INTRODUCTION
When I tried to run SharePoint User Profile Synchronisation nothing happened. The status was sitting at “Synchronising (0)”.
When I opened Event Viewer it showed:
==
The management agent “MOSSAD-XXXXXX” failed on run profile “DS_FULLIMPORT” because of connectivity issues.
==
Then when I dig further and run the following application:
C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe
I got the following error message:
Error: Replication access was denied. error code: 8453
CAUSE
The service account that is used to do the crawl does not have replicating access. Please refer to this post for solution:
http://sensoft2000-sharepoint.blogspot.com/2010/08/error-replication-access-was-denied.html
SOLUTION
Based on the following post, the resolution is as follows:
http://sensoft2000-sharepoint.blogspot.com/2010/08/error-replication-access-was-denied.html
==
The resolve this issue, we must provide the access rights to the service account of the “User Profiles” service. OK. What kind of access rights needs to be provided?
The user should have the “Replicating Directory Changes” Permission in the active directory. To provide this rights to the “service account” user, follow the below steps:
1. Login into the Active directory server.
2. Open the “Active Directory Users and Computers” console. (C:\WINDOWS\system32\dsa.msc)
3. Right click on the “Domain name” and goto “properties”.
4. Go to security tab and Select the specific service account user. (If the user is not listed, you can add the user by clicking the “Add” button in the same screen).
5. Scroll the Permissions and select the “Replicate Directory Changes” option like the below image.
==
Cheers,
Tommy
