Updated SAP user profiles could not be retrieved - Event 5003 (Duet Enterprise)

  • Article

 

Applies to: Duet Enterprise for Microsoft SharePoint and SAP

Alert Name:   Updated SAP user roles could not be retrieved

Event ID:   5003

Summary

Duet Enterprise Profile Synchronization uses Microsoft Business Connectivity Services for communication between Microsoft SharePoint Server 2010 and the SAP environment. The Duet Enterprise Profile Synchronization timer job retrieves the list of updated SAP roles from the SAP system and updates the SAP Roles property in the User Profile store for all SAP users. Business Connectivity Services could not communicate with the SAP system and retrieve the list of updated SAP roles.

Symptoms

The following symptoms might appear:

  • The Duet Enterprise Profile Synchronization timer job fails.

  • This event appears in the event log:

    Event ID: 5003 Description: Could not retrieve roles from backend. The exception message is <message>.

Cause

One or more of the following might be the cause:

  • Transient connectivity problems that are caused by high server load on the SAP system.

  • The process account for the SharePoint 2010 Timer (SPTimerV4) service does not have Execute permissions on the BDC UserRoles model.

Resolution

Grant permissions on the BDC UserRoles model

  1. Verify that you have the following administrative credentials:

    • You must be a member of the Farm Administrators group.

  2. Follow the instructions in Manage user access to BDC models (https://go.microsoft.com/fwlink/?LinkId=204089) to grant the process account for the SharePoint 2010 Timer service Execute permissions on the BDC UserRoles model.

Verify the SharePoint 2010 Timer service account

You must provide the SAP administrator with the user account that is assigned to the SharePoint 2010 Timer service, also known as the SPTimerV4 service. The SAP administrator must ensure that this account is mapped to an SAP user who is granted sufficient permissions on the SAP system to query the UserRoles assignments query. To learn how to get the user account for the SharePoint 2010 Timer service, see Synchronize profiles and roles (https://go.microsoft.com/fwlink/p/?LinkId=205815).

Synchronize user profile information

  1. Follow the instructions in Start profile synchronization manually (SharePoint Server 2010) (https://go.microsoft.com/fwlink/p/?LinkID=201163) to synchronize user profile information between AD DS and SharePoint Server 2010.

    Configure the following:

    1. Verify that you have the following administrative credentials:

      • You must be a member of the Farm Administrators group or administrator of the User Profile Service Application.

    2. On the User Profile Service Application page, in the Synchronization section, click Start Profile Synchronization.

    3. On the Start Profile Synchronization page, select whether you want to perform an incremental or full synchronization, and then click OK.