Stopped extension dll exception

Resolve error message Stopped Extension DLL Exception in AAD Sync Services

For the past few weeks I’ve really been looking into Intune and how to use it in a hybrid scenario with ConfigMgr. In my home lab, I’ve got AADSync installed on my Domain Controller (DC01) that is synchronizing my on-premise Active Directory with my Azure Active Directory tenant (configmgrse.onmicrosoft.com).

Although, today I ran into my first error when using AADSync (Azure Active Directory Synchronization Services). I noticed this because I made a change to an on-premise user account and it wasn’t synchronized to my Azure AD.

First of I went to check if there were any errors in the Synchronization Service Manager tool, and there I was able to confirm my suspicions. I indeed had an error when synchronizing to my Azure AD. The Operations view of the tool presented me with this information for the Connectors:

My next step was to naturally open up the Event Viewer to see if there were any errors in the Application log, and I found this:

Most of these errors turned out to be problems caused by an error when creating performance counters for a management agent. Not really the information I was looking for (I’d need to dig into those errors though). I was almost about to give up when I hit one of the error events with event ID 6801. This event was indeed from the AD Sync source and could be what I was looking for. The error message presented an obvious problem:

Microsoft.Online.Coexistence.ProvisionException: The user name or password is incorrect. Verify your user name, and then type your password again

This is what the whole event looked like:

It then occurred to me what the problem could be. When I initially configured my Azure AD tenant, I had not verified any public domain. And before I started configuring the hybrid configuration between Intune and ConfigMgr, I’d already installed AADSync and set it up to use a Global Administrator called [email protected] This account was later changed to [email protected] after I had verified my public domain.

So in order to resolve this error (if you may call it that), it’s pretty simple.
1. Open Synchronization Service Manager located in C:\Program Files\Microsoft Azure AD Sync\UIShell (the executable file is called miisclient.exe).
2. Click on the Connectors button, right-click on your Windows Azure Active Directory connector, in my lab environment its called Azure AD, and choose Properties.

3. Click on Connectivity in the left pane and configure the correct Global Administrator account for this connector. In my case I had to change from [email protected] to [email protected]:

4. Click OK to save your modification to the connector.
5. Either run the Azure AD Sync Scheduler task located in the root of Task Scheduler or run the executable manually (C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe).
Once the Import, Synchronization and finally Export steps have completed, we can see that the synchronization to Azure AD once again is working as expected:

Nickolaj Andersen

Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences such as Microsoft Ignite, NIC Conference and IT/Dev Connections including nordic user groups.

Источник

Azure Active Directory Synchronization Failing with Stopped-Extension-DLL-Exception Error

You may encounter a condition in which Azure Active Directory synchronization stops working, for example in an environment that is using directory synchronization for Office 365.

The Operations view of the Synchronization Service Manager (miisclient.exe) will display a status of “stopped-extension-dll-exception” for operations on the Windows Azure Active Directory Connector.

READ  Sql error log path

The Application event log of the directory synchronization server may log the following entries:

A likely cause of this issue is an expired password for the account used to connect to Azure Active Directory. To determine which user account is used look in the Management Agents view of the Synchronization Service Manager (miisclient.exe), open the Properties of the Windows Azure Active Directory Connector and select the Connectivity settings.

If you know the expired password you can login to the Office 365 portal with that username and password, and follow the prompts to update the expired password. Then return to the Synchronization Service Manager and update the configuration with the new password.

If you would like to set a non-expiring password for the account you can configure this using the Azure Active Directory PowerShell Module.

Install the Azure AD PowerShell module if you have not already installed it. Open a PowerShell console and connect to Azure AD, entering your admin credentials when prompted.

Configure the account to have a non-expiring password. When you do this for an account with an expired password the existing password will begin working again as well.

The next directory synchronization operations should complete successfully.

Источник

Stopped extension dll exception

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

General discussion

stopped-extension-dll-exception error while exporting to ADMA in FIM 2010,

  • Changed type Markus Vilcinskas Microsoft employee Wednesday, May 22, 2013 12:38 PM

All replies

stopped-extension-dll-exception error while exporting to ADMA in FIM 2010,

Thanks for sharing.

