Wednesday, 30 November 2016

FIM2010 Troubleshooting: Stopped extension dll load

Intro

When uploading a new extension to an existing deployment and trying to sync, the error "Stopped-extension-dll-load" was occurring. The deployment was already using rules extensions, so I did not expect any issues with .Net. After some basic troubleshooting steps, checking the .Net build version of the extensions, restarting services, checking the event viewer I found a hint to the solution.

Issue

Following info was loggend in the eventviewer.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="49152">6300</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-02T15:33:07.000000000Z" />
    <EventRecordID>523064</EventRecordID>
    <Channel>Application</Channel>
    <Computer>FIM</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
Could not load file or assembly 'file:///C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\MVRulesExtension.dll' or one of its dependencies. 
Operation is not supported. (Exception from HRESULT: 0x80131515) 
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) 
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) 
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) 
at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) 
at Microsoft.MetadirectoryServices.Impl.ScriptHost.InitializeWorker(InitializeArguments pArgs) InnerException=&gt; 
An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. 
This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous.
If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. 
See http://go.microsoft.com/fwlink/?LinkId=155569 for more information. 
InnerException=&gt; none
    </Data>
  </EventData>
</Event>

Solution

After checking the provided link and googling more info using the inner exception quoted below, it was pretty clear how to solve it.
An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch.
The error went away after adding the loadFromRemoteSources switch to the runtime part of the FIM configuration file miiserver.exe.config, located in the "Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin" folder.
<configuration>
  [...]
  <runtime>
    [...]
    <loadFromRemoteSources enabled="true"/>
  </runtime>
</configuration>

Conclusion

It's still a mystery why this issue would arise after adding a new dll to a deployment that was already using extensions for a year without problems. Hopefully will this article be helpful for someone having the same cause for his stopped-extension-dll-load error.