Originally posted at: FIM2010 Troubleshooting: Stopped extension dll load @ IS4U Blog
Intro
When uploading a new extension to an existing deployment and trying to sync, the error “Stopped-extension-dll-load” was occurring. The deployment was already using rules extensions, so I did not expect any issues with .Net. After some basic troubleshooting steps, checking the .Net build version of the extensions, restarting services, checking the event viewer I found a hint to the solution.
Issue
Following info was loggend in the eventviewer.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="FIMSynchronizationService" /> <EventID Qualifiers="49152">6300</EventID> <Level>2</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2016-11-02T15:33:07.000000000Z" /> <EventRecordID>523064</EventRecordID> <Channel>Application</Channel> <Computer>FIM</Computer> <Security /> </System> <EventData> <Data> Could not load file or assembly 'file:///C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\MVRulesExtension.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515) at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) at Microsoft.MetadirectoryServices.Impl.ScriptHost.InitializeWorker(InitializeArguments pArgs) InnerException=> An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569 for more information. InnerException=> none </Data> </EventData> </Event>
Solution
After checking the provided link and googling more info using the inner exception quoted below, it was pretty clear how to solve it.
An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch.
The error went away after adding the loadFromRemoteSources
switch to the runtime part of the FIM configuration file miiserver.exe.config, located in the “Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin” folder.
<configuration> [...] <runtime> [...] <loadFromRemoteSources enabled="true"/> </runtime> </configuration>
Conclusion
It’s still a mystery why this issue would arise after adding a new dll to a deployment that was already using extensions for a year without problems. Hopefully this article will be helpful for someone having the same stacktrace for his stopped-extension-dll-load error.
The dll is blocked. Go to file properties and unblock the file. No need to edit the miisserver config file.