From time to time, the UPS fails with the following symptoms:
- The event viewer (application log) displays the events 6801, 6803 and 6110, in this order.
- The Forefront Identity Manager (found here: C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe) shows failed synchronizations with the status: stopped-extension-dll-exception.
- And of course, updates between SharePoint and Active Directory are not sent anymore.
The best clue is found in the details of the eventID 6801.
The event 6801 shows the following information:
Log Name: Application Source: FIMSynchronizationService Date: 19/01/2015 15:48:07 Event ID: 6801 Task Category: Server Level: Error Keywords: Classic User: N/A Computer: XXX.XXX.XXX.XXX Description: The extensible extension returned an unsupported error. The stack trace is: "System.Net.WebException: The remote server returned an error: (404) Not Found. at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request) at System.Net.WebClient.DownloadData(Uri address) at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.DownloadPictures(ProfileChangeData profiles) at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.Microsoft.MetadirectoryServices.IMAExtensibleFileImport.GenerateImportFile(String fileName, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fFullImport, TypeDescriptionCollection types, String& customData) Forefront Identity Manager 4.0.2450.47" Event Xml: ...
The key here is the 404 error. It shows that the UPS failed to access a specific URL during the synchronization process. The question is: which URL? The only website involved in the synchronization process is the “My Sites” website, so let’s head to the logs for this website and try to find out more.
The IIS logs are normally in C:\inetpub\logs\LogFiles\my-sites-ID. If you don’t know your site ID (well, I don’t either ), open the IIS console, select your My Sites site and clic on Advanced Settings on the right. This will display the site ID. Then, you can match this ID to the appropriate log folder.Once you are in the proper log folder, open the last log file and search for 404. You should find a line similar to:
2015-01-19 02:21:49 192.168.10.52 GET /User+Photos/Profile+Pictures/domain_username_LThumb.jpg - 94 domain\service-account 192.168.1.10 - 404 0 0 31
Take note of the username. The UPS thinks that a picture is available for this user on My Sites, but it can’t find it. As a result, the whole synchronization process is stopped.
The solution is quite simple. Connect to the Central Admin, go to Manage service applications, User Profile Service Application, Manage User Profiles. Search for the user that you noted before and edit his profile (Edit My Profile).You will notice that the picture of the user profile is not displayed correctly, which confirms the problem. To solve our issue, just remove this corrupt picture and save the profile.If you edit the profile again you can see the the profile picture now looks fine.Of course, if you had several users with the 404 error, remote the picture for all of them.
Once finished, start a new full synchronization from Manage service applications, User Profile Service Application, Start Profile Synchronization, Start Full Synchronization.
The synchronization should be fixed!