none
Project Server 2013: Security group with configured AD group for sync cannot be saved RRS feed

  • Question

  • Hi all

    I create a new Project Server group, choose a group from AD to sync with and klick save. Nothing seems to happen. After some time the page is closed, I am back in the groups list. No new group created. No visible error mesage.

    When I edit an existing group the group remains unchanged.

    Same issue with trusted sites and local intranet. URL is the one with default AAM.

    Project Server 2010 does not have any issues in this environment.

    Possible issue: large company with complex AD structure. Not even known, what kind of trusts exist.

    ULS log shows some issues. Listed below.

    Perhaps timeout? Where to increase? Can a SharePoint PeoplePicker configuration perhaps help here?

    Thanks for help

    Christoph

    PWA:https://xxxxxxxxxxxxxxx/pwa, ServiceApp:Project Server Service, User:i:0#.w|domain\user, PSI: AD Sync: using current forest and 2-way forest trusts to search for AD Guids, LogLevelManager Warning-ulsID:0x002D56E3 has no entities explicitly specified.


    A runtime exception was detected. Details follow.  Message: Thread was being aborted.  Technical Details: System.Threading.ThreadAbortException: Thread was being aborted.    
     at System.Threading.Monitor.ObjWait(Boolean exitContext, Int32 millisecondsTimeout, Object obj)    
     at System.Threading.ManualResetEventSlim.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.SpinThenBlockingWait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.InternalRunSynchronously(TaskScheduler scheduler, Boolean waitForCompletion)    
     at System.Linq.Parallel.SpoolingTask.SpoolStopAndGo[TInputOutput,TIgnoreKey](QueryTaskGroupState groupState, PartitionedStream`2 partitions, SynchronousChannel`1[] channels, TaskScheduler taskScheduler)    
     at System.Linq.Parallel.DefaultMergeHelper`2.System.Linq.Parallel.IMergeHelper<TInputOutput>.Execute()    
     at System.Linq.Parallel.MergeExecutor`1.Execute[TKey](PartitionedStream`2 partitions, Boolean ignoreOutput, ParallelMergeOptions options, TaskScheduler taskScheduler, Boolean isOrdered, CancellationState cancellationState, Int32 queryId)    
     at System.Linq.Parallel.PartitionedStreamMerger`1.Receive[TKey](PartitionedStream`2 partitionedStream)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapHelper[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, QuerySettings settings)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapPartitionedStream[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, Boolean preferStriping, QuerySettings settings)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.ChildResultsRecipient.Receive[TKey](PartitionedStream`2 inputStream)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.QueryOperator`1.GetOpenedEnumerator(Nullable`1 mergeOptions, Boolean suppressOrder, Boolean forEffect, QuerySettings querySettings)    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.OpenQuery()    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.MoveNext()    
     at System.Linq.ParallelEnumerable.GetOneWithPossibleDefault[TSource](QueryOperator`1 queryOp, Boolean throwIfTwo, Boolean defaultIfEmpty)    
     at System.Linq.ParallelEnumerable.FirstOrDefault[TSource](ParallelQuery`1 source, Func`2 predicate)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryConvertGroupAdGuidToDistinguishedName(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryGetGroupInfoByGuid(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.ValidateADObjectIsWithinTenancy(Guid adObjectGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateADGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateSecurityGroupUpdate(SecurityGroupsDataSet group, Boolean isCreation)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroupsInternal(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.Wcf.Implementation.WcfMethodInvocation.InvokeBusinessObjectMethod(String businessObjectName, String methodName, IEnumerable`1 actions)


