[SDP 5][ 5fb7e9b4-bd1f-405f-ba2f-00ace50d66b7] SharePoint User Profile 2016 configuration troubleshooter

Summary
The Microsoft SharePoint User Profile 2016 configuration troubleshooter (SPUserProfile2016) manifest detects certain problematic conditions that may exist in the configuration of the user profile on a server that's running Microsoft SharePoint Server 2016.

Important Problematic conditions are checked only on the server on which this manifest is run. To make sure that you have maximum coverage, we recommend that you run this package on every computer in a SharePoint farm.

This article describes the function of the SPUserProfile2016 manifest file.

Required permissions

The rules in the diagnostic package use the SharePoint Windows PowerShell snap-in for information about your farm. Therefore, the account that's used to run the diagnostic package must be the farm account or be granted the required permissions through the Add-SPShellAdmin command. The farm account is the account that the timer service and central administration site's application pool run under.

Some rules in this diagnostic package must also have local server administrative permissions to use remote and local administrative tools and also to access secure system locations such as the registry. You can use the following table to reference the permissions that are required for each rule.

Permission codeDescriptionRequired permission
1Use SharePoint Windows PowerShell cmdlets to interact with the SharePoint farm.Farm administration
2Run queries against SharePoint databases.Farm administration
3Access server administrative tools.Server administrative
4Access files and other resources on the server.Server administrative

More information
This section summarizes the information that may be collected from a computer when you run SPUserProfile2013.

Information that's collected

Manifest results
DescriptionFile name
Contains a clean version of the failure and of the warning conditions that are detected during the execution of the SPUserProfile2016 manifest. The information that is included is as follows:
  • MachineName: Name of the computer for which the information is being collected. (This can be changed to protect privacy before information is uploaded to Microsoft.)
  • Timestamp: Date and time when the data was collected.
  • RuleID: A GUID value that indicates which SPUserProfile2016 rule was triggered. (See the rules section later in this table for more information.)
  • InstanceID: A GUID that is used to identify a particular instance of a RuleID that was triggered. (You can have a rule applied multiple times on a computer and have only certain instances trigger a warning. This value will help you isolate that instance.)
{GUID}_SPUserProfile2016_O16SP_Failures_mm_dd_yyyy_hhmm_[AM|PM].csv
Provides the actual results of the SPUserProfile2016 manifest. This is what is displayed back to the user to indicate the status of each rule that is executed.ResultReport.xml
Provides the internal file that is generated as a by-product of the execution of the manifest. It contains no customer data.Results.xml
Provides an .xlst transform that formats the results in the ResultReport.xml file. It contains no customer data.Results.xsl
Contains debug information that may be generated during the execution of the manifest. It also contains timings on each rule that is run. It may contain customer data. However, every attempt has been made to minimize the amount of customer data.SPUserProfile2016.O.debugreport.xml
Contains additional debug information for the manifest execution. It may contain customer data. However, every attempt has been made to minimize the amount of customer data.Stdout.log
Contains the environmental information for each computer in the farm. The information that is captured includes the following:
  • Computer name
  • Operating system name
  • Last restart/uptime
  • Computer model
  • Processors
  • Computer domain
  • Role
  • Operating system language
  • Time zone
  • Total RAM
  • Drives (total and free space that is available)
%COMPUTERNAME%_cfg_%LANG%_FarmEnvironment.txt
Contains the SharePoint information for each computer in the farm. The information that's captured includes the following:
  • SharePoint Configuration Database information
  • SharePoint services on server
%COMPUTERNAME%_cfg_%LANG%_O16SP_FarmInformation.txt
Captures the PSCDiagnostic logs for computer.%COMPUTERNAME%_iis_%LANG%_O16SP_PSCDiagnosticLogs.cab
Captures the ULS log for the computer.%COMPUTERNAME%_uls_%LANG%_O16SP_ULSLogs
Contains information about each computer in the farm. The information enables the detection of password synchronization issues. The information that is captured includes the following:
  • Computer name
  • Application pool name
  • User name (domain and user ID) under which the application pool runs
  • A password hash for the password that is associated with the application pool user name per computer
%COMPUTERNAME%_SPUserProfile2016_O16_PasswordSync.txt

