none
FIM Service Fails to Start RRS feed

  • Question

  • Hello,

    The FIM service on my FIM portal server fails to start if I reboot the FIM portal server by itself - if I try to restart the service manually I get a generic "cannot start service" message.

    If I power down my synchronisation server, FIM service DB server and fim portal server, then power them on in sequence with a delay of a few minutes between each server, the FIM service on my portal server works fine and I can access the portal. Has anyone else come across this - I would have thought you could independently reboot the FIM portal server without any issues.

    Thanks

    Monday, June 9, 2014 2:46 PM

All replies

  • check event viewer - you would find the answer, why it is not working. Maybe a password for service account has been changed? Or fimservice is looking for sql dependency on the same host (it happen sometimes). Maybe some GPO were changed and account is unable to start servic? Find your answer in event viewer!

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, June 9, 2014 5:05 PM
  • Hi Dominik,

     I thought the FIM service would start after I powered on the servers in sequence - that hasn't worked. I'm using a distributed architecture:

    fimsync - sync server (fim sync service) + sql db
    fimsql - sql db for fim service
    fimportal - runs fim portal + fim service (uses SharePoint Foundation 2010)

    On my fim portal server the "Forefront Identity Manager Service" and "Claims to windows token service" fail to start - both give a 1053 error: service did not respond to start control in a timely manner.

    Looking through the event logs, I see the following critical error

    "SQL Database "SharePoint_Config_xxxx" on SQL Server Instance xxxx not found
    Cannot open database SharePoint_Config_xxxxxxxxxxxxxxxxxx" requested by the login. The login failed for user NT authority\network service"

    There also some 8095 warnings regarding SharePoint "Usage logs are reaching the configured storage limit (5). Please increase the maximum storage settings, otherwise older files will be deleted once the limit is reached."

    The SQL instance on fimportal runs under network service OK and I can open the SharePoint Central Administration site which gives 3 errors:

    1. Outbound email has not been configured
    2. Available drive space is less than 5 times the value of physical memory.
    3. NT Authority\Network Service, the account used for SharePoint timer service and central administration site, is highly privileged and should not be used for any other services. The following services were found to be using this account: SPUserCodeV4(Windows Service)

    One thing which strikes me as odd is that within the Central Administration console, the "Claims to Windows Token Service" is listed as started, but within Windows the service is showing as not running.

    All other services are running on other FIM servers OK.

    I suspect this may be caused by the SharePoint Foundation SQL Database, but solving the issue is proving tricky.

    Any tips appreciated.

    Thanks

    Tuesday, June 10, 2014 11:28 AM
  • Peter,

    I thought the FIM service would start after I powered on the servers in sequence
    Yes, it should work.

    Has it worked before? which SharePoint version is that?

    If it is SharePoint 2013 have you turned off auto-update? (http://blogs.technet.com/b/wbaer/archive/2012/07/17/introduction-to-upgrade-in-sharepoint-server-2013.aspx) - http://technet.microsoft.com/en-us/library/jj863242(v=ws.10).aspx


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, June 10, 2014 11:44 AM
  • It's SharePoint Foundation 2010 and it did work before, but I suspect it may not be the same issue.

    Thanks

    Tuesday, June 10, 2014 11:54 AM
  • Did you recently add a new custom activity or AIC to the portal or the the FIM service folder?  I had this problem once and it turned out it was caused by some custom code that I had developed.


    Tuesday, June 10, 2014 1:28 PM
  • Hi Scott,

     No configuration changes have been made - I've been off for a few weeks, but in my absence from what I've been told no one has modified any settings. It could be an account, certificate or GPO change, but getting to the bottom of the issue is difficult.

    Several other services fail to also start:
    Claims to Windows token service
    SharePoint administration service

    They all report the same time out error.

    I've checked the "SQL Database "SharePoint_Config_xxxx" and network service has connect permissions. The database is configured for unrestricted growth and the log file has a 2GB limit, but is currently around 50MB.

    It feels like a SharePoint\SQL issue, but none of the errors below seem like they would stop the service from running:

    1. Outbound email has not been configured
    2. Available drive space is less than 5 times the value of physical memory.
    3. NT Authority\Network Service, the account used for SharePoint timer service and central administration site, is highly privileged and should not be used for any other services. The following services were found to be using this account: SPUserCodeV4(Windows Service)

    1. We're not using email notifications.
    2. There are several GBs free and SQL DB limits are not being hit
    3. None of the service configuration has changed, so I'm not sure why this should suddenly be an issue.


    Tuesday, June 10, 2014 1:38 PM
  • If everything else starts correctly link FIM Sync and FIM Service then I would agree that something is going on the with the SharePoint logon.

    1. Confirm that the AD account is enabled, the password is set not to expire and it is not in an AD group that is causing a GPO to lock it down.
    2. Take a look at the the local security policy settings on the SharePoint server and confirm that all is set correctly.
    3. Perhaps something is hosed in SharePoint.  You might want to review this article on configuring SharePoint 2013 even though you have 2010.  I have found it helpful -- > http://www.harbar.net/articles/fimportal.aspx

    Good luck!

    Thursday, June 12, 2014 5:43 PM