Roles in SAP and User Profile Store are not synchronized - Event 5008 (Duet Enterprise)

 

Applies to: Duet Enterprise for Microsoft SharePoint and SAP

Alert Name:   Roles in SAP and User Profile Store are not synchronized

Event ID:   5008

Summary

Duet Enterprise users and their roles are synchronized with the SAP system and stored in the User Profile Service’s profile store. A function of the synchronization process is to retrieve the list of deleted SAP roles from the SAP system and update the User Profile store by clearing the SAP Roles property for the deleted SAP users. The Duet Enterprise Profile Synchronization timer job initiates the synchronization of the users in the SharePoint User Profile Store to mapped roles in the SAP system. The Timer Service service account running Duet Enterprise Profile Synchronization must have full control permissions to the User Profile Service application.

Symptoms

This event appears in the event log:

Event ID: 5008 Description: SAP Roles of users deleted from backend could not be updated.

Cause

One or more of the following might be the cause:

  • A network connectivity issue or transient SAP back-end errors occurred.

  • The User Profile Service application is not running.

  • The timer job account does not have full control permissions to the User Profile Service application.

    For more information about how to provide managed accounts permissions to a service application administrator for a specific User Profile Service application, see Assign administration of a User Profile service application (SharePoint Server 2010) (https://go.microsoft.com/fwlink/p/?LinkId=204625).

  • The DeletedIDEnumerator method in the BDC model that is associated with role synchronization, and that retrieves the deleted users from backend, failed. The SharePoint administrator might not have sufficient permission on the BDC model to execute this method.

Resolution

Verify network connectivity and SAP back-end connectivity

  • Ping the servers in the remote farm to ensure that they are available. Ask the administrator of the remote farm to ping the servers in your farm.

    Note

    Contact the SAP administrator and verify that there are no connectivity issues on the SAP system.

Start the User Profile service

  1. Confirm that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.

  2. On the SharePoint Central Administration Web site, click System Settings.

  3. On the System Settings page, in the Servers section, click Manage services on server.

  4. Click Start in the Action column for the User Profile Service.

  5. Click OK to start the service.

Verify the service account

  1. Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer.

  2. Click Start, point to Administrative Tools, and then click Services.

  3. In the Services snap-in, right-click the Windows SharePoint Services Timer V4 service, and then click Properties.

  4. In the Service Properties dialog box, on the Log On tab, type the password for the account, confirm the password, and then click OK.

  5. Right-click the service, and then click Start.

Verify access to the User Profile Service Application

  1. On the Central Administration Home page, in the Application Management section, click Manage service applications.

  2. On the Manage Service Applications page, click the row that contains the User Profile Service Application that was deployed for Duet Enterprise.

    The User Profile Service Application for your installation of Duet Enterprise is specified in the Duet Enterprise DuetConfig.config file.

  3. In the Sharing group of the Ribbon, click Permissions.

  4. In the Connection Permissions dialog box, do one of the following:

    • If the timer job account appears in the middle pane, click the user account.

    • If the timer job account does not appear in the middle pane, type the user account in the top pane, and then click Add.

  5. In the bottom pane, verify that the Full Control check box is selected.

  6. Click OK.

    For more information, see Restrict or enable access to a service application (SharePoint Server 2010) (https://go.microsoft.com/fwlink/p/?LinkID=202009).