The synchronisation issues in GALSync can sometimes be relatively easy as deleting a conflicting object on the target Active Directory or as complicated as pulling your hair for many days trying to decode the error messages to find the root cause. One of these cases is when the Contact objects start to duplicate endlessly in multiple domains. The reasons for such duplications can vary. I will focus on one of those that I came across recently as I was pulling my hair thinking how to fix it for a while.
A few days ago, we received a ticket from a user stating that NDRs are being sent for one of the users when emails are sent to him. The NDR led to us discovering that the recipient had multiple Contact objects making Exchange to fail email delivery. As soon as we saw that, we went ahead with the simple solution of deleting the duplicate contacts to resolve the situation. After an hour, we started to see the duplicates being created again, one per hour, bu only for a Room Mailbox. As soon as we saw that, I immediately jumped into GALSync to investigate this and resolve it with almost no prior experience with it – so you can imagine how that went! While I had worked with FIM and MIM before, I had never seen a MIM with that many errors as it was in this case.
In the Synchronization Service Manager console, the error recorded for this object was “ma-extension-error” with no further information. I compared the duplicates and noticed that all common attributes such as the Proxy Addresses of the objects were identical to each other. Then, I started researching online about the error message and reading through whatever related to this issue that I could get hands on. Thinking that this may be due to some issue with the object in the metaverse, I deleted all the corresponding contacts in all the provisioned domains, and disconnected all the connectors of the object, which eventually removed it from the metaverse. An important thing to note is that when you want to remove an object from the metaverse in this manner temporarily and disconnect a (projection) connector, you should select “Disconnector (default)” as the Disconnector State. In the next sync cycle, MIM created the object in the metaverse again and restored the connectors. But, the problem remained. Yet, for some reason, MIM changed the connectors of the object to the latest contacts it created, ignored the existing ones, and continued to do the same.
I checked the event log and found the following detailed error that did not make sense at all.
Event ID: 0 (or 6500)
Log Name: Application
The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
There is an error in Exch2010Extension AfterExportEntryToCd() function when exporting an object with DN CN=ConferenceRoom(2), OU=Contacts, DC=contoso, DC=com.
**** ERROR ****
The property value you specified, “-1073740026”, isn’t defined in the Enum type “Nullable`1”.
**** END ERROR ****
Stack Trace: at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte origAnchor, String origDN, String origDeltaEntryXml, Byte newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)
the message resource is present but the message is not found in the string/message table
So, I went back and did the same object deletions a couple more times with forced replications in the domains to see if that made any difference since MIM was configured to use any preferred domain controllers. Finally, since that did not work, I went back to the event log, and this time, I copied parts of the event and started to search. Surprisingly, the specific part of the error, which did not make much sense, matched with this TechNet Wiki article.
Voila, it stated the reason exactly – the Room Mailbox’s user account was enabled for some reason. I disabled it and let GALSync run for a few more rounds and the issue was finally fixed.
The solution was pretty simple but getting to it was not very simple. I hope this helps you in case you come across the same issue.