Pages

Monday 6 January 2014

Restoring the User Profile Service application on a different server in a different SharePoint Farm on the same Domain - SharePoint 2010

It has been a while since my last post, I have been very busy in my new role. Thought why not start by addressing the User Profile Service application (UPA). 

As developers and administrators we tend to stay away from UPA, and to be fair, it is a slightly complicated service application to migrate.

Background:

We have a PROD-STANDBY used as an interim step and all the new features and enhancements are done here and then a DNS switch is applied. This way our down time is reduced, our typical downtime has been around 5 mins mainly for the DNS to propagate.

Farm Configuration:
PROD: 1 X WFE/APP + 1 X DB Server
PROD_STANDBY: 1 X WFE/APP + 1 X DB Server

 Approach:

 In order to keep the user profile information in sync, we decided to re-create the user profile service application but had a backup of the UPA databases (Profile DB, Social DB, from the PROD server.

 As per the Technet article (http://technet.microsoft.com/en-us/library/ff681014(v=office.14).aspx#resetSync) we had a few issues regarding user profiles being marked for deletion so had to take alternate approaches.
Create the UPS Service Application
  1. Application Management, Manage service applications
  2. From the Ribbon, click New, followed by User Profile Service Application
  1. Give it a sensible name
  2. Create a new App Pool (SharePoint Web Services Default) and use the DOMAIN\SPServices managed account
  1. Accept the defaults for the three Databases
  2. Select the machine in the farm running FIM (well it’s not running yet but this UI is crap it just lists servers in the farm)
  1. Enter the URL of the mysite host (http://my.sharepoint.com) amazingly this step actually validates the target site collection!
  1. Select your managed path and site naming scheme.
  2. Click Create, and wait while the Service Application, Service Connection and Databases are created.


[UPDATE 11/09/2010] if the NetBIOS name of the name is different from the fully qualified name (FQDN) you will also need to configure the Service Application to support this. To enable the Service Application to support NetBIOS name resolution, run the following Windows PowerShell:
1
$upsa = Get-SPServiceApplication –Id <GUID of User Profile Service Application> $upsa.NetBIOSDomainNamesEnabled=1 $upsa.Update()  # To get the GUID of the User Profile Service Application run Get-SPServiceApplication.




Reset profile synchronization
The User Profile Synchronization database serves as a staging area for user profile information. User Profile information that is stored in the profile store and synchronization database is consumed by the User Profile service. By following these steps, you can safely reset a User Profile Synchronization database without losing information in the profile store.

