SharePoint 2010 - User Profile Service Application flooding the logs with Event ID 3

I have seen now a few times in a few different organisations, the dastardly issue of the event logs getting flooded with Event ID 3, details of this event below - settle in people, this makes an interesting read....

Log Name:      Application
Source:        Forefront Identity Manager
Date:          28.3.2012 11:13:01
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     server
Description:
Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-03-28T09:13:01.000000000Z" />
    <EventRecordID>386413</EventRecordID>
    <Channel>Application</Channel>
    <Computer>server</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement: System.Data.ConstraintException: Schema validation failed.
   at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
   at Microsoft.ResourceManagement.ActionProcessor.ActionDispatcher.ProcessInputRequest(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction(RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.ExecuteAction[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request, Guid requestIdentifier, Object redispatchSingleInstanceKey)
   at Microsoft.ResourceManagement.WebServices.RequestDispatcher.DispatchRequest[ResponseBodyType](RequestType request)
   at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Create(Message request)</Data>
  </EventData>
< /Event>

Now, if we look at the ULS log related to this error, we can narrow in a little on the cause:

ULS logs:
UserProfileApplication.SynchronizeMIIS: Error updating users with FIM permissions: Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: Unable to process Create message    
 at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.CreateResource()  
 at Microsoft.Office.Server.Administration.UserProfileApplication.UpdateFIMUser(SchemaManager schemaManager, String userName, String accountName, String domain, Byte[] userSid)  
 at Microsoft.Office.Server.Administration.UserProfileApplication.SynchronizeMIISAdminsList(Hashtable htPermittedUsers)  
 at Microsoft.Office.Server.Administration.UserProfileApplication.SetupProfileSynchronizationEnginePermissions().

OK, so I told you it was an interesting read, well I lied. Let me make a long story short.
Basically this error seems to not cause an serious problems, the User Profile Sync works without error, no issues with profiles or the like syncing to or from Active Directory, but still its not nice to have this bad boy flooding the event log every day.

The fix? Well, this is actually to do with the administrative account(s) over the UPSA, now this could be the account the you run central admin with or to do with accounts added as delegated administrators over the service app.

 

 

You may have added an Active Directory group as an administrator over the user profile service, for updating profiles or the like. Or you may have added a single user in the box above to grant similar delegation. Notice the two lowermost accounts in the screenshot above? Both of these will cause the error in the event log.

 

The key boils down to there being a blank somewhere in a name field of this account in AD, I think particularly 'Pre Windows 2000 name' field visible in AD Users and Computers.

I have added administrators with account names without spaces for the UPSA without errors, but anytime I have used groups or accounts with spaces the errors occur.

The fix is to simply remove these accounts from the list of administrators. Now if your farm account has a space then.... This may be a slight issue  :)

Chris