Another Hybrid BCS Configuration Tip When Importing A BDC Model File

  • Article

The hybrid tips are a little hard to come by, so when I find one I try and share.  This tip is for when you are trying to import a BDC model file into your o365 tenant.  When you import the model file, the import process may get stuck around 6% or so for a bit, and then come back with an error message that says something like this:  The following error occurred:  The internet facing URL for the LobSystem (External System) returned an authentication error.  Error was encountered at or just before Line: ‘57’ and Position: ‘20’.  What's happening is when you import the BDC model, SharePoint makes a call out to the on-premises SharePoint farm via the Internet Facing Url you have defined in your BCS Connection.  When it does that, it uses attributes of the current user and tries to "rehydrate" that user using the user profile on the local farm (see https://blogs.technet.com/b/speschka/archive/2012/08/15/oauth-and-the-rehydrated-user-in-sharepoint-2013-how-d-they-do-that-and-what-do-i-need-to-know.aspx for details on rehydrating users). 

The reason why you would likely see this error is if you are logged into the o365 tenant admin site using an o365 account, like steve@mytenant.onmicrosoft.com. In that case, when the call goes back into the on premises SharePoint farm, it's unable to rehydrate the user because that user has no profile and no account in the local farm. To remedy this error, you need to log into the o365 tenant admin site using an on-premise account. Normally what you will do is after you have set up dirsync between on premises and o365, you will go into the list of users, select one or more of your on-premises users, and make them a Global Administrator. Those users can then log into the o365 tenant admin site just like they do any o365 site - using ADFS or potentially just with their corporate credentials if you are syncing passwords to o365. Again - you just want to make sure that whatever account you use to log into the o365 tenant admin site, that account has a populated user profile in the on premises farm.