Correct order
Make sure to provision the service in the correct steps (start ups service, create the service app, start sync service, configure sync inside service app, run full sync(s))
Make sure that the identity (account) that the web application for your my site host is an admin on the server
Follow the order below:
Create a web application for the MySite Host, run the web app with the account used to sync with active directory. (Really has no bearing on the service starting, and is not needed)
This web application will be used to host the Site collection for the My site host. It would not be a host named site collection; because self service site creation does not work within a host named site collection.
Create the Mysite host in the root of the web app, as the root site collection
Create a managed path on the web application, that will use a wildcard explicit, the oob managed path is named Personal
Make sure the sync account has the correct permission in your domain, it works best if is across the whole domain, because you cannot choose to use a granular approach and only give “Replicate Directory Changes” at certain OU’s since the configuration container is at the domain level. Again, it works better if that is set for the entire domain. Make sure “Replicate Directory Changes” is set for the configuration container ( cn=configuration container. ) too, if the NetBIOS name of the domain differs from the domain name. Here’s a great post that even has a script that checks this, in case your AD guys are not sure if they set it or not.
From Services on Server turn on the User Profile Service. Please note: this is not found within the windows services, it is found within central admin. In fact, you should avoid the FIM services in windows services, other than watching them start, unless advised by Microsoft.
From Manage service applications, create a User Profile Sync service app if the server does not have UAC enabled. Your best bet is to create the UPA using a powershell that is running as the farm account. Spencer Harbar has detailed this approach out on his blog: http://www.harbar.net/archive/2010/10/30/avoiding-the-default-schema-issue-when-creating-the-user-profile.aspx
If the server does not have UAC, you still dont want to start this service from Services on Server. Your best bet is to modify the scripts that Spencer provides to suit your farm.
After the sync starts
Open the User Profile service application, create a connection to the domain, use port 636 if running on SSL, and leave default 389 if not running SSL.
choose your OU’s where the accounts are located, run a full sync for users, then for users and groups.
Important things to remember:
START the USER PROFILE SERVICE – – make super sure to do this before you make the User Profile Service Application!!!! <–this entire sentence should really be in all caps
Then after UPS is started, create the Service Application and then start the sync service (UPSS) via the powershell and not from the service on server page in Central Admin.
Then configure your sync connections, etc, run full sync and so on and so forth, and go ahead and create the mysite host now, or if you already created it, just update the settings to let the UPS know
the url to the mysite host.
If you get into a stuck on starting state
In other words, if you cant get the user profile sync to start, make sure you’re giving it enough time to do its deed. You can watch the files at the “OS Level” get created at C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\MaData provided you installed SharePoint completely on C:. If your company asked you to install as little as possible on C, then replace C with whichever drive letter you used when running the initial psconfig wizard during install of SharePoint.
If you are not seeing a folder named ILMMA, MOSS- and a file named UpdateFile getting created, then the process is truly hung and you should start over from the provisioning of the User profile service app. Perform an IISreset and then remove the user profile service application.
This post has the steps to remove the user profile service application: http://anothersharepointblog.com/user-profile-stuck-on-starting
This post has a more granular step by step of the user profile service creation process: http://anothersharepointblog.com/configuring-user-profile-synchronization-service-applications-for-sharepoint-2010-or-sharepoint-2013