Wednesday, January 23, 2013

Forefront Identity Manager - Schema validation failed

This post want to share my experience about "Schema Validation Failed" error logged every minute on the Application Log, associated to FIM Service of SharePoint 2010.

The error detail is:

Log Name:      Application
Source:        Forefront Identity Manager
Date:          23/01/2013 15:42:01
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxxxx.xxx.xxx
Description:
System.Data.ConstraintException: Schema validation failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-23T14:42:01.000000000Z" />
    <EventRecordID>556000</EventRecordID>
    <Channel>Application</Channel>
    <Computer>xxxxxxx.xxx.xxx</Computer>
    <Security />
  </System>
  <EventData>

Immediatly after this error, another more detailed is logged on the App log.
The second error detail is:

Log Name:      Application
Source:        Forefront Identity Manager
Date:          23/01/2013 15:42:01
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxxxx.xxx.xxx
Description:
Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-23T14:42:01.000000000Z" />
    <EventRecordID>556001</EventRecordID>
    <Channel>Application</Channel>
    <Computer>xxxxxxx.xxx.xxx</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</Data>
  </EventData>
</Event>
    <Data>System.Data.ConstraintException: Schema validation failed.</Data>
  </EventData>
</Event>

After a lot of research, verbose logging, and the use of this usefull utility founded on Codeplex (FIMQueryTool - thanks a lot to the author), I was able to have more datail about the Failing Request.

The problem was related to a recently change of the permission of my SharePoint User Profile Service Application.

Basically I've garanted "Edit Profile permission" to a specific Active Directory Security Group.

This AD Security Group contains a blank in "PreWindows 2000 Name".

This blank was causing FIM Service to fail in validating Schema during the process of the Request related to this AD Group.

Removing the blank will fix everything.

I don't know if this can be considered a Bug or not. We can see if further SharePoint 2010 Cumulative Update or Service Pack will fix it.

This behavior has been discovered using SP1 + June 2012 Cumulative Update (kb2687299).

Posted by at
Labels: , , ,

1 comment:

Unknown said...

Great solution. That cleared up the issue for me also!

May 23, 2013 at 9:07 PM

Post a Comment

Subscribe to: Post Comments (Atom)