SharePoint 2010: Issues with Service Application Proxy & Proxy Group Associations
At times we would see errors while accessing various Service applications. These types of issues manifest with various symptoms at different locations, here is an example of a few I have come across.
When you try to access the Managed Metadata Service Application from manage Service Applications, you face the following error:
"The Service Application being requested does not have a connection associated with the Central Administration web application. To access the term management tool use the site settings from a site configured with the appropriate connection"
While trying to add the BCS catalog at the External List on a site or trying to add the BCS catalog while creating a sync connection for a BCS source in User profile Service application, we get the following error,
"The Business data connectivity metadata store is unavailable. Check configuration and try again"
While BCS sync step is run during an UPA profile sync, we might see this error in ULS logs
05/18/2012 01:00:39.14 miiserver.exe (0x0C1C) 0x23C8 SharePoint Portal Server User Profiles e96j High Error calling FindSpecific : Microsoft.BusinessData.Infrastructure.BdcException: The shim execution failed unexpectedly - Unable to obtain the application proxy for the context.. ---> Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: Unable to obtain the application proxy for the context.
at Microsoft.Office.SecureStoreService.Server.SecureStoreProvider.GetRestrictedCredentials(String appId)
at Microsoft.SharePoint.BusinessData.Infrastructure.WindowsAuthenticator.ExecuteAfterLogonUser(Object args, ISecureStoreProvider ssoProvider, String ssoApplicationId, Boolean useSensitiveSsoCreds)
at Microsoft.SharePoint.BusinessData.Infrastructure.WindowsAuthenticator.ExecuteAfterLogonUser(Object args, ISecureStoreProvider ssoProvider, String ssoApplicationId)
1. You might be missing an Association between web-application & service applications via the Service applications Proxy Group.
2. You might have in-sufficient permissions to Service applications/Service application proxies for various service accounts .
1. Create a new proxy group with all required all Service applications & then move the required web-applications to use this Proxy Group.
2. Check & assign the permissions to Service applications/Service application proxies for required service accounts.
Here is a Sample commands to create a Proxy Group via SharePoint Management shell.Note : Although this can be done via UI , but with a Limitation of unable to create name of the proxy group .
$GroupName = 'New Custom Service Group'
Remove-SPServiceApplicationProxyGroup -Identity $groupName -Confirm:$false -ErrorAction SilentlyContinue
$newProxyGroup = New-SPServiceApplicationProxyGroup -name $GroupName
Add-SPServiceApplicationProxyGroupMember -identity $newProxyGroup -member $Prxy