Rights to ProfileDB timeout + .Exception calling "SetSynchronizationMachine" with "4" argument(s)

Aug 22, 2011 at 1:28 PM

Getting the following error 

- Creating User Profile Service Application Proxy... - Granting rights to User Profile Service Application... - Granting DOMAIN\spportalpool_ua rights to SP2010UA_ProfileDB...Add-SPShellAdmin : Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.At \\...\...\SharePoint2010\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:1900 char:67+                 Get-SPDatabase | ? {$_.Name -eq $ProfileDB} | Add-SPShellAdmin <<<<  -UserName $PortalAppPoolAcct    + CategoryInfo          : InvalidData: (Microsoft.Share...AddSPShellAdmin:   SPCmdletAddSPShellAdmin) [Add-SPShellAdmin], SqlException    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletAddSPShe   llAdmin

Followed by this

 - Enabling the Activity Feed Timer Job.. - Done creating User Profile Service Application. - Checking User Profile Synchronization Service... - Updating User Profile Synchronization Service to run as DOMAIN\spservices_ua... - Waiting for User Profile Synchronization Service...Exception calling "SetSynchronizationMachine" with "4" argument(s): "Operationis not valid due to the current state of the object."At \\...\...\SharePoint2010\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:1944 char:50+                     $ProfileServiceApp.SetSynchronizationMachine <<<< ($env:COMPUTERNAME, $ProfileSyncService.Id, $FarmAcct, (ConvertTo-PlainText $FarmAcctPWD))    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException    + FullyQualifiedErrorId : DotNetMethodException

Press any key to exit...

It leaves both FIM services present but one disabled and running under local system account while the other (sync) is automatic and under '\' account.

In another window there is still the message Creatin User Profile Service Application... done under the farm account.

 

 

Aug 22, 2011 at 1:30 PM

After a while the message in the other window changes to an error (after I already pressed the any key and the main script continued)

New-SPProfileServiceApplication : An update conflict has occurred, and you must re-try this action. The object UserProfileApplication Name=User Profile Service Application was updated by DOMAIN\spsetup, in the powershell (372) process, on machine RUMBA.  View the tracing log for more information about the conflict.At C:\Users\spsetup\AppData\Local\Temp\1\AutoSPInstaller-ScriptBlock.ps1:3 char:56

Aug 22, 2011 at 5:19 PM

don't run spinstaller from user folder

http://autospinstaller.codeplex.com/wikipage?title=Don%27t%20run%20AutoSPInstaller%20from%20a%20user%20folder%21&referringTitle=Documentation

Aug 22, 2011 at 7:37 PM

I am running it from a UNC path and not from the user folder. For the step of the UPS the script through uses AutoSPInstaller-ScriptBlock.ps1 - which I believe is used specifically for the UPS.

I have seen that also Temp\2 directory was made after I ran the script again. 

Thanks for any replies.

Aug 23, 2011 at 1:24 PM

I have some futher details.

After the script fails on UPS I can see that SyncDB and SocialDB have been created by spfarm and spservices is a db_owner. ProfileDB is also created by spfarm but their both spservices and spsetup are db_owner, where spsetup is also ShellAdmin.

I have SQL server alias to a SQL instance on a non standard port. This works fine for the who process but for the UPS the following errors appear in the logs.

 

Cannot connect to SQL Server. SQLUAALIAS not found. Additional error information from SQL Server is included below.  Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.

SQL Database 'SP2010UA_SyncDB' on SQL Server instance 'SQLUAALIAS' not found. Additional error information from SQL Server is included below.  Cannot open database "SP2010UA_SyncDB" requested by the login. The login failed.  Login failed for user 'DOMAIN\spsetup'.

SQL Database 'SP2010UA_SocialDB' on SQL Server instance 'SQLUAALIAS' not found. Additional error information from SQL Server is included below.  Cannot open database "SP2010UA_SocialDB" requested by the login. The login failed.  Login failed for user 'DOMAIN\spfarm_ua'.

SQL Database 'SP2010UA_SyncDB' on SQL Server instance 'SQLUAALIAS' not found. Additional error information from SQL Server is included below.  Cannot open database "SP2010UA_SyncDB" requested by the login. The login failed.  Login failed for user 'DOMAIN\spfarm_ua'.

I dont know which addition rights need to be given. The spsetup account and spfarm already have securityadmin and dbcreator server wide roles.

I hope that somebody sees a patter in this and my first message. I would be surprised to be the only one with script over UNC, SQL alias to named instance on non default port.

Aug 24, 2011 at 3:40 PM

Last thing : When the installation completes with above errors I can go to CA, delete the Service Application, create a new one, takes 5-7 minutes (!). Then start the UPS service and Sync service.

This works - key here is that in CA I do this under spsetup as well and of course provide the farm user/password for starting. Or it is a timeout that is the problem or credentials under which the script runs.. I dont know...

Aug 29, 2011 at 4:03 PM

ANY suggestions?

Coordinator
Aug 29, 2011 at 6:51 PM

I'm pretty certain it's nothing to do with either the UNC path (I always run via UNC path) or non-standard SQL port in alias (that's what an alias is for after all). Also I thought I'd resolved all the issues with granting rights to profile DBs etc. The Farm Account is actually the one who creates those databases anyhow so it should always be dbo and the other accounts get added afterwards...