    (Watson Reporting Cancelled) System.Threading.ThreadAbortException: Thread was being aborted.    
     at System.Threading.Monitor.ObjWait(Boolean exitContext, Int32 millisecondsTimeout, Object obj)    
     at System.Threading.ManualResetEventSlim.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.SpinThenBlockingWait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.InternalRunSynchronously(TaskScheduler scheduler, Boolean waitForCompletion)    
     at System.Linq.Parallel.SpoolingTask.SpoolStopAndGo[TInputOutput,TIgnoreKey](QueryTaskGroupState groupState, PartitionedStream`2 partitions, SynchronousChannel`1[] channels, TaskScheduler taskScheduler)    
     at System.Linq.Parallel.DefaultMergeHelper`2.System.Linq.Parallel.IMergeHelper<TInputOutput>.Execute()    
     at System.Linq.Parallel.MergeExecutor`1.Execute[TKey](PartitionedStream`2 partitions, Boolean ignoreOutput, ParallelMergeOptions options, TaskScheduler taskScheduler, Boolean isOrdered, CancellationState cancellationState, Int32 queryId)    
     at System.Linq.Parallel.PartitionedStreamMerger`1.Receive[TKey](PartitionedStream`2 partitionedStream)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapHelper[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, QuerySettings settings)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapPartitionedStream[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, Boolean preferStriping, QuerySettings settings)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.ChildResultsRecipient.Receive[TKey](PartitionedStream`2 inputStream)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.QueryOperator`1.GetOpenedEnumerator(Nullable`1 mergeOptions, Boolean suppressOrder, Boolean forEffect, QuerySettings querySettings)    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.OpenQuery()    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.MoveNext()    
     at System.Linq.ParallelEnumerable.GetOneWithPossibleDefault[TSource](QueryOperator`1 queryOp, Boolean throwIfTwo, Boolean defaultIfEmpty)    
     at System.Linq.ParallelEnumerable.FirstOrDefault[TSource](ParallelQuery`1 source, Func`2 predicate)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryConvertGroupAdGuidToDistinguishedName(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryGetGroupInfoByGuid(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.ValidateADObjectIsWithinTenancy(Guid adObjectGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateADGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateSecurityGroupUpdate(SecurityGroupsDataSet group, Boolean isCreation)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroupsInternal(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.Wcf.Implementation.WcfMethodInvocation.InvokeBusinessObjectMethod(String businessObjectName, String methodName, IEnumerable`1 actions)


    Error is: GeneralUnhandledException. Details: General Unhandled Exception in _Security.CreateGroups_ Attributes:  System.Threading.ThreadAbortException: Thread was being aborted.    
     at System.Threading.Monitor.ObjWait(Boolean exitContext, Int32 millisecondsTimeout, Object obj)    
     at System.Threading.ManualResetEventSlim.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.SpinThenBlockingWait(Int32 millisecondsTimeout, CancellationToken cancellationToken)    
     at System.Threading.Tasks.Task.InternalRunSynchronously(TaskScheduler scheduler, Boolean waitForCompletion)    
     at System.Linq.Parallel.SpoolingTask.SpoolStopAndGo[TInputOutput,TIgnoreKey](QueryTaskGroupState groupState, PartitionedStream`2 partitions, SynchronousChannel`1[] channels, TaskScheduler taskScheduler)    
     at System.Linq.Parallel.DefaultMergeHelper`2.System.Linq.Parallel.IMergeHelper<TInputOutput>.Execute()    
     at System.Linq.Parallel.MergeExecutor`1.Execute[TKey](PartitionedStream`2 partitions, Boolean ignoreOutput, ParallelMergeOptions options, TaskScheduler taskScheduler, Boolean isOrdered, CancellationState cancellationState, Int32 queryId)    
     at System.Linq.Parallel.PartitionedStreamMerger`1.Receive[TKey](PartitionedStream`2 partitionedStream)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapHelper[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, QuerySettings settings)    
     at System.Linq.Parallel.FirstQueryOperator`1.WrapPartitionedStream[TKey](PartitionedStream`2 inputStream, IPartitionedStreamRecipient`1 recipient, Boolean preferStriping, QuerySettings settings)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.ChildResultsRecipient.Receive[TKey](PartitionedStream`2 inputStream)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.UnaryQueryOperator`2.UnaryQueryOperatorResults.GivePartitionedStream(IPartitionedStreamRecipient`1 recipient)    
     at System.Linq.Parallel.QueryOperator`1.GetOpenedEnumerator(Nullable`1 mergeOptions, Boolean suppressOrder, Boolean forEffect, QuerySettings querySettings)    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.OpenQuery()    
     at System.Linq.Parallel.QueryOpeningEnumerator`1.MoveNext()    
     at System.Linq.ParallelEnumerable.GetOneWithPossibleDefault[TSource](QueryOperator`1 queryOp, Boolean throwIfTwo, Boolean defaultIfEmpty)    
     at System.Linq.ParallelEnumerable.FirstOrDefault[TSource](ParallelQuery`1 source, Func`2 predicate)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryConvertGroupAdGuidToDistinguishedName(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.TryGetGroupInfoByGuid(Guid groupAdGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.ActiveDirectoryUtility.ValidateADObjectIsWithinTenancy(Guid adObjectGuid)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateADGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.ValidateSecurityGroupUpdate(SecurityGroupsDataSet group, Boolean isCreation)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroupsInternal(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.BusinessLayer.Security.CreateGroups(SecurityGroupsDataSet groups)    
     at Microsoft.Office.Project.Server.Wcf.Implementation.WcfMethodInvocation.InvokeBusinessObjectMethod(String businessObjectName, String methodName, IEnumerable`1 actions)  . Standard Information: PSI Entry Point:  Project User: i:0#.w|domain\user Correlation Id: d2068337-2a9c-e411-bfa5-0050569f25e8 PWA Site URL: https://xxxxxxxxxxxxxx/pwa SA Name: Project Server Service PSError: GeneralUnhandledException (42), LogLevelManager Warning-ulsID:0x00101622 has no entities explicitly specified.


