Bob….alter the direct://server:8999/… => https://server:443/

Skip to main content