none
Configure Project server 2010 Integration with Exchange Server and forms authentication enabled RRS feed

  • General discussion

  • Dears,

    i have successfully configure project server 2010 integration with exchange server, but if i enabled use of forms authentication, synch fails (with the below error message inside the queue).

    How to make them work together (forms & exchange integration)?

    General
    ExchangeSync() - Unhandled exception - Clearing user_s (6de6db75-c1fb-4ee8-a507-7866409b61cf) cached EWS URL in case URL is no longer valid for this resource.:
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='726be325-cdb1-44b7-9ef2-77bea0814d17' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='36ec221e-31f6-454f-be34-324bf6718f20' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='cf5eb641-3ceb-46bd-b05a-3b79ffedfe66' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='e5fc6d6b-4765-49a5-8b96-0a630c0f665b' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='1a90f63c-3810-42d5-a794-0ca3d3f521f1' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    GeneralExchangeSyncError (40500). Details: id='40500' name='GeneralExchangeSyncError' uid='5100b44c-553b-4944-8e2c-a4d8d108f6f3' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks)'.
    ExchangeSync() handle ExchangeSyncStatusingMessage for user (6de6db75-c1fb-4ee8-a507-7866409b61cf) queue message caused exception.:
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='6d98ba77-4a6a-4295-a5fa-679023838a4b' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='e21e595e-7fc1-469c-a6f1-e01c45cd0594' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='0c351844-61b3-46c8-8cb5-fa16f9402631' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='035d0200-70c2-43b3-a6a7-c33dc0bac05f' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='c2bb0fc4-d9ca-4982-a0ff-be0d7d2dd381' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure' uid='27a5e029-47cd-4913-b556-30a624c949ef' teamMemberUid='6de6db75-c1fb-4ee8-a507-7866409b61cf' exception='System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil.GetUserSid(Guid resourceUid, PlatformContext context) at Microsoft.Office.Project.Server.ExchangeSync.ExchangeSyncUtil..ctor(ICredentials credentials, String url, PlatformContext context, Guid teamMemberUid) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks exchangeSyncTasks) at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
    Queue:
    GeneralQueueJobFailed (26000) - ExchangeSyncTasks.ExchangeSyncTasks. Details: id='26000' name='GeneralQueueJobFailed' uid='bc99fa98-2983-446e-903b-64259c6f28c8' JobUID='48ea07e2-e4a9-4b0c-a1b1-d5f5033afba4' ComputerName='EPMSERVER' GroupType='ExchangeSyncTasks' MessageType='ExchangeSyncTasks' MessageId='1' Stage=''. For more details, check the ULS logs on machine EPMSERVER for entries with JobUID 48ea07e2-e4a9-4b0c-a1b1-d5f5033afba4.


    Sunday, September 30, 2012 5:06 PM

All replies

  • Hi Ahmed,

    As far as I know, Exchange integration with Project Server works with ONLY based windows authentication.


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Sunday, September 30, 2012 8:13 PM
    Moderator
  • Agreed with Hrishi,

    Please see below article:
    http://technet.microsoft.com/en-us/library/ee782548.aspx

    Exchange Synchronization to Project Server will not work on a Project Server 2010 deployment configured to use Claims Authentication. Forms-based authentication in Project Server 2010 uses the claims authentication infrastructure and requires that a claims mode Web application be set up in the SharePoint Central Administration Web site.

    If you found this post helpful, please “Vote as Helpful”. If it answered your question, please “Mark as Answer”. Thanks, Amit Khare |EPM Consultant| Blog: http://amitkhare82.blogspot.com http://www.linkedin.com/in/amitkhare82

    Monday, October 1, 2012 5:20 AM
  • Hi Amit,

    I just found this discussion and see that it is very recent.

    It just so happens that we are doing the same thing as the thread initiator and have the same error. Our PWA site is currently shared with other sites on one Web Application in SharePoint - which is set up to be forms based authentication. The reason we wanted to do that was because our long term plan is to share the PWA site with our customers (we sell engineering services and project management), and because we have off site employees at other facilities as well. We did not want to be forced to set up an active directory account for every customer just to give them access to PWA. It sounds as if you are saying the FBA will not work if we do exchange sync and we will have to give everyone AD accounts. Is that a true statement?

    Thanks for your support,

    Mike Ernst

    Friday, October 5, 2012 6:16 PM
  •  

    Mike,

    Point is exchange sync only works with Active Directory users.

    If I understand correctly you have your own AD and Exchange. Your customers are using their own exchange server

    You can't create user account in your AD just to provide access to PWA which makes sense.

    When we configure exchange server sync with Project, exchange server try to find certain attributes when project is publish so , data received by exchange can be updated to respective resource data in PWA.

    When we use FBA, clearly there is a disconnect.  FBA users do not have same attributes like AD. Exchange server won’t be able to understand

    You can find mode info about the fields here

    http://technet.microsoft.com/en-us/library/ff686785.aspx

    I hope this helps


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Friday, October 5, 2012 6:27 PM
    Moderator
  • Hrishi,

    Yes we have our own Domain with AD and our own Exchange. We sell engineering design services. The tasks on the projects are assigned to our design team, and they all have an AD account. So we want to have tasks sync with the employees' Outlook on their local PC. But we would like to be able to give the customers access to the site so they can see the progress on their projects. Thus we wanted to have a system that would recognize both Windows authentication for the project resources (our employees) and then FBA for the customers. Only those with AD accounts will get assigned tasks and be project resources, so they are the only ones that would need the sync operation.

    How would you suggest we approach this problem?

