[SDP 5][B21A1B04-CBC3-469A-890A-046C6C9FC9A7] SharePoint User Profile 2013 Configuration Troubleshooter

The Microsoft SharePoint User Profile 2013 configuration troubleshooter (SPUserProfile2013) manifest detects certain problematic conditions that may exist in the configuration of the user profile on the server that is running Microsoft SharePoint Server 2013.

Important Problematic conditions are checked only on the server on which this manifest is run. To make sure that you have maximum coverage, we recommend that you run this package on every computer in a SharePoint farm.

This article describes the function of the SPUserProfile2013 manifest file.

Required permissions

The rules in the diagnostic package use the SharePoint Windows PowerShell snap-in for information about your farm. Therefore, the account that is used to run the diagnostic package must be the farm account or be given the required permissions through the Add-SPShellAdmin command. The farm account is the account under which the timer service and central administration site's application pool run.

Some rules in this diagnostic package must also have local server administrative permissions to use remote and local administrative tools and also to access secure system locations such as the registry. You can use the following table to reference the permissions that are required for each rule.
Permission codeDescriptionRequired permission
1Use SharePoint Windows PowerShell cmdlets to interact with the SharePoint farm.Farm administration
2Run queries against SharePoint databases.Farm administration
3Access server administrative tools.Server administrative
4Access files and other resources on the server.Server administrative
More information
This article describes the information that may be collected from a computer when you run SPUserProfile2013.

Information that is collected

Manifest results

DescriptionFile name
This file contains a clean version of the failure and of the warning conditions that are detected during the execution of the SPUserProfile2013 manifest. The information that is included is as follows:
  • MachineName: Name of the computer for which the information is being collected. (This can be changed to protect privacy before information is uploaded to Microsoft.)
  • Timestamp: Date and time when the data was collected.
  • RuleID: A GUID value that indicates which SPUserProfile2013 rule was triggered. (See the rules section later in this table for more information.)
  • InstanceID: A GUID that is used to identify a particular instance of a RuleID that was triggered. (You can have a rule applied multiple times on a computer and have only certain instances trigger a warning. This value will help you isolate that instance.)
This is the actual results of the SPUserProfile2013 manifest. This is what is displayed back to the user to indicate the status of each rule that is executed.ResultReport.xml
This is the internal file that is generated as a by-product of the execution of the manifest. It contains no customer data.Results.xml
This is an xlst transform that formats the results in the ResultReport.xml file. It contains no customer data.Results.xsl
This file contains debug information that may be generated during the execution of the manifest. It also contains timings on each rule that is run. It may contain customer data. However, every attempt has been made to minimize the amount of customer data.SPUserProfile2013.O.debugreport.xml
This file contains additional debug information for the manifest execution. It may contain customer data. However, every attempt has been made to minimize the amount of customer data.Stdout.log
This file contains the environmental information for each computer in the farm. The information that is captured includes the following:
  • Computer name
  • Operating system name
  • Last restart/uptime
  • Computer model
  • Processors
  • Computer domain
  • Role
  • Operating system language
  • Time zone
  • Total RAM
  • Drives (total and free space that is available)
This file contains the SharePoint information for each computer in the farm. The information that is captured includes the following:
  • SharePoint Configuration Database information
  • SharePoint services on server
Captures the PSCDiagnostic logs for computer.%COMPUTERNAME%_iis_%LANG%_O15SP_PSCDiagnosticLogs.cab
Captures the ULS log for the computer.%COMPUTERNAME%_uls_%LANG%_O15SP_ULSLogs
This file contains information about each computer in the farm. The information enables the detection of password synchronization issues. The information that is captured includes the following:
  • Computer name
  • Application pool name
  • User name (domain and user ID) under which the application pool runs
  • A password hash for the password that is associated with the application pool user name per computer

System logs

Rule IDTitleDescription
Basic system information
3CAE6F84-C3F5-4DB2-80D1-66C15B7BEF2EFarm environment
FB2C97D5-3681-49B8-972F-8EF0379D7F80Farm Information
1A0049DC-543D-4F73-9555-CCE314C4A463SharePoint farm report

Security information

Rule IDTitleRequired permissionsDescription
C6F6524B-2BD6-4788-B2DD-E609151A378ACheck for Application Pool password mismatch1, 4 http://technet.microsoft.com/en-us/library/ff607826.aspx
DB2D6406-5155-477A-AB9B-DF5E523AA7C0Check for disabled service accounts1, 4http://technet.microsoft.com/en-us/library/cc781527(v=WS.10).aspx

