Troubleshooting the Profiles System
For the latest version of Commerce Server 2007 Help, see the Microsoft Web site.
This section contains information related to troubleshooting some problems that you might experience when programming the Commerce Server Profiles System.
Event Viewer
Commerce Server stores all events and errors in a single event log. You can view this log by using the Event Viewer provided with the operating system.
Performance Issues
Using SQL Server Windows Authentication
If a high rate of SQL Server logons affects your Web site's performance and you are using Windows authentication to connect to SQL Server, you can change one of the following registry settings to improve performance:
If you are using the 32-bit version of Commerce Server, change the value of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007\Profiles\UnsafeAuthenticatedConnectionSharing registry key to 1.
If you are using the 64-bit version of Commerce Server, change the value of the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Commerce Server 2007\Profiles registry key to 1.
You must consider your environment and security requirements before changing this registry value. The default value of 0 (zero) offers better security but potentially slower performance because it forces a logon and logoff for each Profiles System database connection. If your Web site uses impersonation to connect to Profiles System resources, there is a security risk when you change the default value. When you set the value to 1, new SQL Server logons are not forced for each connection to the Profiles System database from the connection pool. Instead, old connections from the connection pool are recycled and retain the security permissions from the last impersonated user. As a result, a new Web user connects to the Profiles database under the security context of a previous user. This poses a security risk.
Common Errors
Active Directory Password Complexity Policy
System.Runtime.InteropServices.COMException (0xC1003E84): A failure was encountered while attempting to set the 'unicodePwd' attribute on the newly created User object in Active Directory. Please verify that the user context under which this operation is being attempted has sufficient privileges, and try this operation again.
If you see this error message, the password complexity policy for Active Directory directory service may not have been met when a new user was created. To resolve this error, make sure that passwords comply with password complexity policies.
Loading Editor error message
This error message relates to the default security settings on Windows Server 2003 Enterprise Edition. The profile editor contains some VBScript and Jscript. The script cannot be loaded when the Internet Explorer security level is set to high. You must change the security level in Internet Explorer.
To change the security level in Internet Explorer
In Internet Explorer, on the Tools menu, click InternetOptions.
In the InternetOptions dialog box, on the Security tab, click the TrustedSites icon.
In the TrustedSites section, click Sites.
In the TrustedSites dialog box, select Selecta Web content zone to specify the security settings, and then click OK.
In the InternetOptions dialog box, click Sites.
In the TrustedSites section, in the Add this Web site to the zone section, type http://<Commerce Server Web server computer name>, and then click Add.
Close all dialog boxes and Internet Explorer.
Miscellaneous Tips
Using Direct Mail Static Lists to Send Personalized E-Mails
You can use direct mail static lists to send personalized e-mail messages only if the list contains the UserID field that Commerce Server exports from the Profiles System. Commerce Server uses this GUID value to uniquely identify a user in the Profiles System. If your exported list does not contain the UserID field or it is blank, you can create a static list by appending an expression instead of entering individual e-mail addresses. This way Commerce Server extracts the UserID value from the Profiles System. For more information about how to create static lists, see How to Create a New Direct Mail List.
Cookie Encryption
By default, cookies are encrypted on Commerce Server sites. However, you can disable encryption. This can be useful for debugging. Never disable cookie encryption on a production site. To disable encryption, use the Commerce Server Manager in the CS Authentication node under Global Resources. Set the Enable Encryption property to a value of 0. For more information about how to configure the CS Authentication Resource, see https://go.microsoft.com/fwlink/?LinkId=76899. Make sure that you set the value back to -1 to re-encrypt cookies. For more information about how to set this property, see Global Resources Node.
Note
The CS Authentication node only applies if you are using legacy authentication. We recommend in Commerce Server 2007 to use the UPM membership provider for authentication.
Deprecated Issues
AuthManager and AuthFilter are deprecated features in Commerce Server 2007. In Commerce Server 2007, the Commerce Server Membership Provider replaces them. However, if you are using AuthManager, you may experience technical issues. This section will help you troubleshoot issues that may occur.
AuthManager
If you are using AuthManager, you may see the following error when you try to retrieve the query string for an authenticated user:
UPM-AUTH: Error: while getting the query string for authenticated user.
To troubleshoot this error and to determine the contents of the cookie, perform a Network Monitor trace to view the cookie header for the incoming request and for the outgoing response.
AuthFilter with Active Directory Accounts
If you are using AuthFilter with Windows authentication, the Active Directory or local Windows account settings do not take effect. Upon disabling an account, the Siteauth.dll component does not appear to honor user-password TTL. You can resolve this issue by altering the Microsoft Internet Information Services (IIS) security token cache settings. For more information about this issue, see KB article 840582 at https://go.microsoft.com/fwlink/?LinkId=7982.