SharePoint 2010 “Unable to process Create message” Error When Creating User Profile Synchronization Connection

 
 I was following Spencer Harbars great article A Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization for a second time and kept running into the "Unable to process Create message" when trying to do Step 13 on Configure Connections and do a Sync (Import).
 
As Spence says in the article you need to make sure that the account you enter in the Account Name box when creating a Synchronisation Connection is the exact account you want to do the Profile Synchronization with, and that it exists on the domain. 
 
I discovered a strange little quirk of this box which led me to receiving the "Unable to process Create message" error.  Read carefully!
 
Look at my account name in the image, it’s a rubbish domain name I’ve entered, but the Populate Containers box still correctly enumerates the domain.  I found by accident that the account name  but not the domain must match the password.  The domain name in the account name box is basically ignored when you click the Populate Containers button by the looks of it. Most (all?) accounts on the domain have read access to domain users by default, and I guess the account that is being used in generating the hierachy in the Populate Containers box is either the logged in user OR a combination of the account name and the forest name entered further up the page.  However … the account name and passwords must match! or the Populate Containers box will error.  Just because you get the hierarchy displaying do not assume that you have correctly configured the account used by Forefront Identity Manager to connect to the  AD forest!  Make sure you follow Spence’s blog post step by step.
 

How did I find this out? I use KeePass to store all my Active Directory User Names andPasswords even for demonstration servers.  I had recorded the user name of the account for User Profile Synchronisation as DOMAINA\spups (e.g), but the domain I was working on was called DOMAINB (again e.g).  I was using the same user name and password for DOMAINB, so I copied and pasted the user name from KeePass into the above Account Name input box BUT I FORGOT TO CHANGE THE DOMAIN!  The Populate Containers button worked fine and gave me the domain hierarchy even though the user DOMAINA\spups DID NOT EXIST ON DOMIANB obviously.  When I went to create the connnection by clicking OK, I got the "Unable to process Create message" error.  When I spotted the error, I corrected the domain name and everything worked fine. 

Hopefully that is clear, the main points to remember are:

1.  Make sure you follow Spence’s blog post step by step.

2.  Just because you get the hierarchy displaying after you click "Populate Containers" do not assume that you have correctly configured the account used by Forefront Identity Manager to connect to the AD forest, any valid username and password will result in the AD hierarchy being shown.

I’m just trying to clarify with Microsoft whether this qualifies as a bug, probably not, but hopefully this post might help somebody in some way …

Cheers

Dave Mc

 

 

Advertisements

About davemcmahon81
Software Developer & Architect, User Group Leader, Speaker, Writer, Blogger, Occasional Guitarist, Man-made Global Warming Sceptic, Climate Change Believer, General Optimist but most of all proud Husband and Dad ...

6 Responses to SharePoint 2010 “Unable to process Create message” Error When Creating User Profile Synchronization Connection

  1. It’s nearly a year later; Have you talked with Microsoft and what was their response if you had?

    Thanks!

  2. Lexflex says:

    For me the solution was quite simply that the Forefront Identity Manager Synchronization Service wasn’t running. I restarted User Profile Service and User Profile Synchronization Service via Central Administration and made sure the Services were running.

    That fixed the issue

  3. Fong says:

    Thanks!!! It fixed my issue after few weeks debugging.

  4. Bryant Sombke says:

    Genius! I was only given the account names from my client and guessed the domain name based on the forest. It loaded the AD hierarchy so I assumed I had it right. I found the correct domain name and it works now.

  5. Papouuu says:

    Had same problem :
    We got 2 connexion for 2 different domains.
    After delete both, activating NetBios Domain Name and IISRESET, I was able to create connexion as expected. 🙂

  6. Pingback: Fix Firefox Error Message Unable To Connect Errors - Windows XP, Vista, 7, 8

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: