Application Log Warning - ILM Certificate Could not be Created

If you see these either or both of the warnings messages below in your Application Event Logs after provisioning the SharePoint 2010 User Profile Synchronization Service (ILM/FIM), don’t be concerned. These warnings are thrown when the ILM/FIM client is trying to ACL the two endpoints it creates, but since the User Profile Synchronization Service has already provisioned on the server, they are already ACL’d and the execution returns a non-zero return value, which is why the event log entry is created. Yes, I agree with you, we should have thought of this test case and had the code ignored it, but I didn’t write the product, I only support it.

As you can see from the warning messages below, the commands being executed are:

netsh http add urlacl url=http://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834
104-1389553038-1153)

netsh http add urlacl url=http://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834
104-1389553038-1153)

If you were to run these commands from a command prompt, you would see this message for each execution:

Url reservation add failed, Error: 183
Cannot create a file when that file already exists.

If you would like to confirm they are ACL’d correctly, you can execute:

netsh http show urlacl

The output will list all the endpoints and their ACLs, the two endpoints you are be concerned about for this case look like the following:

Reserved URL : http://+:5725/
    User: LAB\sp2010farmadmin
Listen: Yes
Delegate: Yes
SDDL: D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)

Reserved URL : http://+:5726/
    User: LAB\sp2010farmadmin
Listen: Yes
Delegate: Yes
SDDL: D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)

If you see these endpoints and your farm account listed, you can safely ignore the event log warnings. 

Example of the two warning messages in your application event log:

Log Name: Application
Source: ILM Web Service Configuration
Date: 2/1/2012 5:35:55 PM
Event ID: 234
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.COM
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ILM Web Service Configuration" />
<EventID Qualifiers="0">234</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-01T23:35:55.000000000Z" />
<EventRecordID>37475</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER.DOMAIN.COM</Computer>
<Security />
</System>
<EventData>
<Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)</Data>
</EventData>
</Event>

Log Name: Application
Source: ILM Web Service Configuration
Date: 2/1/2012 5:35:55 PM
Event ID: 234
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.COM
Description:
ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ILM Web Service Configuration" />
<EventID Qualifiers="0">234</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-01T23:35:55.000000000Z" />
<EventRecordID>37474</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER.DOMAIN.COM</Computer>
<Security />
</System>
<EventData>
<Data>ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5725/ user=lab\sp2010farmadmin sddl=D:(A;;GA;;;S-1-5-21-4105542071-77834104-1389553038-1153)</Data>
</EventData>
</Event>