Tuesday, August 3, 2010

Error: Replication access was denied. error code: 8453

Error:
Replication access was denied. error code: 8453

Reason:
You will get this error, while you are trying to crawl the people from Active directory in SharePoint 2010. 

During the people search configuration, the the number of people will not be crawled in SharePoint 2010. Also, you cannot get the actual error straightaway. The right way to get the actual error message is, you have to use the Synchronization service manager. You can get this tool inside the SharePoint server at the below path:
C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe 

In this tool, if you "Run" the Profile Import, under the "Operations" tab, you will get the above error message. The error screenshot may be like below:


















Solution:
The resolve this issue, we must provide the access rights to the service account of the "User Profiles" service. OK. What kind of access rights needs to be provided? 

The user should have the "Replicating Directory Changes" Permission in the active directory. To provide this rights to the "service account" user, follow the below steps:

1. Login into the Active directory server.
2. Open the "Active Directory Users and Computers" console.  (C:\WINDOWS\system32\dsa.msc)
3. Right click on the "Domain name" and goto "properties".


















4. Go to security tab and Select the specific service account user. (If the user is not listed, you can add the user by clicking the "Add" button in the same screen).
5. Scroll the Permissions and select the "Replicate Directory Changes" option like the below image.



























Thats it...

7 comments:

  1. Thanks. Just found this problem and this fixed it.

    ReplyDelete
  2. You are the man, this solves my problem

    ReplyDelete
  3. I did not find it.. Its not availble in my AD... My AD is 2003 server

    ReplyDelete
  4. Its trying to access my exchange server and throwing this error, I am not understanding where its picking up the exchange server, as far as I know it should not be connecting with exchange. Am I missing something here, its throwing the same error as above but has my exchange.abc.org (example) for DS_FullImport its failing there. Any suggestions?

    ReplyDelete
  5. Thanks, this solved me my problem...

    ReplyDelete