none
Personal site creation for ADFS users - User cannot be found

    Question

  • Hi, I am trying to configure newly created SharePoint 2016 farm to use ADFS 2016 as claims provider and then start up on-premises OneDrive for our users (that means get MySites working).

    I´ve followed this article to get ADFS signing in working. Then I´ve followed this article to configure MySites for users and this article to sync users from AD through ADFS into SharePoint user profile service. Users are synced well, all of them have Account name attribute set to i:05.t|adfs|<user>@contoso.com. Users can sign in to MySite web app through ADFS and SharePoint tries to create their personal site, but it ends with an error. The same error occurs when I try manually to create user´s personal site through PowerShell. The error 5187 in the event log is:

    My Site creation failure for user 'i:05.t|adfs|jiri@contoso.com' for site <g class="gr_ gr_1478 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="1478" id="1478">url</g> 'https://my.contoso.com/personal/jiri'. The exception was: Microsoft.Office.Server.UserProfiles.PersonalSiteCreateException: A failure was encountered while attempting to create the site. ---> Microsoft.SharePoint.SPException: User cannot be found.
       at Microsoft.SharePoint.Administration.SPSiteCollection.GetSPPrincipalInfoFromContext(String loginName, Uri contextUri, Boolean& isWindowsAccount, String& userKey)
       at Microsoft.SharePoint.Administration.SPSiteCollection.AddInternal(SPSiteCollectionAddParameters param)
       at Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPSiteCollectionAddParameters param)
       at Microsoft.Office.Server.UserProfiles.MySiteInstantiationManager.<>c__DisplayClass2c.<CreateSite>b__28()
       --- End of inner exception stack trace ---
       at Microsoft.Office.Server.UserProfiles.MySiteInstantiationManager.<>c__DisplayClass2c.<CreateSite>b__28()
       at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
       at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
       at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
       at Microsoft.Office.Server.UserProfiles.MySiteInstantiationManager.CreateSite(String strSiteRelative, String strSiteFullUrl, Int32 overrideCompatLevel, Int32 lcid, SPContentDatabase contentDatabase).

    I´ve searched the whole Internet and among many unuseful posts and links, I´ve found this one. As mentioned there, I´ve installed LDAPCP custom claims provider. It works in people picker well, but the error above was not solved. I´ve list through whole user profile attributes via PowerShell and what seems strange to me is, that SID attribute for users is not filled up with SID form AD, but with string i:05.t|adfs|<user>@contoso.com. I think maybe it is related to the error message ... failure for user 'i:05.t|adfs|jiri@contoso.com' ... If SharePoint tries to validate users with this string, it must end with an error. There should be something like jiri@contoso.com (that is mail and UPN) or CONTOSO\jiri or maybe just <g class="gr_ gr_3079 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="3079" id="3079">jiri</g>.

    Could someone tells me how to configure MySite and personal sites with ADFS authentication? I am trying to figure it out for a couple of days and this error starts to drive me crazy. I´ve found many articles about ADFS and SharePoint and my configuration is in line with them, but still, personal sites are not working.

    Regards

    Jiri

    Friday, December 22, 2017 10:16 PM

All replies

  • Hi,

    Did you set secondary administrator account when creating personal site using PowerShell command?

    If not, it seems that the issue is by design.

    While creating personal site using PowerShell command, you must provide the secondary administrator account and it is compulsory, when the secondary administrator account is not getting resolved properly you get above error.

    Workaround:

    There is an exceptional scenario that if you use windows application named owstimer.exe to create personal site, the secondary login is not must.

    You can try to create a custom application named owstimer.exe and calling same CreatePersonalSite method to create sites for users. It should work well.

    Best Regards,

    Dean Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 25, 2017 2:58 AM
    Moderator
  • Hi Dean, thank you for your answer, it solves the issue particularly. For my account, I was able to set secondary administrator account through Central Administration site (Manage Service Application -> Profile Service -> Manage User Profiles -> Search for my account -> Manage site collections owner from a drop-down menu). After that change, personal site for me has been created automatically after signing into MySite collection.

    The issue persists with other accounts. I can´t set secondary administrator the same way as I did it in case of my account because it tells me "The user has not created a personal site." (strange that my personal site wasn´t created either). So how can I set secondary administrator account for users, that doesn't have their personal site created? Or can you explain the workaround with the owstimer.exe app more deeper? 

    Thanks.

    Jiri

    Wednesday, December 27, 2017 6:07 PM
  • Hi,

    The issue can be resolved by creating a small windows application or a custom SharePoint timer job.

    In the windows application or the custom timer job, you can call CreatePersonalSite function, which works without any issue.

    Please renamed this file to .exe.

    The sample code written in forms application is this:

    SPSecurity.RunWithElevatedPrivileges(

                    delegate()

                    {

                        SPSite oSite = new SPSite(textBox1.Text);

                        SPServiceContext serviceContext = SPServiceContext.GetContext(oSite);

                        UserProfileManager profileManager = new UserProfileManager(serviceContext);

                        //"i:0ǵ.t|adfs for portalhive new|vinit"

                        UserProfile profile = profileManager.GetUserProfile(textBox2.Text);

                        profile.CreatePersonalSite();

                    }

                    );

    Best Regards,

    Dean Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 28, 2017 7:17 AM
    Moderator
  • Hi, thank you for your answer. Sadly your solution requires some coding in C# and Visual Studio. I´ll let you know if it helps when I´ll find some time to do coding.

    Thanks.

    Jiří

    Wednesday, January 3, 2018 9:05 AM