Errors attempting to start the User Profile Synchronization Service

Hello,

I'm attempting to setup the User Profile service and am stuck at the point of getting the "User Profile Synchronization Service" to start.  In the ULS logs, there is a series of entries that seem to suggest that it's close to being started, but then gets rolled back.

Below is the meat of the ULS logs for this sequence of events:

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx2	Medium	The service instance User Profile Synchronization Service is successfully provisioned.

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: databaseServerMiis = SP2010DEV-SQL

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: originalSyncConnectionString = Data Source=SP2010DEV-SQL;Initial Catalog="Sync DB";Integrated Security=True;Enlist=False;Connect Timeout=15

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check::  originalSyncConnectionDataSource = SP2010DEV-SQL

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	Medium	SetupSynchronizationService :: Sync DB failover Check :: new datasource string on connection object = SP2010DEV-SQL

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	0000	High	Exception trying to write the management agent stack size for the Moss MA. System.UnauthorizedAccessException: Access to the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\MOSS-82f7f71e-22fc-4065-8359-e3e8d961633f' is denied.

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx9	High	ProfileSynchronizationService: Provisioning TImer Job encountered an exception: System.UnauthorizedAccessException: Access to the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\MOSS-82f7f71e-22fc-4065-8359-e3e8d961633f' is denied.

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx5	Medium	Unprovisioning service instance User Profile Synchronization Service.

OWSTIMER.EXE (0x0354)	0x08E8	SharePoint Portal Server	User Profiles	erx6	Medium	The service instance User Profile Synchronization Service is successfully unprovisioned.


Any idea what this means and how to fix it?

Thanks!

  • Edited by sdfsda Tuesday, September 27, 2011 7:32 PM
September 27th, 2011 7:31pm

Looks like your Farm Admin (user running owstimer.exe) isn't a Local Administrator on the SharePoint Server.
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2011 7:32pm

restart your IIS and try again
September 27th, 2011 8:01pm

Nope, ensure it was added and re-ran, exact same errors.
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2011 8:36pm

Did this several times.

September 27th, 2011 8:36pm

how do you check that? Go to Administration > Services and check under which account owstimer service is running. Is it really farm admin account (it may be changed by someone)?

Also open regedit and check that mentioned registry key exists here.

Free Windows Admin Tool Kit Click here and download it now
September 27th, 2011 9:28pm

Make sure when you added it to Local Admins you rebooted the server in order for the security token to take effect.
September 27th, 2011 9:29pm

Yes, that's exactly how I confirmed it.  My farm admin account had not been added yet, so I did so, but still same result.  Now attempting a restart also.
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2011 9:49pm

Isn't that a security risk adding Farmadmin to the local administrators group? All documentation on installing SP 2010 clearly states that farmadmin should not be a member of local admin group.

http://technet.microsoft.com/en-us/library/ee662513.aspx

November 29th, 2011 4:16pm

It isn't a security risk per se, but it isn't best practice.  However, if you're using a SharePoint backup method to back up a UPA, the Farm Admin (Timer Service) account must remain as a Local Administrator, otherwise the UPSS will not provision properly after the backup of the UPA has completed.
Free Windows Admin Tool Kit Click here and download it now
November 29th, 2011 4:46pm

I see - good to know! They don't mention that part in this other article I found.

There they state that you can start up the UPS with Farmadmin in local admin group and then remove it from group once it's started.

http://technet.microsoft.com/en-us/library/gg750257.aspx#farmPerms

December 1st, 2011 9:36am

Try giving/Check local admin access to Server Farm account on the server where you are trying to start the Profile Sync service:

Server farm account as per https://technet.microsoft.com/en-in/library/cc263445.aspx#Section3

Server farm account

This account is also referred to as the database access account.

This account has the following properties:

  • It's the application pool identity for the SharePoint Central Administration website.

  • It's the process account for the Windows SharePoint Services Timer service.

Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2015 5:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics