none
New DC and now FIM Synchronization Manager will not start

    Question

  • Hi everyone, was hoping for some guidance here.

    Have a SP2010 running on a server and a 2008 DC. Works fine. I have deployed a 2012 DC, I wanted to remove the 2008 DC, but for the time being before I'm sure everything works ok, I have shut it off. I can authenticate fine in Exchange, but in SP2010, the Forefront Identity Manager Synchronization Service will not start and gives me "error 1053".

    The service account it uses is a domain\sp10farm acct which other services are using as well and they start up just fine, it is only this service that fails.

    I see a lot of cannot connect to the DB in the event log as well.

    Once I turn on the 2008 DC, the service starts up fine. Anyone point to what I might be missing here?

    Thanks a bunch,

    Wednesday, July 17, 2013 9:06 PM

Answers

  • Did you switch over Domain Naming and Schema Master as well?  Don't forget to do that first.

    No, simply switching over the FSMO roles is not enough.  You need to dcpromo a DC that is no longer active.  Don't forget to change the client's TCP/IP DNS entries to not refer to the former DC.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Wednesday, July 17, 2013 9:42 PM
    Moderator
  • As Trevor pointed out you cannot simply shut off a domain controller because all of the locator records are left in DNS which will cause intermittent auth failures.

    MCITP-EA | "Never test how deep the water is with both feet"


    Thursday, July 18, 2013 12:28 AM

All replies

  • Try dcpromo'ing the 2008 DC.  Generally you shouldn't keep a DC 'offline' for any period of time as clients may have issues with domain services (because they cannot contact a particular DC).

    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, July 17, 2013 9:38 PM
    Moderator
  • Thanks, what I did do is switch the Roles of RID, PDC and Infrastructure over to the 2012 DC and that did not help. This is not a live environment though, so I'm testing before touching any production stuff :D
    Wednesday, July 17, 2013 9:41 PM
  • Did you switch over Domain Naming and Schema Master as well?  Don't forget to do that first.

    No, simply switching over the FSMO roles is not enough.  You need to dcpromo a DC that is no longer active.  Don't forget to change the client's TCP/IP DNS entries to not refer to the former DC.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Wednesday, July 17, 2013 9:42 PM
    Moderator
  • As Trevor pointed out you cannot simply shut off a domain controller because all of the locator records are left in DNS which will cause intermittent auth failures.

    MCITP-EA | "Never test how deep the water is with both feet"


    Thursday, July 18, 2013 12:28 AM
  • Thanks all for the help, will update, turns out issue was SP was pointing to incorrect database and that was causing the connectivity issue preventing the service from starting.
    Tuesday, July 23, 2013 4:10 PM