MIM 2016 The server encryption keys could not be created. RRS feed

  • Question

  • Hi,

    Appreciate any help in advance.

    I am in the process to trialling MIM 2016. I have tried installing MIM Sync Service and am getting the following error whilst trying to start the service

    FIMSynchronizationService 6202

    The server encryption keys could not be created.
     User Action
     Verify that the service account has permissions to the following registry key:
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service

    I am running Server 2016, Sharepoint Foundation 2013.

    Have tried researching but only came across information of User Profile Service which i dont believe SP Foundation has. Strange thing is that i got this working on another network site.

    Desperate and stuck!

    Kind regards,


    Tuesday, March 27, 2018 10:35 PM

All replies

  • Caiden,

    The error message is providing good information about what to do. When you install the MIM Sync Service it needs to create a set of encryption keys that it uses to store passwords (to connect to AD and other systems) and other secure data. If it can't access that part of the registry then it will have an issue and can't complete the install.

    So use Regedit and look for the key referenced above. When you find it, right click and select permissions. Then click Advanced and go to the effective access tab. Use that to see what are the effective access permissions for the sync service account.


    David Lundell, Get your copy of FIM Best Practices Volume 1

    Sunday, April 1, 2018 4:13 AM
  • Hi David,

    Thanks for the reply.

    I have check the registry and all seems correct. I have a user account MIMSync with full permissions. When I installed the Sync Service I specified MIMSync as the account.

    Is there anything else?

    Kind regards


    Monday, April 2, 2018 11:10 PM
  • Is MIMSync an Administrator on the local box (it shouldn't need to be, but I am curious)?

    A related error is solved by abandoning the key ring but if your install is failing I don't know if it is even leaving you the tool. You could give it a try.

    David Lundell, Get your copy of FIM Best Practices Volume 1

    Tuesday, April 3, 2018 2:42 PM
  • MIMSync is a domain user account with i have also added to the local administrators group. Made no difference.

    I have tried abandoning the key without success.

    I have just tried giving the service my domain admin account and i was able to start the service... so i believe it is a permission issue. But i then tried another domain admin account without success - I dont get it.

    I have read lots of information in regards to permissions in SharePoint and UPS, but i am using Foundation so i do not have access to that section that most refer to.

    Wednesday, April 4, 2018 12:02 AM
  • did you ever figure this out ? I am running into the same issue.
    Tuesday, January 22, 2019 2:44 PM