I've been following Spence Harbar's Rational guide to UPS installs, but am unable to get past the Sync service stuck on starting. A few items of note:

1. This system had UPS provisioned and working correctly; at some point, UPS broke, so I removed and started to re-provision.

2.  I re-set the 2 FIM services to use Local Login.  Then, when I try to provision UPS, the login is never changed to the farm account.

3. If I manually change the FIM services to login with the farm account, I get Event ID 3, 6, 3, 26, 2, and 3:

.Net SqlClient Data Provider: 18456 :  : System.Data.SqlClient.SqlException: Login failed for user ''.
   at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(SqlConnection connection)

For some reason, FIM never seems to use the farm account; I can see the corresponding event in SQL:
login failed for user ''. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: <local machine>] Error 18456 State 58

Not sure what to do?

Thanks,

Chad

Is the farm account a local administrator on the machine that runs the UPS?

Jason,

Yes, and has local login rights on the GPO.

Thank you,

Chad

Hi Chad,

For this issue, I recommend to set 2 FIM services to start automatically at boot time after a delay by reconfiguring the startup type of both services and Automatic (Delayed Start), then check the results.

Here is a similar thread for your reference:

http://blog.mediawhole.com/2010/09/forefront-identity-manager-service.html

Best regards.

Victoria

Victoria,

Thank you, I tried that but still get the Event ID 3, 6, 3, 26, 2, and 3 errors.  For what it's worth, even though I have the farm admin credentials in the two FIM services, the Event 3 error indicates that no credentials are being passed?

"Net SqlClient Data Provider: 18456 :  : System.Data.SqlClient.SqlException: Login failed for user ''.

And then this in the SQL log: "essage
Login failed for user ''. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: <local machine>]"
 

I'm also getting this error:

The server encountered an unexpected error and stopped.
 
 "BAIL: MMS(3260): sql.cpp(252): 0x80040e4d
BAIL: MMS(3260): storeimp.cpp(234): 0x80040e4d
ERR: MMS(3260): server.cpp(373): Failed to connect to the database  on Server
BAIL: MMS(3260): server.cpp(374): 0x8023043f (Service start up has failed.  A connection to SQL Server could not be established because of an authentication failure.)

Hi Chad,

From the error message, it seems that your farm account cannot login to SQL Server Databases.

I recommend to verify the things below:

1. Whether the SQL Server is installed in a domain joined member?
2. Manually login to SQL Server with the farm administrator from the SQL Server Management studio.

Best regards.

Victoria

Victoria,

1. Yes, the SQL is on the domain (actually, this is a development server, so SQL is installed on the same server as SharePoint).

2. I am able to manually log into SSMS with the farm admin account.

Thank you,

Chad

Can you remove the old databases related to UPS, and double check that farm have dbcreator and secadmin in SQL Server. Then re-create UPS/UPA?

Also check so you dont have the old FIM certificates on the server before starting the service.

Hi Chad,

Thank you for your question.

We are currently looking into this issue and will give you an update as soon as possible.
Thank you for your understanding and support.

Best regards,

Victoria

Simon,

1. I've deleted the UPS dbs a number of times, have tried keeping them, nothing seems to work.

2.  I've been using SharePointBjorn's script to delete/cleanup UPS: http://sharepointbjorn.com/2014/06/25/user-profile-synchronization-autofixer/

Thank you for your help,

Chad

 

If you start ULSViewer and filter on User Profile and start the service again, what error do you get? 

Simon,

At UPS creation I got:

1. UserProfileLocalizationInstaller error: DisplayName, ProfileDBLoc_Property_MobileDetails, .

2. UserProfileLocalizationInstaller.Install (END)

3. User Profile Application 'UPS' installation complete.

Started the UPS services per Harbar, so these are next:

4. got a number of these -----  User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: UserProfileApplicationNotAvailableException_Logging :: UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does not have

5. UserProfile.UpdatePersonalSiteCapabilities Updating value for user: domain\farm account value: Guest

What's possibly interesting, I did multiple IIS resets, SPAdminV4 and Timer service restarts and no FIM errors.  Restart of Server and no FIM errors.  And, if I click on "Start Profile Synchronization" or "Manage User Profiles" I do NOT get the 'User Profile Sync service is not started' so I went ahead and created an AD import, which seems to have worked this time.

FIM services are set to Disabled.

After I had it do a Full sync, I got this in the ULS: "UserProfileADImportJob: Completed Data Import." And I'm able to look up user profile properties.

With User Prof Sync Status, I see Idle, but it is not hyperlinked to the log.

However, if I check Services on Server, the User Profile Sync Service is stuck on "Starting"

My sense is that UPS sync is working, kinda.  But UPS Sync stuck at "Starting" is not entirely reassuring.

Chad

• Edited by UNM Law School 13 hours 48 minutes ago

Simon,

At UPS creation I got:

1. UserProfileLocalizationInstaller error: DisplayName, ProfileDBLoc_Property_MobileDetails, .

2. UserProfileLocalizationInstaller.Install (END)

3. User Profile Application 'UPS' installation complete.

Started the UPS services per Harbar, so these are next:

4. got a number of these -----  User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: UserProfileApplicationNotAvailableException_Logging :: UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does not have

5. UserProfile.UpdatePersonalSiteCapabilities Updating value for user: domain\farm account value: Guest

What's possibly interesting, I did multiple IIS resets, SPAdminV4 and Timer service restarts and no FIM errors.  Restart of Server and no FIM errors.  And, if I click on "Start Profile Synchronization" or "Manage User Profiles" I do NOT get the 'User Profile Sync service is not started' so I went ahead and created an AD import, which seems to have worked this time.