User profiles

Rule IDTitleRequired permissionsDescription
A7921FA0-7B82-C0DE-DE03-C84F18AD1A75FIM Sync Service are missing on a SharePoint Server1, 4
9468CABC-60F5-C0DE-DE03-A660655B416FUser profile sync account has a proxy enabled1, 4http://support.microsoft.com/kb/2408458
241AB4DC-81F0-C0DE-DE03-B2BD0C4B0EE7SharePoint Server names are fully qualified1http://support.microsoft.com/kb/2719512
DAA084DB-141B-C0DE-DE03-AACE0604187DFull FIM is installed1, 4
2A45DBFE-7FD3-C0DE-DE03-F07F8618243DFIM Services are missing on a SharePoint Server4
1EACF89D-89FD-C0DE-DE03-E4B504F985F0Profile sync on SharePoint Stand-Alone1http://support.microsoft.com/kb/983061
8E3CDA9D-7483-C0DE-DE06-EA3312D58D14Sync User must have 'Replicate Directory Changes' permission1,2http://technet.microsoft.com/library/ff182925.aspx#permission
27730A9E-1B71-4D50-9065-44FBCFD7D3EFCheck if NETWORK SERVICE has Read access to SharePoint install path1, 4http://support.microsoft.com/kb/2473430
AAF4F2A7-7463-4DD0-B35A-3C1059853567Check the execution timeout for User Profile connection creation page4
3C865138-1C6A-42D1-ABC1-C3DF28B77001Check the cache allowed clients accounts1http://msdn.microsoft.com/library/ff428172.aspx
F1CD28B-9139-4A51-9DEE-66192C4F043ECheck the User Profile Application for the dn-not-ldap-comformant condition1, 2

Additional information

Password synchronization report

The password synchronization report is a new file that is generated by the troubleshooter. The report output resembles the following:

Password Synchronization Report Generated from SERVER1: 04/08/2011 10:51:13============================================================================Machine   Name                                  UserName             Password Hash            ========  ====================================  ===================  ======================== SERVER1   0cbce7b825854b9d93b2610c3627533a      contoso\user1        taggcB3Cg9kkSVLVZlCTyg== SERVER2   0cbce7b825854b9d93b2610c3627533a      contoso\user1        KU91YgOOM8CYdezeuhn96w== SERVER1   SecurityTokenServiceApplicationPool   contoso\user1        taggcB3Cg9kkSVLVZlCTyg== SERVER2   SecurityTokenServiceApplicationPool   contoso\user1        KU91YgOOM8CYdezeuhn96w== SERVER1   SharePoint - 30699                    contoso\user1        taggcB3Cg9kkSVLVZlCTyg== SERVER2   SharePoint - 30699                    contoso\user1        KU91YgOOM8CYdezeuhn96w== SERVER1   SharePoint Central Administration v4  contoso\user1        taggcB3Cg9kkSVLVZlCTyg== SERVER1   c408cf58b72d493da1925746dd8a0012      contoso\user2        LmbbRTCUtCxxfGHdq3l/nA== SERVER2   c408cf58b72d493da1925746dd8a0012      contoso\user2        LmbbRTCUtCxxfGHdq3l/nA== SERVER2   SharePoint - 80                       contoso\user2        LmbbRTCUtCxxfGHdq3l/nA== SERVER1   SharePoint - 80                       contoso\user2        LmbbRTCUtCxxfGHdq3l/nA==
The information is sorted by UserName and Name (application pool). As the sample output shows, the password hash for the 0cbce7b825854b9d93b2610c3627533a application pool has a different value on SERVER1 than it has on SERVER2. This indicates that the passwords do not match. This might have occurred because the password was changed on one server but not on the other. As the sample output for the SharePoint – 80 application pool shows, the password hash is identical on both servers in the farm. This indicates that the passwords are in sync.
For information about the Microsoft Support Diagnostic Tool (MSDT), click the following article number to view the article in the Microsoft Knowledge Base:
973559 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) when it is used with Windows 7 or Windows Server 2008 R2
SharePoint 2013 diagnostics troubleshoot

Article ID: 2837391 - Last Review: 08/05/2015 22:14:00 - Revision: 13.0

Microsoft SharePoint Server 2013, Microsoft SharePoint Foundation 2013

  • kbtshoot kbsurveynew kbexpertiseinter KB2837391