To reset profile synchronization by using Windows PowerShell
  1. Verify that you meet the following minimum requirements:
    • See Add-SPShellAdmin.
    • You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site.
    • The farm account, which is created during the SharePoint farm setup, must also be a Local Administrator on the server where the User Profile Synchronization service is deployed.
      This is required to start the User Profile Synchronization service. After the User Profile Synchronization service is started you can remove the farm account from the Administrators group.
  1. As a precaution, back up the User Profile service application. For more information, see Back up a service application in SharePoint Server 2010.
  2. If you are using the My Site cleanup timer job, you must disable it before you reset the synchronization database. Otherwise, the job will delete all user profiles and My Sites from the farm. For information about this timer job, see the Timer job reference (SharePoint Server 2010). For information about the Windows PowerShell cmdlets that you use to enable and disable this timer job, see Timer jobs cmdlets (SharePoint Server 2010).
  3. Disable the User Profile Incremental Synchronization timer job:
    1. On the SharePoint Central Administration Web site, click Monitoring.
    1. Click Review job definitions.
    1. Click User Profile Service Application Name-User Profile Incremental Synchronization.
      Where       User Profile Service Application Name is the name of the User Profile service application.
    2. Click Disable.
  1. On the Start menu, click All Programs.
  2. Click Microsoft SharePoint 2010 Products.
  1. Right-click SharePoint 2010 Management Shell and then click Run as administrator.
  1. In the User Account Control dialog box, click Yes.
  1. At the Windows PowerShell command prompt, type the following command to stop the SharePoint 2010 Timer service:
    net stop sptimerv4
  1. Copy the following code and paste it into a text editor, such as Notepad:
    $syncdb=Get-SPDatabase <SyncDBGUID>
    $syncdb.Unprovision()
    $syncdb.Status='Offline'
    $upa=Get-SPServiceApplication <UPSAppGUID>
    $upa.ResetSynchronizationMachine()
    $upa.ResetSynchronizationDatabase()
    $syncdb.Provision()
  1. Replace the following placeholders with values where:
    • <SyncDBGUID> is the GUID of the synchronization database.
    • <UPSAppGUID> is the GUID of the User Profile Service application.
      For more information, see       Get-SPDatabase.
  1. Save the file as an ANSI-encoded text file and name the file ResetSyncDB.ps1.
  1. At the Windows PowerShell change to the directory where you saved the file.
  1. Type the following command:
    ./ResetSyncDB.ps1
  1. Using SQL Server Management Studio, create a login in SQL Server for the User Profile Synchronization service account (that is, the farm account). Then, in the Sync database, create a database user that maps to the login and grant it access to the db_owner database role. For more information, see How to: Create a SQL Server Login (http://go.microsoft.com/fwlink/p/?LinkId=211993), How to: Create a Database User(http://go.microsoft.com/fwlink/p/?LinkId=211994), and Database-Level Roles (http://go.microsoft.com/fwlink/p/?LinkId=211995).
  1. At the Windows PowerShell command prompt, type the following command to start the SharePoint 2010 Timer service:
    net start sptimerv4
  1. Start the Profile Synchronization service. For more information, see the Start the User Profile Synchronization service section of the "Configure profile synchronization" topic.
  1. Reset IIS. For more information about how to reset IIS, see the Reset IIS section of the "Configure profile synchronization" topic.
  2. Create connections to the data sources. For more information, see Restore a service application (Search Server 2010).
  3. If you do not intend to use the My Site cleanup timer job, run profile synchronization. For more information about how to run profile synchronization, see Start profile synchronization manually (SharePoint Server 2010). If you intend to enable the My Site cleanup timer job, complete these additional steps before you enable the job:
    1. Run two full profile synchronizations.
    1. After the second profile synchronization completes, on the Central Administration Web site, in the Application Management section, click Manage service applications.
    1. Click the User Profile service application name, and then click Manage.
    1. On the Manage Profile Service page, in the People section, click Manage User Profiles.
    1. Next to View, select Profiles Missing from Import.
    2. In the Find Profiles box, type the domain for the profiles and then click Find.
    3. For each profile that is returned, check the originating directory service, such as Active Directory, for the status of that profile. If the status of any of the returned profiles in the directory is not disabled or is not deleted, do not enable the My Site cleanup timer job. Contact Microsoft support for more assistance. Otherwise, enable the My Site cleanup timer job. For information about the Windows PowerShell cmdlets that you use to enable and disable this timer job, see Timer jobs cmdlets (SharePoint Server 2010).
  1. Enable the User Profile Incremental Synchronization timer job:
    1. On the SharePoint Central Administration Web site, click Monitoring.
    2. Click Review Job Definitions.
    3. Click User Profile Service Application Name-User Profile Incremental Synchronization.
      Where       User Profile Service Application Name is the name of the User Profile service application.
    4. Click Enable.

Notes:

After you have restored and you run the user profile sync jobs, you notice the sync jobs are running fine and you get excited that everything is working well.

Don't congratulate yourself too quickly, you may notice the next day that all user profiles have been deleted..........

I faced this problem (might not happen to you), here is what I had to do:

Run this SQL query against your user profile database:

Select * from userprofile_full (nolock) where bDeleted = 1

In my case I just updated bDeleted to 0

I acknowledge that modification of SQL database for SharePoint is not recomemded but after 3 days of pain staking exercise I did not see another way out. The profile Sync has been running fine for about 3 months now. This is not my recommendation, it is just what I did to make it work.

  • Run the Incremental Synchronization about 5 times and if the bDeleted field in the database is still marked at 1 run the following update command (*ensure you have database backups):


update dbo.UserProfile_Full set bDeleted=0 where bDeleted =1
*********** References **************

 Also refer to this technet article: http://technet.microsoft.com/en-us/library/ff681014.aspx#resetSync


"Stuck on Starting"

How to configure user profile synchronisation service application:


Restore a UPA MSDN:

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)