none
User Profile Service: The operation was aborted because the client side timeout limit was exceeded

    Question

  • Hi,

    We're having trouble setting up a Synchronization Connection for the User Profile Service. In our scenario the SharePoint 2010 farm is in one domain, our users are in three other, different domains. The domains have a two-way trust. Now, we're able to set up Synchronization Connections to two of the three user domains, so it seems there is nothing wrong with the User Profile Service.

    The problem with the third domain is that we receive a timeout error after clicking the OK button of the Create Connection page:

    Error
    The operation was aborted because the client side timeout limit was exceeded.

    This timeout occurred after 5 minutes at first.

    After some searching I found this page on TechNet: http://technet.microsoft.com/en-us/library/ff681014.aspx#timeouts, describing how to increase timeout values. So I increased the FIMWebClientTimeOut value of the User Profile Service Application. First to 600000 milliseconds. Still a timeout error, this time after about 10 minutes. So I increased it even more, eventually to 1.800.000 milliseconds. But our timeout error kept returning after 10 minutes. And from the SharePoint logfile:

    04/12/2011 17:06:08.56 w3wp.exe (0x1D24)      0x08B0 SharePoint Foundation   Monitoring      b4ly Medium Leaving Monitored Scope (Request (POST:http://<servername>/_layouts/EditDSServer.aspx?ApplicationID=<ID>)). Execution Time=615692.713  b5e22ceb-d8ec-4522-a116-efc8c43a8241

    Yes, I did run the .Update() method after setting each value and calling FIMWebClientTimeOut method on my User Profile Service Application object actually does return a value of 1800000.

    Anybody has a clue why the Create Connection page is not obeying the correct FIMWebClientTimeOut value? Or could something else be the problem?

    Tuesday, April 12, 2011 3:35 PM

Answers

  • Please try this :

    On the SharePoint server goto :

    >Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options. Then select "network security: LDAP client signing requirements", change to "None".

    >Reboot the box

     

    Monday, July 25, 2011 8:07 PM

All replies

  • Hi,

    Please go to central administration > manage servers on server to make sure the user profile service and user profile synchronization service are working fine.

    Regards,

    Seven

    Thursday, April 14, 2011 9:29 AM
  • Hi Seven,

    Thanks for your answer, but like I said in my intro: we're able to set up Synchronization Connections to two of the three user domains. Users from these two domains have already been imported, and syncing works well. So both the User Profile Service and the User Profile Synchronization Service are working fine.


    Maarten Eekels
    Lead SharePoint Architect
    Blog: http://www.eekels.net
    Twitter: maarteneekels
    Thursday, April 14, 2011 9:57 AM
  • Hi,

    In my opinion, it is not the timeout setting issue but the operation cannot succeed.

    Please go to your server > start > administrator tools > services to make sure forefront identity manager service and forefront identity manager synchronization service are started.

    If they are working fine, please create a new user profile service application to see the results.

    Regards,

    Seven

     

    Friday, April 15, 2011 6:58 AM
  • check account you use for connecting to the problematic domain. It should not be expired and/or locked (try to run some program under this account in order to ensure that it really works). Also check that 2-way trust is configured properly for problematic account (try to run some program on app server using account from problematic domain, and run some program on the machine from problematic domain using account from app server's domain).


    Blog - http://sadomovalex.blogspot.com
    CAML via C# - http://camlex.codeplex.com
    Friday, April 15, 2011 7:33 AM
  • Hi,

    In my opinion, it is not the timeout setting issue but the operation cannot succeed.

    Please go to your server > start > administrator tools > services to make sure forefront identity manager service and forefront identity manager synchronization service are started.

    If they are working fine, please create a new user profile service application to see the results.

    Regards,

    Seven

     


    Then why am I able to create connections to the other two domains? I can change these connections too. But, just to be sure, I did what you suggested on a testing environment (where both FIM services are running). I created a new UPS application and tried to create a connection to the problematic domain. Without success.
    Maarten Eekels
    Blog: http://www.eekels.net
    Twitter: maarteneekels
    Friday, April 15, 2011 7:46 AM
  • check account you use for connecting to the problematic domain. It should not be expired and/or locked (try to run some program under this account in order to ensure that it really works). Also check that 2-way trust is configured properly for problematic account (try to run some program on app server using account from problematic domain, and run some program on the machine from problematic domain using account from app server's domain).


    Blog - http://sadomovalex.blogspot.com
    CAML via C# - http://camlex.codeplex.com

    Good tips for testing, thanks! I am able to run Notepad on the app server with the profile sync service account from the problematic domain. And I am also able to run Notepad on a machine in the problematic domain with the farm admin account from the domain the SharePoint farm is in. So that all seems to work well.
    Maarten Eekels
    Blog: http://www.eekels.net
    Twitter: maarteneekels
    Friday, April 15, 2011 8:01 AM
  • Please try this :

    On the SharePoint server goto :

    >Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options. Then select "network security: LDAP client signing requirements", change to "None".

    >Reboot the box

     

    Monday, July 25, 2011 8:07 PM
  • Please try this :

    On the SharePoint server goto :

    >Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options. Then select "network security: LDAP client signing requirements", change to "None".

    >Reboot the box

     


    This worked great.  Thanks!
    • Proposed as answer by LangeKRZ Friday, September 07, 2012 7:50 AM
    Monday, August 01, 2011 9:24 PM
  • If you are still facing this issue, please try this :

    • TCP chimney offload disable (http://support.microsoft.com/kb/951037)

    • Change the timeout value in web.config
                 C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\LAYOUTSedit web.configsopthttpRuntime executionTimeout= 360 to increase value to 3600

    • Increase timeout values

    $upsAppProxy = Get-SPServiceApplicationProxy <UPSAppProxyGUID>
    $upsAppProxy.LDAPConnectionTimeout = <NewTimeout>
    $upsAppProxy.Update()

    $upsAppProxy = Get-SPServiceApplicationProxy <UPSAppProxyGUID>
    $upsAppProxy.ImportConnAsyncTimeout = <NewTimeout>
    $upsAppProxy.Update()

    $upsApp = Get-SPServiceApplication <UPSAppGUID>
    $upsApp.FIMWebClientTimeOut = <NewTimeout>
    $upsApp.Update()

     

    Tuesday, September 20, 2011 2:21 PM
  • Wow, that fixed my issue, been dealing with it several days.  Thanks.
    Thursday, May 03, 2012 8:17 PM
  • You should check out this KB article: http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/909c0238-589e-4d7a-90b6-54957156cfb1/

    Windows could not start the Forefront Identity Manager Synchronization Service on local computer


    peonysmiles

    Sunday, September 16, 2012 11:26 PM
  • So for me, I had to download the following:

    (1) download and install KB2687353 - it turned bot of the FIM services on automatically.  I did not have to delete the UPS at all.  I stopped and restarted them , and that seemed to satisfy.

    (2) Rebooted.

    (3) on the server again, run GPedit.msc >Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options. Then select "network security: LDAP client signing requirements", change to "None".

    >Reboot the box

    then I was able to see everything.  It is important to note that I had followed the instructions at the famous harbar.net site about user profiles.  I had everything set up correctly.

    Monday, September 17, 2012 2:29 AM