Once upon a time, I installed, err I should say, I attempted to install User Profile Service and when I went to get it to start synching with active directory, I ran into the issue of the synchronization service instance stuck on starting. It didn’t matter if I rebooted the vm or not.
Here’s what I didnt do:
I did not mess with the FIM services in services.msc; because doing this will seriously jack things up!!
Here’s what I missed:
- I failed to create the user profile service application under the farm account, and
- I failed to make sure the account used to create the sync had replicate directory changes in the domain : http://support.microsoft.com/kb/303972, and,
- I failed to make sure the farm account had logon local in local security policy.
- Note: you dont have to use the farm account, and it is advisable to use a differnt account, but that account will need local admin on your front end, or appropriate local permissions so that it can start stop services, run process, load tokens, ettc (in short, look at what administrators group had in secpol.msc and the account needs those rights)
Here’s how I fixed it:
I gave the farm account the right permissions on the local vm, and then made sure the account used to create the sync connection after the sync service is started had replicate directory changes permissions in the domain.
I ended up having to remove the service application proxy, service application, and then the application pool using powershell.
These are the generic one-liners that I used to remove the service app, proxy, and application Pool:
Remove the proxy
get-spserviceapplicationproxy | where-object {$_.typeName -like "User pro*"} | remove-spserviceapplicationproxy -removedata
Remove the service application
get-spserviceapplication | ? {$_.typeName -like "User pro*"} | remove-spserviceapplication -RemoveData
http://technet.microsoft.com/en-us/library/ff607874(v=office.15).aspx
and finally
Remove the service application pool (if applicable, run without the remove first)
get-spserviceapplicationpool | ? {$_.Name -like "user*"} | remove-spserviceapplicationpool
This put me back at square one, no user profile service application installed.
Re-install service application, use farm account
This order is REALLY Important
Then I started the service instance for the User Profile Service on the services on server page
Next, I went to manage service applications to create the service application > New > filled out the fields for the User Profile Service application making sure to run it under the farm account.
Then I started the User Profile Synchronization service from the services on server page,
after that was started, I did an IISreset on all servers in my farm, with exception of SQL, and then I configured the sync settings, did a full synch on all users, then did a full synch on users and groups, and then set the incremental synch to occur off hours and daily.
Cheers,
Stacy
One thought on “User Profile Stuck on Starting”
Comments are closed.