System logs
Rule IDTitleDescription
Basic system information
3CAE6F84-C3F5-4DB2-80D1-66C15B7BEF2EFarm environment
FB2C97D5-3681-49B8-972F-8EF0379D7F80Farm Information
1A0049DC-543D-4F73-9555-CCE314C4A463SharePoint farm report

Security information

Rule IDTitleRequired permissionsDescription
C6F6524B-2BD6-4788-B2DD-E609151A378ACheck for Application Pool password mismatch1, 4 http://technet.microsoft.com/en-us/library/ff607826.aspx
DB2D6406-5155-477A-AB9B-DF5E523AA7C0Check for disabled service accounts1, 4http://technet.microsoft.com/en-us/library/cc781527(v=WS.10).aspx

User profiles

Rule IDTitleRequired permissionsDescription
9468CABC-60F5-C0DE-DE03-A660655B416FUser profile sync account has a proxy enabled1, 4http://support.microsoft.com/kb/2408458
AAF4F2A7-7463-4DD0-B35A-3C1059853567Check the execution timeout for User Profile connection creation page4
3C865138-1C6A-42D1-ABC1-C3DF28B77001Check the cache allowed clients accounts1http://msdn.microsoft.com/library/ff428172.aspx
F1CD28B-9139-4A51-9DEE-66192C4F043ECheck the User Profile Application for the dn-not-ldap-comformant condition1, 2
F3E9ED13-FAA9-C0DE-DE06-C3AE4EAE0488Checking the SQL Server Native Client version
E56744A8-B475-49EC-99C2-2E86A4749E58Check User Profile Sync timer job exists
E57570E0-B75D-4F7B-B1D3-464903D3D7D1Check User Profile Sync timer job ran recently
E5890DDF-B7C5-452C-89DF-63409B1A1508Check User Profile Sync timer job schedule
E59D17C2-5CD1-4432-8166-5BEF46868750Check User Profile Sync timer job status

Additional information

Password synchronization report
The password synchronization report is a new file that is generated by the troubleshooter. The report output resembles the following:

Password Synchronization Report Generated from SERVER1: 04/08/2011 10:51:13


============================================================================



Machine Name UserName Password Hash

======== ==================================== =================== ========================



SERVER1 0cbce7b825854b9d93b2610c3627533a contoso\user1 taggcB3Cg9kkSVLVZlCTyg==



SERVER2 0cbce7b825854b9d93b2610c3627533a contoso\user1 KU91YgOOM8CYdezeuhn96w==



SERVER1 SecurityTokenServiceApplicationPool contoso\user1 taggcB3Cg9kkSVLVZlCTyg==



SERVER2 SecurityTokenServiceApplicationPool contoso\user1 KU91YgOOM8CYdezeuhn96w==



SERVER1 SharePoint - 30699 contoso\user1 taggcB3Cg9kkSVLVZlCTyg==



SERVER2 SharePoint - 30699 contoso\user1 KU91YgOOM8CYdezeuhn96w==



SERVER1 SharePoint Central Administration v4 contoso\user1 taggcB3Cg9kkSVLVZlCTyg==



SERVER1 c408cf58b72d493da1925746dd8a0012 contoso\user2 LmbbRTCUtCxxfGHdq3l/nA==



SERVER2 c408cf58b72d493da1925746dd8a0012 contoso\user2 LmbbRTCUtCxxfGHdq3l/nA==



SERVER2 SharePoint - 80 contoso\user2 LmbbRTCUtCxxfGHdq3l/nA==



SERVER1 SharePoint - 80 contoso\user2 LmbbRTCUtCxxfGHdq3l/nA==


The information is sorted by UserName and Name (application pool). As the sample output shows, the password hash for the 0cbce7b825854b9d93b2610c3627533a application pool has a different value on SERVER1 than on SERVER2. This indicates that the passwords do not match. This might have occurred because the password was changed on one server but not on the other. As the sample output for the SharePoint – 80 application pool shows, the password hash is identical on both servers in the farm. This indicates that the passwords are in sync.
Properties

Article ID: 3166497 - Last Review: 06/14/2016 19:30:00 - Revision: 1.0

Microsoft SharePoint Server 2016

  • KB3166497
Feedback