none
Galsync not working in MIM 2016 RRS feed

  • Question

  • Hi All,

    I have an issue with Galsync in MIM 2016 where I encountered error when Export profile is run

    In one forest, there is a parent and child relationship. Let named it as rootA and childB concept while the other is a single domain called C.
    MIM 2016 resides in childB environment and running in windows 2012R2.
    Exchange 2016 is installed in both childB and C domains.
    The export profile has a status stopped-extension-dll-exception when it is run under domain C management agent. 

    I have done port query from MIM 2016 server to domain C (port 53, 88, 135,389) and domain C's Exchange 2016 server (port 80 and 443).
    I have also checked the exhange powershell URI to domain C exchange which is http://exchange2016.domainC.com/powershell. 

    I have also read from some online forums which stated that a one-way trust from domain C to domain childB is needed while others said no.

    Please help if you guys got any suggestions. Thanks


    Thursday, November 2, 2017 2:38 AM

All replies

  • Hi!

    A trust should not be necessary.

    IS there any information in the application log?

    /Søren

    Thursday, November 2, 2017 9:07 AM
  • Below are the information from the event log

    The description for event id 0 from source FIMSynchronizationService cannot be be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. you can install or repair the component on the local computer.

    There is an error in Exch2010Extension BeginExportToCd()function.Type:

    System.Management.Automation.Remoting.PSRemotingTransportException

    Message:Connecting to domainCExch2016.fqdn failed with the following error message:WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authenticaiton: There are currently no logon servers available to service the logon request.

    I have tried to search online and found this link.

    https://social.technet.microsoft.com/wiki/contents/articles/12463.troubleshooting-fim-sync-stopped-dll-exception-the-following-error-occurred-while-using-kerberos-authentication.aspx

    Follow the resolution there but still cannot resolve.

    Thanks

    Monday, November 6, 2017 2:30 AM
  • Any ideas anyone?
    Tuesday, November 21, 2017 8:35 AM
  • Hi,

    I had this issue in my environment and the cause / fix was to add the GalSync User to the Exchange Organizational Management Security Group.

    Replicate between the domains and check the sync status.

    Hope this helps.


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer

    Wednesday, March 14, 2018 3:09 PM
  • Did you find any solution.I am also facing same issue with almost same setup.
    Sunday, May 12, 2019 11:49 AM
  • Did you find any solution.I am also facing same issue with almost same setup.

     It sounds like the MA for "domain C" is using an identity from "Root A" or "Child B".  Without a two way trust and a linked role group in exchange, that won't work.  I thought a forest trust was required, but that might not be the case.

    Any way, the error indicates that the computer making the connection (in this case, running the galsync MA) can't authenticate to the exchange powershell endpoint because it can't contact a domain controller.  You need to make sure that a client on the mim server can connect to the remote exchange server and all applicable domain controllers in the other forest.  Try creating a powershell remoting session from the mim server to the exchange server in powershell.  It will be easier to find troubleshooting resources for that, and whatever fixes that use case will probably fix the MA.

    new-pssession -computername domainCExch2016.fqdn -credential (get-credential -message "domain c galsync ma credentials") -authentication Kerberos -ConfigurationName Microsoft.Exchange

    Friday, May 17, 2019 12:25 AM
  • There is two way trust between domain. From domain A ,domain controller of Domain B and Domain C is reachable. GAL Sync MA is working fine with profile Import and Sync. Only at the time of export this error message is coming. 

    There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException

    Message: Connecting to remote server exchange.domainb.com failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. 

    Sunday, May 19, 2019 10:24 AM
  • There is two way trust between domain. From domain A ,domain controller of Domain B and Domain C is reachable. GAL Sync MA is working fine with profile Import and Sync. Only at the time of export this error message is coming. 

    There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException

    Message: Connecting to remote server exchange.domainb.com failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. 

    That's because the powershell remote command is only called on export.

    If a trust is required, then it has to be a forest trust, not a domain trust.

    Have you tested exchange powershell remoting with the same credentials yet?
    Sunday, May 19, 2019 1:23 PM
  • It is forest trust and tried with exchange powershell , still same error  There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException

    Message: Connecting to remote server exchange.domainb.com failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. 
    Wednesday, May 22, 2019 7:22 AM