SharePoint / Active Directory synchronization fails with eventID 6801

From time to time, the UPS fails with the following symptoms:

  • The event viewer (application log) displays the events 6801, 6803 and 6110, in this order.
  • The Forefront Identity Manager (found here: C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe) shows failed synchronizations with the status: stopped-extension-dll-exception.
  • And of course, updates between SharePoint and Active Directory are not sent anymore.

The best clue is found in the details of the eventID 6801.

Analysis

The event 6801 shows the following information:

Log Name:      Application
Source:        FIMSynchronizationService
Date:          19/01/2015 15:48:07
Event ID:      6801
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXX.XXX.XXX.XXX
Description:
The extensible extension returned an unsupported error.
 The stack trace is:
 
 "System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
   at System.Net.WebClient.DownloadData(Uri address)
   at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.DownloadPictures(ProfileChangeData[] profiles)
   at Microsoft.Office.Server.UserProfiles.ManagementAgent.ProfileImportExportExtension.Microsoft.MetadirectoryServices.IMAExtensibleFileImport.GenerateImportFile(String fileName, String connectTo, String user, String password, ConfigParameterCollection configParameters, Boolean fFullImport, TypeDescriptionCollection types, String& customData)
Forefront Identity Manager 4.0.2450.47"
Event Xml:
...

The key here is the 404 error. It shows that the UPS failed to access a specific URL during the synchronization process. The question is: which URL? The only website involved in the synchronization process is the “My Sites” website, so let’s head to the logs for this website and try to find out more.

The IIS logs are normally in C:\inetpub\logs\LogFiles\my-sites-ID. If you don’t know your site ID (well, I don’t either 🙂 ), open the IIS console, select your My Sites site and clic on Advanced Settings on the right. This will display the site ID. Then, you can match this ID to the appropriate log folder.01.FindSiteIDOnce you are in the proper log folder, open the last log file and search for 404. You should find a line similar to:

2015-01-19 02:21:49 192.168.10.52 GET /User+Photos/Profile+Pictures/domain_username_LThumb.jpg - 94 domain\service-account 192.168.1.10 - 404 0 0 31

Take note of the username. The UPS thinks that a picture is available for this user on My Sites, but it can’t find it. As a result, the whole synchronization process is stopped.

Resolution

The solution is quite simple. Connect to the Central Admin, go to Manage service applications, User Profile Service Application, Manage User Profiles. Search for the user that you noted before and edit his profile (Edit My Profile).02.FindSiteIDYou will notice that the picture of the user profile is not displayed correctly, which confirms the problem. To solve our issue, just remove this corrupt picture and save the profile.03.RemovePictureIf you edit the profile again you can see the the profile picture now looks fine.04.RemovePicture2Of course, if you had several users with the 404 error, remote the picture for all of them.

Once finished, start a new full synchronization from Manage service applications, User Profile Service Application, Start Profile Synchronization, Start Full Synchronization.

The synchronization should be fixed!