Not sure what to suggest except to check your account mapping/config in the xml file?

Brian

Aug 31, 2011 at 8:20 AM

UPDATE : one single VM script now succesful. With a little hickup on Search which was probably because of old index files still being present in Microsoft Office Servers\14 folder, the script ran smoothly.

I use a named instance on a alternative port and used SQL configutation manager to set that on both protocols for my instance and also as default port on both options of the native client. I added both the setup and the farm admin account to SQL wit secadmin and dbcreator roles.

I have an inbound rule on SQL for the specific port, no outbound rule though on the WFE. This does not seem to matter because all connections work, except upon creation of the UPS.

I have some passwords that need escaping. 

 

Creating User Profile Service Application as DOMAIN\spfarm_ua...New-SPProfileServiceApplication : An update conflict has occurred, and you must re-try this action. The object UserProfileApplication Name=User Profile Service Application was updated by DOMAIN\spsetup, in the powershell (912) process, on machine WFE.  View the tracing log for more information about the conflict.At C:\Users\spsetup\AppData\Local\Temp\2\AutoSPInstaller-ScriptBlock.ps1:3 char:56+ $NewProfileServiceApp = New-SPProfileServiceApplication <<<<  -Name "User Profile Service Application" -ApplicationPool "SharePoint Hosted Services" -ProfileDBName SP2010UA_ProfileDB -ProfileSyncDBName SP2010UA_SyncDB -SocialDBName SP2010UA_SocialDB -MySiteHostLocation "http://meua.DOMAIN.org:8080"    + CategoryInfo          : InvalidData: (Microsoft.Offic...viceApplication:   SPCmdletNewProfileServiceApplication) [New-SPProfileServiceApplication], S  PUpdatedConcurrencyException    + FullyQualifiedErrorId : Microsoft.Office.Server.UserProfiles.PowerShell.   SPCmdletNewProfileServiceApplication
C:\Users\spsetup\AppData\Local\Temp\2\AutoSPInstaller-ScriptBlock.ps1 :  - Failed to create User Profile Service ApplicationAt line:1 char:70+ C:\Users\spsetup\AppData\Local\Temp\2\AutoSPInstaller-ScriptBlock.ps1 <<<<    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorExcep   tion    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio   n,AutoSPInstaller-ScriptBlock.ps1
Press any key to exit...

 - Granting DOMAIN\spportalpool_ua rights to SP2010UA_ProfileDB...Add-SPShellAdmin : Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.At \\Salsa\Sources\SetupFilesForBackup\SharePoint2010\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:1900 char:67+                 Get-SPDatabase | ? {$_.Name -eq $ProfileDB} | Add-SPShellAdmin <<<<  -UserName $PortalAppPoolAcct    + CategoryInfo          : InvalidData: (Microsoft.Share...AddSPShellAdmin:   SPCmdletAddSPShellAdmin) [Add-SPShellAdmin], SqlException    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletAddSPShe   llAdmin
 - Enabling the Activity Feed Timer Job.. - Done creating User Profile Service Application. - Checking User Profile Synchronization Service...
 - Updating User Profile Synchronization Service to run as DOMAIN\spservices_ua... - Waiting for User Profile Synchronization Service...Exception calling "SetSynchronizationMachine" with "4" argument(s): "Operationis not valid due to the current state of the object."At \\Salsa\Sources\SetupFilesForBackup\SharePoint2010\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:1944 char:50+                     $ProfileServiceApp.SetSynchronizationMachine <<<< ($env:COMPUTERNAME, $ProfileSyncService.Id, $FarmAcct, (ConvertTo-PlainText $FarmAcctPWD))    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException    + FullyQualifiedErrorId : DotNetMethodException
Press any key to exit...

Screenshot ULS critical errros : https://skydrive.live.com/redir.aspx?cid=7a8f58c6292ab6b3&page=play&resid=7A8F58C6292AB6B3!175

 



Aug 31, 2011 at 1:32 PM

I'm a bit surprised to see 

SQL Database 'SP2010UA_SyncDB' on SQL Server instance 'SQLUAALIAS' not found. Additional error information from SQL Server is included below.  Cannot open database "SP2010UA_SyncDB" requested by the login. The login failed.  Login failed for user 'Domain\spsetup'.

In the single VM install (which succeeded) I had  look at User Mapping on the SyncDB - no mapping for spsetup to that DB, so it does not seem relevant.

Also the SQL in the two tier has now mapping for spsetup to syncDB - why am I getting this error? Is the setup account trying to set rights for the webapplicatons?

And is this after provisioning of the UPS, this irrelevant?

Sep 1, 2011 at 3:17 PM

Now I disabled the UPS by script putting both the app and the sync to false. I then go to Central Admin under my setup account and start everything without a problem.

I try the same by loggin in on CA under farm account, again no problem. When I check if the slipstream worked on install :

June 2011 CU (Refresh) 14.0.6106.5002

Is maybe the build in timeout in the script too short (120sec) - UPA is about 4min, UPS about the same 4 min. - is that too long for the script?

Sep 5, 2011 at 8:29 AM

Just a thought - named pipes need not be configured right?

Coordinator
Sep 7, 2011 at 3:49 AM

Re: named pipes - I doubt it, should be TCP/IP.

Brian