SAP Roles of users deleted from the SAP system could not be updated - Event 5009 (Duet Enterprise)
Applies to: Duet Enterprise for Microsoft SharePoint and SAP
Alert Name: SAP Roles of users deleted from backend could not be updated
Event ID: 5009
Duet Enterprise users and their roles are synchronized with the SAP system and stored in the User Profile Service’s profile store. A function of the synchronization process is to retrieve the list of deleted SAP roles from the SAP system and update the User Profile store by clearing the SAP Roles property for the deleted SAP users. The Duet Enterprise Profile Synchronization timer job initiates the synchronization of the users in the SharePoint User Profile Store to mapped roles in the SAP system. The Timer Service service account running Duet Enterprise Profile Synchronization must have full control permissions to the User Profile Service.
This event appears in the event log:
Event ID: 5009 Description: SAP Roles of users deleted from backend could not be updated. The exception message is <message>.
One or more of the following might be the cause:
The account that is used to synchronize user accounts in Timer Service service account with the User Profile store in the SharePoint Server farm does not have full control permissions to the User Profile Service application.
For more information about how to provide managed accounts permissions to a service application administrator for a specific User Profile Service application, see Assign administration of a User Profile service application (SharePoint Server 2010) (http://go.microsoft.com/fwlink/?LinkId=204625).
The DeletedIDEnumerator method in the BDC model that is associated with role synchronization for Duet Enterprise generates an intermittent exception.
Verify the service account
Verify that user account that the Timer Service service account is using to perform this procedure is a member of the Administrators group on the server.
Click Start, point to Administrative Tools, and then click Services.
In the Services snap-in, right-click the Windows SharePoint Services Timer V4 service, and then click Properties.
In the Service Properties dialog box, on the Log On tab, type the password for the account, confirm the password, and then click OK.
Right-click the service, and then click Start.
Verify access to the User Profile Service Application
Verify that you have the following administrative credentials:
- You must be a member of the Farm Administrators group or an administrator of the designated User Profile Service service application.
On the Central Administration Home page, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the row that contains the User Profile Service application that was deployed for Duet Enterprise.
The User Profile Service application for your installation of Duet Enterprise is specified in the Duet Enterprise DuetConfig.config file.
In the Sharing group of the ribbon, click Permissions.
In the Connection Permissions dialog box, do one of the following:
If the Timer Service service account appears in the middle pane, click the user account.
If the Timer Service service account does not appear in the middle pane, type the user account in the top pane, and then click Add.
In the bottom pane, verify that the Full Control check box is selected.