No, seriously please try to describe your issue more detailed manner. There are plenty of reasons which can cause that error message. You can start by providing the information from «Synchronization error» -tab when clicking the object.

I am also receiving same error «stopped-extension-dll-exception» while exporting users from FIM to AD with mailbox. I was not receiving before enabled Exchange 2010 provision.

Check the eventlog, maybe there is more information, also did you have your own developed extension? like Snendis said check the synchronization error tab or export errors within your connector space, sometimes there is an additional tab that provides more information.

You need to give us more information in what context things go wrong.

Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!

Thanks for your response. That was due to insufficient rights of ADDS MA user account.

Now i ran export profile and user account created in AD without any error, but i can not see same user’s mailbox in exchange.

I have configured all necessary attributes flow in Outbound Synchronization rule,

now there is another problem and i.e: if i delete user account from AD then it should be automatically delete from FIM 2010 also,

Please let me know your suggestion and solutions. Thanks in Advance.

What exchange version are you using? Can the user access the mailbox (ie access outlook or webaccess)?

For the other question you can configure that when the connector is deleted the metaverse object is also deleted using the object deletion rules that you can configure in the metaverse designer.

Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!

I am using Exchange 2010 SP1.

and I have selected «Delete metaverse object when connector from any of the following management agents is disconnected» in which all the management agent, is this correct procedure?

or do i have to select «Delete the metaverse object when the last connector is disconnected. Ignore connectors from the following list of management agents.» if Yes then which MA should not be selected?

Is the user able to login to webmail or start the outlook client?

Do you see any errors? have you enabled the FIM 2010 Exchange provisioning checkbox?

READ  Java exception printstacktrace to string

You have to select the 1st option and only select the ADMA (if the ADMA is the only agent capable of deleting metaverse objects or HR)

Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!

Thank you very much for your continuous reply.

Yes, users can able to access outlook and webmail, even after enabled kerberos authentication. I checked connection with Kerberos Authentication and Negotiate Authentication in Outlook.

and Ok, i would select first option in De-provision rules to test both ways Ad-> FIM and FIM-> AD

Well. Maybe he gave all the information he could.

I am trying to export Users from MetaVerse to AD. My export run bombed out with status: stopped-extension-dll-exception

Thats all. Just that status message. No Errors, No «Synchronization Error» Tab.

Any hints where to start looking for clues to locate why the Export failed??

If you get a stopped-extension-dll-exception during export using AD MA, and you don’t know anything about what extensions you are using, its probably not a problem with an actual rules extension that you developed. I would say, especially since you indicated this didn’t happen until Exchange was upgraded, that it is problem with the special helper extension used to help with Exchange 2007/2010 provisoining.

Go to the application log on the sync server, it should have more information regarding this. Also, check what setting you are using for Exchange provisoning. In MA properties, go to Configure Extensions node and verify setting of drop down at the bottom. If set to Exchange 2007, it attempts to run update-recipient powershell cmdlet locally and the EMC 2007 needs to be installed on sync server.

If using Exchange 2010 setting, it still fires update-recipient but does it remotely using WinRM and installing EMC is not necessary. Again, the application log usually contains more information about this. In order to use update-recipient with either setting, the sync server needs DNS SRV record access to target environment and if using Exchange 2010, you need to be establish WinRM connection, as well.

Источник

Stopped extension dll exception

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

Simple question: How do I find the «Application Event Log» on the MIM server? I opened the Windows Event Viewer and looked under both «FIM» and «MIM» under «Applications and Services Logs», though there is no information there, it’s all blank.

Also, how do I «turn off» syncing profile pictures? According to:

this is likely the cause of the following error when trying to synchronize MIM with SharePoint:

«stopped-extension-dll-exception» upon EXPORT.

I also get the error «no-start-ma» upon DELTAIMPORT and FullImport.

By «turning off» syncing profile pictures, I want to isolate out the pictures and first get MIM work to sync like the embedded import from A/D does, which has been working very well for us with minimal problems upon setup.

