none
FIMSynchronization Service not starting - O365 Dirsync RRS feed

  • Question

  • Hi,

    I have Dirsync installed for O365 and its been working perfectly for the past couple of weeks but when I logon today the FIM service was stopped and when I tried to start I  get errors below. The account obviously as it has been working does have full access to the reg key.

    Log Name:      Application
    Source:        FIMSynchronizationService
    Date:          04/08/2013 14:07:58
    Event ID:      6208
    Task Category: Database
    The server encryption keys could not be accessed. 
     User Action
     Verify that the service account has permissions to the following registry key:
     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service
     

    The Forefront Identity Manager Synchronization Service service terminated with the following service-specific error:

    %%2149781504


    Celtic

    Sunday, August 4, 2013 1:17 PM

All replies

  • I have just noticed that update rollup rollout for sql server 2012 service pack 1 (kb279634) installed on the day the service started failing?

    Celtic

    Sunday, August 4, 2013 1:39 PM
  • re run the sync setup and repair the sync service.

    Thanks

    Deepak



    Sunday, August 4, 2013 5:00 PM
  • Celtic,

    It is unlikely that the SQL patch itself caused the problem but I bet that you rebooted after applying patch(es) and that is why this started the same day.

    I would check the following items:

    -did someone change the service account via any method other than going through a  change-mode install?

    -does the service account actually have permission to that reg key; did the permission on the reg key change recently

    -the registry key should specify a location for where the encryption key is, is the encryption file in the spot it is supposed to be in; permission on this file change?

    Monday, August 5, 2013 4:25 AM
  • Re-running sync setup fails

    - I don't believe so. The account is local .\AAD_0bfdeaee74ff

    - The user .\AAD_0bfdeaee74ff has full permissions to that reg key

    - location has not changed


    Celtic

    Tuesday, August 6, 2013 10:37 AM
  • I have re-run setup on a fresh new server and I got the exact same issue

    Celtic

    Tuesday, August 6, 2013 2:56 PM