解决SharePoint 2010 User Profile Synchronization 的Timeout问题

在创建Synchronization Connection的时候, Client端对timeout有三种限制.

1. 在编辑connection页面, 点击populate按钮的时候, sharepoint会去遍历域内所有的domain和OU. 这里有一个限制值A.

2. 在点击了OK之后, sharepoint会去执行入forefront identity manager, 创建并编辑management agent. 这些请求会发送给Domain controller, 如果AD那边的OU的结构很大, 信息很多, 是有可能超时的. 针对这一点, 有一个限制值B.

3. 第三个限制值是DirectoryConnection.Timeout的限制, 该值默认为30秒, 让我们给它起个代号叫C.

解决方案

==========

可以使用下面的PowerShell命令来得到以上的三个限制值:

//A

$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}

$upaAppProxy.ImportConnAsyncTimeout //default value is 60

//B

$upaApp = Get-SPServiceApplication | ? {$_.name -like 'User Profile Service'}

$upaApp. FIMWebClientTimeOut //default value is 300000

//C

$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}

$upaAppProxy.LdapConnectionTimeout //default value is 60

可以使用下面的PowserShell命令来对其进行修改:

//A

$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}

$upaAppProxy.ImportConnAsyncTimeout = 180 //This value is in seconds, 3 minutes.

$upaAppProxy.Update()

//B

$upaApp = Get-SPServiceApplication | ? {$_.name -like 'User Profile Service'}

$upaApp. FIMWebClientTimeOut = 600000 //This value is in milliseconds, 10 minutes.

$upaApp.Update()

//C

$upaAppProxy = Get-SPServiceApplicationProxy | ? {$_.name -like 'User Profile Service Proxy'}

$upaAppProxy.LdapConnectionTimeout = 180 //This value is in seconds, 3 minutes.

$upaAppProxy.Update()

如果延长了时间, 依然会超时, 请尝试下面的步骤

1．在SharePoint Server上, Start -> Run -> secpol.msc

2． Security Settings -> Local Policies -> Security Options -> Network security: LDAP client signing requirements

3．右键单击 -> 选择 Property –> 在Local Security Setting 选项卡, 设置值为None -> 点击OK

4． Start -> Run -> cmd -> gpupdate /force

注意:

要确保你在connection的配置页面指定的账户拥有特定权限

Farm Admin 或 User Profile Service Application 的管理员
在AD上拥有Replicating Directory Changes权限.

还有, 如果你的domain环境过于复杂, 请确保在forest name的选项中填写了正确的值.

在文章开头描述的第2步中, 请求发送给Domain controller, 如果AD那边的OU的结构很大, 信息很多, 即使修改了限制值B, 却依然超时的情况下, 应该尝试修改WCF默认的超时值.

步骤如下:

打开C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\Profile\client.config 文件
找到所有的timeout属性, 一股脑的加倍, 默认都是00:00:20, 全部修改为00:00:40. 需要修改的原始文件片段摘抄如下.

    <bindings>
      <customBinding>    
        <binding name="ProfileServiceHttpsBinding"
            receiveTimeout="00:00:20"
            sendTimeout="00:00:20"
            openTimeout="00:00:20"
            closeTimeout="00:00:20">
          <security
            authenticationMode="IssuedTokenOverTransport" />
          <binaryMessageEncoding>
            <readerQuotas
              maxStringContentLength="1048576"
              maxArrayLength="2097152"/>
          </binaryMessageEncoding>
          <httpsTransport
            maxReceivedMessageSize="2162688"
            authenticationScheme="Anonymous"
            useDefaultWebProxy="false" />
        </binding>
        <binding name="ProfileServiceHttpBinding"
            receiveTimeout="00:00:20"
            sendTimeout="00:00:20"
            openTimeout="00:00:20"
            closeTimeout="00:00:20">
          <security
            authenticationMode="IssuedTokenOverTransport"
            allowInsecureTransport="true" />          
          <binaryMessageEncoding>
            <readerQuotas
              maxStringContentLength="1048576"
              maxArrayLength="2097152" />
          </binaryMessageEncoding>
          <httpTransport
            authenticationScheme="Anonymous"
            maxReceivedMessageSize="2162688"
            useDefaultWebProxy="false" />
        </binding>
        <binding name="ProfileDBCacheServiceHttpsBinding"
            receiveTimeout="00:00:20"
            sendTimeout="00:00:20"
            openTimeout="00:00:20"
            closeTimeout="00:00:20">
          <security
            authenticationMode="IssuedTokenOverTransport" />
          <binaryMessageEncoding>
            <readerQuotas
              maxStringContentLength="1048576"
              maxArrayLength="2147483647"/>
          </binaryMessageEncoding>
          <httpsTransport
            authenticationScheme="Anonymous"
            transferMode="StreamedResponse"
            allowCookies="false"
            bypassProxyOnLocal="false"
            hostNameComparisonMode="StrongWildcard"
            maxBufferSize="2097152"
            maxReceivedMessageSize="2147483647"
            useDefaultWebProxy="false" />
        </binding>
        <binding name="ProfileDBCacheServiceHttpBinding"
            receiveTimeout="00:00:20"
            sendTimeout="00:00:20"
            openTimeout="00:00:20"
            closeTimeout="00:00:20">
          <security
            authenticationMode="IssuedTokenOverTransport"
            allowInsecureTransport="true" />          
          <binaryMessageEncoding>
            <readerQuotas
              maxStringContentLength="1048576"
              maxArrayLength="2147483647"/>
          </binaryMessageEncoding>
          <httpTransport
           authenticationScheme="Anonymous"
           transferMode="StreamedResponse"
           allowCookies="false"
           bypassProxyOnLocal="false"
           hostNameComparisonMode="StrongWildcard"
           maxBufferSize="2097152"
           maxReceivedMessageSize="2147483647"
           useDefaultWebProxy="false" />
        </binding>
      </customBinding>
    </bindings>