User Profile Stuck on Starting

Once upon a time, I installed, err I should say, I attempted to install User Profile Service and when I went to get it to start synching with active directory, I ran into the issue of the synchronization service instance stuck on starting.  It didn’t matter if I rebooted the vm or not.

Here’s what I didnt do:

I did not mess with the FIM services in services.msc; because doing this will seriously jack things up!!

Here’s what I missed:

  • I failed to create the user profile service application under the farm account, and
  • I failed to make sure the account used to create the sync had replicate directory changes  in the domain : http://support.microsoft.com/kb/303972, and,
  • I failed to make sure the farm account had logon local in local security policy.
  • Note: you dont have to use the farm account, and it is advisable to use a differnt account, but that account will need local admin on your front end, or appropriate local permissions so that it can start stop services, run process, load tokens, ettc (in short, look at what administrators group had in secpol.msc and the account needs those rights)

Here’s how I fixed it:

I gave the farm account the right permissions on the local vm, and then made sure the account used to create the sync connection after the sync service is started had replicate directory changes permissions in the domain.

I ended up having to remove the service application proxy, service application, and then the application pool using powershell.

These are the generic one-liners that I used to remove the service app, proxy, and application Pool:

 

Remove the proxy

 

Remove the service application 

 

http://technet.microsoft.com/en-us/library/ff607874(v=office.15).aspx

and finally

Remove the service application pool (if applicable, run without the remove first)

 

 

This put me back at square one, no user profile service application installed.

Re-install service application, use farm account

This order is REALLY Important

Then I started the service instance for the User Profile Service on the services on server page

 

Next, I went to manage service applications to create the service application > New > filled out the fields for the User Profile Service application making sure to run it under the farm account.

 

Then I started the User Profile Synchronization service from the services on server page,

after that was started, I did an IISreset on all servers in my farm, with exception of SQL, and then I configured the sync settings, did a full synch on all users, then did a full synch on users and groups, and then set the incremental synch to occur off hours and daily.

Cheers,

Stacy

One Response

Leave a Reply