Thank you very much, any assistance you could provide would be greatly appreciated. I have been stuck on this for a long time and it is holding up our project.

I installed and configured everything according to the instructions, as far as I know:

Can you please help me?

Answers

Thanks Trevor, that helped get me on the right track.
MIM needed the Central Admin port # rather than the UPSA port # that I had been using.
Oh well, I probably just missed this in the documentation.
So the sync now worked, I’ll verify it looks good though may reach out again if I get stuck again finishing the config.

Thanks again and best

All replies

For your first question, please find «Application Event Log» via Start > Event Viewer > Windows Logs > Application for detailed error messages. Check «Source» for the specific Application.

For your second question, you can deselect «thumbnailPhoto» via Start > Synchronization Service > Management Agents > ADMA > Select Attributes to exclude user profile pictures.

In addition, the «stopped-extension-dll-exception» error suggests the run step stopped because of an exception was returned during the initialization of a script-based synchronization rule, while the «no-start-ma» error suggests that the run step failed to start because of an unknown management agent error.

READ  Opencv error capturing csv header

These are general error message and don’t really help much to identify the cause. You may also consider using the script from the reference you provide to detect the problematic profiles.

Here are your references.

SharePoint 2016 User Profile Service and MIM: Apply the Connection Filter.

Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

SharePoint Server 2019 has been released, you can click here to download it.
Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

  • Proposed as answer by Julie Wang Microsoft contingent staff Thursday, November 21, 2019 9:08 AM

Thanks very much Chelsea!

I’ll try that and circle back soon.

In general you can find the full error message within the run tab of the MIM sync console, which is often far more useful than the Event Log.

It would be on the bottom section of where it lists the runs and you’ll have to click on a link. I don’t have an example off hand.

Office Apps and Services MVP

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

If you have any progress on this issue, please remember to update this thread.

Thank you for your understanding.

Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

SharePoint Server 2019 has been released, you can click here to download it.
Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

Thank you so much Chelsea and Trevor!

Yes, progress, for sure.

I will update more soon.

Thanks Chelsea, I am now able to find the errors in the logs.

However before I paste those, is there a «hello world» for syncing from AD into SP using MIM that you could point me to? At this point I just need to take the smallest possible steps to get this to work at all.

I deleted the thumbnail photo attribute as you mentioned, to eliminate that as a potential problem. After running the sync again, the errors are exactly the same:

Here are the details in the Event log for t he «no-start-ma» error:

The extensible extension returned an unsupported error.
The stack trace is:

«System.Web.Services.Protocols.SoapException: Server was unable to process request. —> Attempted to perform an unauthorized operation.
at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointConnector.OpenImportConnection(KeyedCollection`2 configParameters, Schema schema, OpenImportConnectionRunStep importRunStep)
Forefront Identity Manager 4.4.1302.0″

And here are the details in the Event log for t he «stopped-extension-dll-exception» error :

The extensible extension returned an unsupported error.
The stack trace is:

«System.Web.Services.Protocols.SoapException: Server was unable to process request. —> Attempted to perform an unauthorized operation.
at Microsoft.IdentityManagement.Connector.Sharepoint.SharepointConnector.OpenExportConnection(KeyedCollection`2 configParameters, Schema schema, OpenExportConnectionRunStep exportRunStep)
Forefront Identity Manager 4.4.1302.0″

Any idea how to fix those?

Firstly I want to ensure I have this setup correctly. That is why I am hoping for a simple «hello world» that will walk me through the setup step-by-step. I feel like the problem is with the setup rather than with specific profiles.

In the «Management Agents» tab, why do I only see «FULLSYNC» for AD, and «DELTASYNC» for SP, when the Run tab (Operations tab) shows additional operations are happening, like FULLIMPORT? I don’t need to understand how all this works, as long as it works. But I thought perhaps that could be causing a problem.

Also, I looked here:

Could this be causing a problem? I’m trying to understand what is needed with the scripts, based on that web page.

Thanks very much, any assistance you could provide would be greatly appreciated.

Источник

Smartadm.ru