    Mike

    Monday, October 8, 2012 12:38 PM
  • Mike,

    I am bit confused here, you said

    "Only those with AD accounts will get assigned tasks and be project resources, so they are the only ones that would need the sync operation"

    Which means FBA users don’t need exchange sync, only AD accounts need to be setup for exchange sync, is that correct?

    Correct me if my I have misunderstood your question. Your question is

     If you have both AD and FBA users configured in PWA will exchange sync work for AD accounts or not?


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Monday, October 8, 2012 5:50 PM
    Moderator
  • Hrishi,

    Well I thought based on your previous email that if I have the PWA setup for claims based authentication then the exchange sync will not work. And I believe there is no other way to have both Windows Authentication and FBA on the same site other than Claims based, is that correct?

    So, I believe the only way I can get the exchange sync to work is on a Windows Authorization only site (Windows based). Also correct?

    So if I have a Windows Authentication only site, then I can run exchange syns and have taks assigned in project server "pushed" out to the reources Outlook via exchange, correct? But then if I want to allow someone who is not an employee and has no AD account to be able to get into the PWA site, how would I do that?

    Thanks, Mike

    Monday, October 8, 2012 8:52 PM
  •  

    Mike,

    Theoretically yes exchange sync only works with Windows Authentication not with claims based authentication , but  I think If you select claims authentication type as windows Authentication - NTLM and Form Based authentication you may able to achieve. I may need to test it though.

    Did you select both option while setting up your web application?


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Monday, October 8, 2012 9:49 PM
    Moderator
  • Dear Mike,

    I have the same scenario, and i tried to make both of them to work together (Calims & exchange).

    In my case i tried to add only windows users to my PWA, but it fails and give the error posted above.

    I am disapointed to say that no solution for this till now, i will feedback to you if i have reached another solution.

    Thanks & regards

    Ahemd Amin


    Thanks & Regards Ahmed Amin



    Tuesday, October 9, 2012 8:49 AM
  • Dears,

    I am have an idea,

    Can we use event handler feature to override the behavior of Exchange Synch event?

    by catch only windows account on PWA & translate them into normal log-in format (Domain\username), then fire exchange synch for them.

    Thanks & Regards


    Thanks & Regards Ahmed Amin

    Tuesday, October 9, 2012 12:33 PM
  • Good idea, could be worth to try, But here is what I  think . If something can be configured using event handler why Microsoft will restrict this at first place?

    Looks like after long discussion ,my first response to this thread will remain unchanged “Exchange integration with Project Server works with ONLY based windows authentication”   will not work with claims based authentication in this case FBA.


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Tuesday, October 9, 2012 7:23 PM
    Moderator
  • Hrishi and Ahmed,

    Actually I am embarassed to say that I think I have figured it out. I just need to extend my PWA Web Application. In fact as I have read up on this I believe that may be part of the intent.

    So I think the solution is this: First set up a Web application with Windows Authentitcation. Then add AD users and set up exchange sync. (I have this much working). Now extend the site to another URL and make that application FBA. I am in the process of doing this and I think it is going to work.

    Thanks,

    Mike

    Tuesday, October 9, 2012 8:54 PM
  • Great.

    While doing some research yesterday, initially I thought about this in response to your question

    " I want to allow someone who is not an employee and has no AD account to be able to get into the PWA site, how would I do that"

    But  came across little note from this article

    http://technet.microsoft.com/en-us/library/ee922605.aspx

    Note:

    A Web application that is already in Windows Classic mode cannot be used.

    ---------------------------------------------------------------

    It would work to allow non-AD and AD users to access PWA site, but exchange sync will not work for FBA users


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Tuesday, October 9, 2012 9:10 PM
    Moderator
  • Dears,

    Great news, i have solved it.

    The solution is little bit tricky, i have figured out the method that fires the error and modified it.

    Simply it was a stored procedure inside Published database, i have modified it to exclude forms users and change the log-in format for the windows users to be "Domain\Username".

    The solution as below:

    the Stored Procedure Name is:    MSP_ExchangeSync_ReadResourceAccount

    i have modified the stored procedure with the below query, by adding "REPLACE PART" beside "Select" statement.

    /***********The stored procedure after edit******/

    USE [PWA_ProjectServer_Published]
    GO

    /****** Object:  StoredProcedure [dbo].[MSP_ExchangeSync_ReadResourceAccount]    Script Date: 10/10/2012 13:39:51 ******/
    SET ANSI_NULLS ON
    GO

    SET QUOTED_IDENTIFIER ON
    GO

    CREATE PROCEDURE [dbo].[MSP_ExchangeSync_ReadResourceAccount]
       @resourceUid UNIQUEIDENTIFIER
    AS
      SELECT replace(r.WRES_ACCOUNT,'i:0#.w|','')
      FROM MSP_RESOURCES r
      WHERE r.RES_UID = @resourceUid

    GO




    Thanks & Regards Ahmed Amin


    Wednesday, October 10, 2012 5:39 PM
  •  

    I appreciate your efforts on these finding and Its good understand how things work in the background

    However modifying databases is not supported by Microsoft and often leads to failure of cumulative or service pack installation later in the future. If things are not looking as expected SharePoint configuration wizard can identify this change.

    In this scenario it may look like change is only necessary in Published database but it may be connected to several other place in other databases too.

    Opening support case with Microsoft and submitting design change request can help to get things done in a supported way.


    Hrishi Deshpande – Senior Consultant DeltaBahn
    Blog | < | LinkedIn

    Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread.

    Thursday, October 11, 2012 9:14 PM
    Moderator