Unable to connect SharePoint web service - SPMA FULLIMPORT no-start-ma 3 RRS feed

  • Question

  • I am configuring MIM for SharePoint 2016 user profile import but stuck with an error when it tries to FullIMPORT from SharePoint, not sure if I am missing some ports between MIM and SharePoint\AD DS.

    I am using my farm account as SharePoint credential in Install-SharePointSyncConfiguration

    I have followed steps from following two links:

    Install Microsoft Identity Manager for User Profiles in SharePoint Server 2016



    Error in event viewer :

    The extensible extension returned an unsupported error.
     The stack trace is:

     "System.Web.Services.Protocols.SoapException: Server was unable to process <g class="gr_ gr_312 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="312" id="312">request</g>. ---> Attempted to perform an unauthorized operation.
       at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointConnector.OpenImportConnection(KeyedCollection`2 configParameters, Schema schema, OpenImportConnectionRunStep importRunStep)
    Forefront Identity Manager 4.4.1302.0"


    The management agent controller encountered an unexpected error.

     "ERR_: MMS(28412): ..\libutils.cpp(10186): Failed to start run because of undiagnosed MA error
    Forefront Identity Manager 4.4.1302.0"



    The management agent "SPMA" failed on run profile "<g class="gr_ gr_392 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="392" id="392">FULLIMPORT</g>" because of an unspecified management agent error.
     Additional Information



    If my contribution helps you, please click Mark As Answer on that post and Vote as Helpful

    Thanks, ShankarSingh(MCP)

    Wednesday, March 7, 2018 10:17 AM

All replies

  • I would start by double checking the SharePoint permissions assigned to the user credentials entered into the SPMA. Ensure that it has permissions (as described) to "read and write objects into the SharePoint User Profile." You say it is your farm account -- well try logging in manually as that account and reading the data. 

    The accounts used be each MA typically also need the logon locally right on the MIM Sync Server

    Is this in production or a lab? Are there any existing user profiles in your SharePoint install?

    David Lundell, Get your copy of FIM Best Practices Volume 1

    Tuesday, March 13, 2018 8:32 PM
  • You can also use the Sync Service Manager to pick one AD connector space object and run a preview on it and see what happens or doesn't happen.

    David Lundell, Get your copy of FIM Best Practices Volume 1

    Tuesday, March 13, 2018 8:48 PM