I was following the SharePoint 2010 beta instructions listed by Jie Li from Microsoft [1] to create a new Synchronization Connection and found that every time I tried to create one, nothing seemed to happen – the page just kept saying “The query returns nothing.”.  Central Administration –> Manage Service Applications –> User Profile Service Application –>  Configure Synchronization Connections under Synchronization heading:

clip_image002

After a few re-installs, iisreset’s, reconfiguration of the Profile Services, and trying IE 7 mode, I went to the event viewer and saw this message with Event ID: 3 by Source: Forefront Identity Manager:

“Microsoft.ResourceManagement.Service: System.ServiceModel.FaultException: Access to the requested resource(s) is denied at Microsoft.ResourceManagement.WebServices.ResourceManagementService.
GetCurrentUserFromSecurityIdentifier() at Microsoft.ResourceManagement.WebServices.ResourceManagementService.
GetCurrentUser()”

clip_image004

I thought that maybe the Forefront Services that SharePoint 2010 beta installs may not be running under the correct account but they were running under the service account (also an administrator) as I expected:

image

I finally decided to log on as the service/admin account (xSP2010Admin) in the above image and try to reconfigure the the new Synchronization Connection and it worked!


clip_image006

This seems like a bug to me however, feel free to correct me. 

So the bottom line is that I guess if you are doing your install as a different user (even if it’s a domain or a box administrator), it is best to configure user profile synchronization options running as the service account (at least for the beta).

The funny thing is when I log back in as my administrator account I was originally using to configure the synchronization connection.  I still get the same “The query returns nothing.” issue even though it shows up correctly logged in as the service account.  This looks like a permission error where my installation account doesn’t have the necessary permissions but it really doesn’t make sense as I’m logged in as domain admin.

**Update**: I found this forum on the SharePoint 2010 boards that seem to indicate that other people are able to resolve this issue a similar fashion but have no confirmation that this is the actual way to fix the issue.

[1] http://blogs.msdn.com/opal/archive/2009/11/19/user-profile-sync-setup-in-sharepoint-server-2010-beta.aspx

[2] http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/4d40e93f-4f28-4930-873c-af4449225a2e/

Leave a Reply

Your email address will not be published. Required fields are marked *