none
Users in Project Server 2010 Groups aren't being inserted in SharePoint Permissions Group, and therefore cannot access PWA.

    Question

  • I had a project server 2010 running well, until I've tried to sync my Project Server groups to AD groups. Now, it doesn't matter how I insert a user in Project Server Groups, it doesn't go to SharePoint Groups.

     

    I'm following these simple steps here:

     

    1 - Have a AD user configured and fully functional;

    2 - Create a new Resource, setting the checkbox "Resource can logon to Project Server", and using the right domain and user name;

    3 - Add this user to Project Managers Group;

    4 - Save the Resource;

    5 - Open a new browser session and login with user credentials

    Result: Access Denied

     

    If I check over the Project Managers Group (Microsoft Project Server) in the site permission in PWA, the user isn't there.

     

    If I follow the same steps in another PWA in the same Project Server installation, using the same user, everything goes fine.

     

    I've tested the synchronization between PS and AD. The users inserted in AD groups are coming to PS Groups as expected, but aren't been inserted in SharePoint groups.

     

    I've looked for any error log in the Project Server Queue, in the Event Viewer, in SharePoint log, and I didn't find anything useful.

    The only error log I've got, appears when I try to sync a project site (Server Settings > Project Sites > Synchronize). A job of type "Project Site Membership Synchronization" fails in the queue with the following error details:

     

    • Queue:
      • GeneralQueueJobFailed (26000) - SynchronizeMembershipForWssSite.SynchronizeMembershipForWssSiteMessage. Details: id='26000' name='GeneralQueueJobFailed' uid='2ba77866-fc63-482d-9dbb-94c87335185e' JobUID='b9de80d5-2bdb-401a-a868-a53d3a5c7752' ComputerName='SSPALM011' GroupType='SynchronizeMembershipForWssSite' MessageType='SynchronizeMembershipForWssSiteMessage' MessageId='1' Stage=''. For more details, check the ULS logs on machine SSPALM011 for entries with JobUID b9de80d5-2bdb-401a-a868-a53d3a5c7752.

     

     

    I've checked several things, and I'm struggling with this error for a while now.

     

    I would really appreciate some help here, I'm running out of ideas. If any other information is needed, just ask! :)

    Thank you for reading, I know its a long text, but I didn't wanna miss any information.


    • Edited by Anselmo M Silva Friday, July 27, 2012 12:14 PM english correction
    Thursday, July 26, 2012 8:06 PM

All replies

  •  

    Hi there,

    This is expected behaviour if "SynchronizeMembershipForWssSite" is failed then user from PWA site will not be updated on root of the site which allows users to login PWA site

    To narrow down the issue open any resource experiencing via PWA>>Server Settings>>Manage users and click on save without making any changes

    Navigate to Manage queue page and validate the status of "SynchronizeMembershipForWssSite", if successfully completed have the user login to PWA site

    Which PWA user group are you trying to synchronize with Active Directory, if there are invalid resources or if there is a conflict of GUID in Project Database, group sync job could result in to partial or complete failure

    Try to initiate sync job first logging with farm admin or PWA admin account, upon failure of the job review ULS log , we will find additional information for sure, if needed we can enable verbose logging for this particular job


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Friday, July 27, 2012 3:30 AM
  • Hi
    Hrishi,

     

    Thank you for your reply.

     

    Looking at the queue after I insert any user in the Project Manager
    group in Project Server I see two jobs:

    User Synchronization (Add Operation) for Project Web App App Root
    Site and Project Sites

    User Synchronization (Delete Operation) for Project Web App App Root
    Site and Project Sites

    Both jobs with status Success.

    I've done the same test in the other PWA, the queue has exactly the
    same behavior. The difference is that the user really gets the permissions.

     

    I have not found any job of type SynchronizeMembershipForWssSite in
    the queue.

     

    Looking at the ULS, there is no error message.

     

    I really think that the failed attempt to sync with Active Directory
    led something to very inconsistent state.

     

    I've created another PWA and I'll try to Sync again, this time I'll
    be watching the logs closely now.

     

    Any other idea?



    Anselmo Silva

    Friday, July 27, 2012 2:28 PM
  • Anselmo,

    We can fix exiting failed instance as well, but if it’s not in production and you are willing to build another PWA instance that’s fine too.


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Friday, July 27, 2012 3:13 PM