none
Errors attempting to start the User Profile Synchronization Service

    Question

  • Hello,

    I'm attempting to setup the User Profile service and am stuck at the point of getting the "User Profile Synchronization Service" to start.  In the ULS logs, there is a series of entries that seem to suggest that it's close to being started, but then gets rolled back.

    Below is the meat of the ULS logs for this sequence of events:

    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx2	Medium	The service instance User Profile Synchronization Service is successfully provisioned.
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: databaseServerMiis = SP2010DEV-SQL
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: originalSyncConnectionString = Data Source=SP2010DEV-SQL;Initial Catalog="Sync DB";Integrated Security=True;Enlist=False;Connect Timeout=15
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check::  originalSyncConnectionDataSource = SP2010DEV-SQL
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: new datasource string on connection object = SP2010DEV-SQL
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	High	Exception trying to write the management agent stack size for the Moss MA. System.UnauthorizedAccessException: Access to the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\MOSS-82f7f71e-22fc-4065-8359-e3e8d961633f' is denied.
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx9	High	ProfileSynchronizationService: Provisioning TImer Job encountered an exception: System.UnauthorizedAccessException: Access to the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\MOSS-82f7f71e-22fc-4065-8359-e3e8d961633f' is denied.
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx5	Medium	Unprovisioning service instance User Profile Synchronization Service.
    
    OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx6	Medium	The service instance User Profile Synchronization Service is successfully unprovisioned.


    Any idea what this means and how to fix it?

    Thanks!

    • Edited by sdfsda Tuesday, September 27, 2011 7:32 PM
    Tuesday, September 27, 2011 7:31 PM

Answers

  • Make sure when you added it to Local Admins you rebooted the server in order for the security token to take effect.
    http://sharepoint.nauplius.net
    • Marked as answer by sdfsda Tuesday, September 27, 2011 9:59 PM
    Tuesday, September 27, 2011 9:29 PM
    Moderator
  • Looks like your Farm Admin (user running owstimer.exe) isn't a Local Administrator on the SharePoint Server.
    http://sharepoint.nauplius.net
    • Marked as answer by sdfsda Tuesday, September 27, 2011 9:59 PM
    Tuesday, September 27, 2011 7:32 PM
    Moderator

All replies

  • Looks like your Farm Admin (user running owstimer.exe) isn't a Local Administrator on the SharePoint Server.
    http://sharepoint.nauplius.net
    • Marked as answer by sdfsda Tuesday, September 27, 2011 9:59 PM
    Tuesday, September 27, 2011 7:32 PM
    Moderator
  • restart your IIS and try again


    Aryan Nava | Twitter: @cloudtxt | Blog: http://virtualizesharepoint.com
    Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.

    Disclaimer: This posting is provided "AS IS" with no warranties.

    Tuesday, September 27, 2011 8:01 PM
  • Nope, ensure it was added and re-ran, exact same errors.
    Tuesday, September 27, 2011 8:36 PM
  • Did this several times.

    Tuesday, September 27, 2011 8:36 PM
  • how do you check that? Go to Administration > Services and check under which account owstimer service is running. Is it really farm admin account (it may be changed by someone)?

    Also open regedit and check that mentioned registry key exists here.


    Blog - http://sadomovalex.blogspot.com
    CAML via C# - http://camlex.codeplex.com
    Tuesday, September 27, 2011 9:28 PM
  • Make sure when you added it to Local Admins you rebooted the server in order for the security token to take effect.
    http://sharepoint.nauplius.net
    • Marked as answer by sdfsda Tuesday, September 27, 2011 9:59 PM
    Tuesday, September 27, 2011 9:29 PM
    Moderator
  • Yes, that's exactly how I confirmed it.  My farm admin account had not been added yet, so I did so, but still same result.  Now attempting a restart also.
    Tuesday, September 27, 2011 9:49 PM
  • Isn't that a security risk adding Farmadmin to the local administrators group? All documentation on installing SP 2010 clearly states that farmadmin should not be a member of local admin group.

    http://technet.microsoft.com/en-us/library/ee662513.aspx

    Tuesday, November 29, 2011 4:16 PM
  • It isn't a security risk per se, but it isn't best practice.  However, if you're using a SharePoint backup method to back up a UPA, the Farm Admin (Timer Service) account must remain as a Local Administrator, otherwise the UPSS will not provision properly after the backup of the UPA has completed.
    http://sharepoint.nauplius.net
    Tuesday, November 29, 2011 4:46 PM
    Moderator
  • I see - good to know! They don't mention that part in this other article I found.

    There they state that you can start up the UPS with Farmadmin in local admin group and then remove it from group once it's started.

    http://technet.microsoft.com/en-us/library/gg750257.aspx#farmPerms

    Thursday, December 01, 2011 9:36 AM
  • Try giving/Check local admin access to Server Farm account on the server where you are trying to start the Profile Sync service:

    Server farm account as per https://technet.microsoft.com/en-in/library/cc263445.aspx#Section3

    Server farm account

    This account is also referred to as the database access account.

    This account has the following properties:

    • It's the application pool identity for the SharePoint Central Administration website.

    • It's the process account for the Windows SharePoint Services Timer service.

    Saturday, May 02, 2015 9:29 AM