在创建Synchronization Connection的时候, Client端对timeout有三种限制.
1. 在编辑connection页面, 点击populate按钮的时候, sharepoint会去遍历域内所有的domain和OU. 这里有一个限制值A.
2. 在点击了OK之后, sharepoint会去执行入forefront identity manager, 创建并编辑management agent. 这些请求会发送给Domain controller, 如果AD那边的OU的结构很大, 信息很多, 是有可能超时的. 针对这一点, 有一个限制值B.
3. 第三个限制值是DirectoryConnection.Timeout的限制, 该值默认为30秒, 让我们给它起个代号叫C.
解决方案
==========
可以使用下面的PowerShell命令来得到以上的三个限制值:
//A
$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}
$upaAppProxy.ImportConnAsyncTimeout //default value is 60
//B
$upaApp = Get-SPServiceApplication | ? {$_.name -like 'User Profile Service'}
$upaApp. FIMWebClientTimeOut //default value is 300000
//C
$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}
$upaAppProxy.LdapConnectionTimeout //default value is 60
可以使用下面的PowserShell命令来对其进行修改:
//A
$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}
$upaAppProxy.ImportConnAsyncTimeout = 180 //This value is in seconds, 3 minutes.
$upaAppProxy.Update()
//B
$upaApp = Get-SPServiceApplication | ? {$_.name -like 'User Profile Service'}
$upaApp. FIMWebClientTimeOut = 600000 //This value is in milliseconds, 10 minutes.
$upaApp.Update()
//C
$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}
$upaAppProxy.LdapConnectionTimeout = 180 //This value is in seconds, 3 minutes.
$upaAppProxy.Update()
如果延长了时间, 依然会超时, 请尝试下面的步骤
1. 在SharePoint Server上, Start -> Run -> secpol.msc
2. Security Settings -> Local Policies -> Security Options -> Network security: LDAP client signing requirements
3. 右键单击 -> 选择 Property –> 在Local Security Setting 选项卡, 设置值为None -> 点击OK
4. Start -> Run -> cmd -> gpupdate /force
注意:
要确保你在connection的配置页面指定的账户拥有特定权限
- Farm Admin 或 User Profile Service Application 的管理员
- 在AD上拥有Replicating Directory Changes权限.
还有, 如果你的domain环境过于复杂, 请确保在forest name的选项中填写了正确的值.
在文章开头描述的第2步中, 请求发送给Domain controller, 如果AD那边的OU的结构很大, 信息很多, 即使修改了限制值B, 却依然超时的情况下, 应该尝试修改WCF默认的超时值.
步骤如下:
- 打开C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\Profile\client.config 文件
- 找到所有的timeout属性, 一股脑的加倍, 默认都是00:00:20, 全部修改为00:00:40. 需要修改的原始文件片段摘抄如下.
<bindings> <customBinding> <binding name="ProfileServiceHttpsBinding" receiveTimeout="00:00:20" sendTimeout="00:00:20" openTimeout="00:00:20" closeTimeout="00:00:20"> <security authenticationMode="IssuedTokenOverTransport" /> <binaryMessageEncoding> <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152"/> </binaryMessageEncoding> <httpsTransport maxReceivedMessageSize="2162688" authenticationScheme="Anonymous" useDefaultWebProxy="false" /> </binding> <binding name="ProfileServiceHttpBinding" receiveTimeout="00:00:20" sendTimeout="00:00:20" openTimeout="00:00:20" closeTimeout="00:00:20"> <security authenticationMode="IssuedTokenOverTransport" allowInsecureTransport="true" /> <binaryMessageEncoding> <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" /> </binaryMessageEncoding> <httpTransport authenticationScheme="Anonymous" maxReceivedMessageSize="2162688" useDefaultWebProxy="false" /> </binding> <binding name="ProfileDBCacheServiceHttpsBinding" receiveTimeout="00:00:20" sendTimeout="00:00:20" openTimeout="00:00:20" closeTimeout="00:00:20"> <security authenticationMode="IssuedTokenOverTransport" /> <binaryMessageEncoding> <readerQuotas maxStringContentLength="1048576" maxArrayLength="2147483647"/> </binaryMessageEncoding> <httpsTransport authenticationScheme="Anonymous" transferMode="StreamedResponse" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2097152" maxReceivedMessageSize="2147483647" useDefaultWebProxy="false" /> </binding> <binding name="ProfileDBCacheServiceHttpBinding" receiveTimeout="00:00:20" sendTimeout="00:00:20" openTimeout="00:00:20" closeTimeout="00:00:20"> <security authenticationMode="IssuedTokenOverTransport" allowInsecureTransport="true" /> <binaryMessageEncoding> <readerQuotas maxStringContentLength="1048576" maxArrayLength="2147483647"/> </binaryMessageEncoding> <httpTransport authenticationScheme="Anonymous" transferMode="StreamedResponse" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2097152" maxReceivedMessageSize="2147483647" useDefaultWebProxy="false" /> </binding> </customBinding> </bindings>
笔者的环境是SharePoint 2010 CU2(August CU, 14.0.5123.5000), 居然有报错但connection依然创建成功并正常工作的情况. SharePoint 2010产品还有待改进呀.
资料来源
===========
http://technet.microsoft.com/en-us/library/cc738915(WS.10).aspx
Configure Profile Sync Service
http://technet.microsoft.com/en-us/library/ee721049.aspx
User Profile Administration
http://technet.microsoft.com/en-us/library/ee721050.aspx
Configure needed permissions in Active Directory:
http://support.microsoft.com/kb/303972
Configure Active Directory group memberships
http://support.microsoft.com/kb/331951
Profile Post by Tanuj Bansal
WCF Timeouts on small memory'd SharePoint 2010 machine