User Profile Synchronization Service issue RRS feed

  • Question

  • I am seeing the following error when starting the SharePoint 2013 User Profile Synchronization service.

    The FIM service runs under the spfarm account and the farm account is a local administrator on the web and app server.

    Also, the account has logon locally rights, does not belong to any groups in the deny logon locally permission set.

    The user has Replicate Directory Permissions on AD set as well.

    The error message displayed is:

    UserProfileApplication.SynchronizeMIIS: Failed to configure MOSS initial MAs, will attempt during next rerun. Exception: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied     at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime)     at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)     at Microsoft.Office.Server.UserProfiles.Synchronization.MVConfiguration..ctor(Guid resourceIdentifier)     at Microsoft.Office.Server.UserProfiles.Synchronization...

    The error occurs just after logging the following message in the ULS log:

    ILM Configuration: The ExportMiisEncryptionKey process completed successfully

    I can see http 500 messages in Fiddler after OWSTimer makes wcf calls to http://<servername>:5725/ResourceManagementService/Resource

    When using MIISCient, the ILMMA appears but then stops within a few minutes.

    Has anyone seen this and does anyone know what permissions are needed to deal with this permission denied exception?

    Wednesday, April 30, 2014 11:31 AM

All replies

  • Sorry Dylan but this is the wrong forum for your question - you need to post this on the relevant SharePoint forum - although there is an "appliance" version of the FIM sync engine baked into SharePoint for user profile syncs, the rules for managing this are completely unique to the SharePoint platform.

    Bob Bradley (FIMBob @ ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Proposed as answer by UNIFYBobMVP Sunday, November 23, 2014 1:07 PM
    Friday, May 16, 2014 3:18 PM