    Application error when access /_layouts/15/PWA/Admin/AddModifyGroup.aspx, Error=Request timed out.


    Christoph Muelder | Senior Consultant, MCTS, MCSE | SOLVIN information management GmbH, Germany

    Wednesday, January 14, 2015 9:02 PM

Answers

  • Hi all

    just in case someone else might have this issue.

    In fact I could neither add a new group or save an existing one, when an AD group was entered for sync. In the rare cases where I had been able to save a Project Server group with connected AD group, I could not open the group again for editing.

    There are similar threads where the issue was solved using the default zone url. But in my case there is only one zone.

    What seems to happen in the background is that Project Server tries to look up the GUID of the AD group in all forests and domains - even if the GUID is found in the first domain being searched. This of course might take some time if there are about 10 forests with cross-forest trusts with an unknown number of subdomains. After about 6 minutes there seems to be a timeout.

    I have a support call open for the issue still open. But there is a workaround.

    stsadm -o PeoplePicker-searchadforests seems to be meant mainly to able to retrieve users from other domains and forests with a one-way-trust. But it also limits the search to specific forests and/or domains - and it also applies to Project Server 2013 AD sync.

    So I configured this option to use only the forest I really want to use and now it works - at least as long there are no users from other forests to use in the environment.

    Kind regards

    Christoph


    Christoph Muelder | Senior Consultant, MCTS, MCSE | SOLVIN information management GmbH, Germany


    Sunday, January 25, 2015 5:44 PM

All replies

  • Hi all

    just in case someone else might have this issue.

    In fact I could neither add a new group or save an existing one, when an AD group was entered for sync. In the rare cases where I had been able to save a Project Server group with connected AD group, I could not open the group again for editing.

    There are similar threads where the issue was solved using the default zone url. But in my case there is only one zone.

    What seems to happen in the background is that Project Server tries to look up the GUID of the AD group in all forests and domains - even if the GUID is found in the first domain being searched. This of course might take some time if there are about 10 forests with cross-forest trusts with an unknown number of subdomains. After about 6 minutes there seems to be a timeout.

    I have a support call open for the issue still open. But there is a workaround.

    stsadm -o PeoplePicker-searchadforests seems to be meant mainly to able to retrieve users from other domains and forests with a one-way-trust. But it also limits the search to specific forests and/or domains - and it also applies to Project Server 2013 AD sync.

    So I configured this option to use only the forest I really want to use and now it works - at least as long there are no users from other forests to use in the environment.

    Kind regards

    Christoph


    Christoph Muelder | Senior Consultant, MCTS, MCSE | SOLVIN information management GmbH, Germany


    Sunday, January 25, 2015 5:44 PM
  • Hello Chris

    Can you provide  more details on how  you fixed this?  What option did you change to limit  to your domain?  Was it the search service or other SharePoint service?

    cheers


    Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
    Website http://www.WhartonComputer.com
    Blog http://MyProjectExpert.com contains my field notes and SQL queries

    Monday, January 26, 2015 2:24 AM
    Moderator
  • Hi Michael,

    i clarified my post.

    I used

    stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:forestname"

    Regards

    Christoph


    Christoph Muelder | Senior Consultant, MCTS, MCSE | SOLVIN information management GmbH, Germany

    Monday, January 26, 2015 7:29 AM