FIM services are set to Disabled.

After I had it do a Full sync, I got this in the ULS: "UserProfileADImportJob: Completed Data Import." And I'm able to look up user profile properties.

With User Prof Sync Status, I see Idle, but it is not hyperlinked to the log.

However, if I check Services on Server, the User Profile Sync Service is stuck on "Starting"

My sense is that UPS sync is working, kinda.  But UPS Sync stuck at "Starting" is not entirely reassuring.

Chad

• Edited by UNM Law School Friday, March 27, 2015 5:48 PM

Simon,

At UPS creation I got:

1. UserProfileLocalizationInstaller error: DisplayName, ProfileDBLoc_Property_MobileDetails, .

2. UserProfileLocalizationInstaller.Install (END)

3. User Profile Application 'UPS' installation complete.

Started the UPS services per Harbar, so these are next:

4. got a number of these -----  User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: UserProfileApplicationNotAvailableException_Logging :: UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does not have

5. UserProfile.UpdatePersonalSiteCapabilities Updating value for user: domain\farm account value: Guest

What's possibly interesting, I did multiple IIS resets, SPAdminV4 and Timer service restarts and no FIM errors.  Restart of Server and no FIM errors.  And, if I click on "Start Profile Synchronization" or "Manage User Profiles" I do NOT get the 'User Profile Sync service is not started' so I went ahead and created an AD import, which seems to have worked this time.

FIM services are set to Disabled.

After I had it do a Full sync, I got this in the ULS: "UserProfileADImportJob: Completed Data Import." And I'm able to look up user profile properties.

With User Prof Sync Status, I see Idle, but it is not hyperlinked to the log.

However, if I check Services on Server, the User Profile Sync Service is stuck on "Starting"

My sense is that UPS sync is working, kinda.  But UPS Sync stuck at "Starting" is not entirely reassuring.

Chad

• Edited by UNM Law School Friday, March 27, 2015 5:48 PM

Victoria,

FWIW, the February 2015 CU's that were included in Windows Update were (inadvertently) applied to this system.  Could they be responsible for the UPS issue?  Otherwise, if you have another CU that you think might fix this issue, I'm open to applying it.

Thank you,

Chad

Did you re-provision it after the update or you cant do that? http://www.harbar.net/articles/sp2010ups2.aspx#ups9

Simon,

I've removed/unprovisioned UPS multiple times since the CU's got applied.  Today, I was removing the UPS, and I got stuck with the UPS service (not sync) stuck in 'Unprovisioning.'  stop-spserviceinstance in powershell was having no affect stopping it, so I tried stsadm (a variation on this https://delacruzr.wordpress.com/2014/06/03/user-profile-synchronization-service-stuck-in-stopping/)

Fortunately, that did stop UPS.  So, restarted, created a new UPS.  No errors in ULS or on SQL.  Waited 30 minutes, got a number of these errors: User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException

After 30 minutes, I did an IISRESET, about the only error to speak of so far is this: [Forced due to logging gap, cached @ 03/31/2015 11:58:43.81, Original Level: Verbose] GetPartitionPropertiesCache :: Found existing cache in httpcontext

I've been holding tight for 2 hours now, not restarting anything, the only thing ULS shows now is this at 1 minute intervals: UserProfileDBCache.GetChangedDBItemsPrimaryKeys: m_AllPropertyIDs =

In CA, the UPS Sync still shows starting.  I figure I'm just going to let the server sit for a day, no restarts, no interaction whatsoever, then restart it tomorrow and I'll report the results here.

Thank you for checking back,

Chad

• Edited by UNM Law School 11 hours 39 minutes ago

Ok, so I figured after 3 hours whatever could happen, would have, so here's what I've got:

• checked certificates, no Forefront certs at all are present on server
• get-spserviceinstance shows UPS provisioning, so I ran stop-serviceinstance, UPS went to 'unprovisioning'
• nothing of note in the ULS, but I did get this in the Event view: "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205."  I am using a makecert generated SSL cert for CA on this system, not sure if this is spurious or applicable to the issue.
• restarted timer service, iisreset
• stopped UPS Sync with stsadm stop servicetype
• UPS sync shows stopped in CA
• restarted timer service
• restarting UPS Sync from CA, prompted for farm password
• got this in the ULS User Profile Application: SynchronizeMIIS encounters an exception: System.NullReferenceException: Object reference not set to an instance of an object.    
   at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.<>c__DisplayClass2.<IsTimerJobRunning>b__1()    
   at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()    
   at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)    
   at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)    
   at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)    
   at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.IsTimerJobRunning(UserProfileApplicationJob timerJob)    
   at Microsoft.Office.Server.Administration.UserProfileApplication.SynchronizeMIIS()    
   at Microsoft.Office.Server.Administration.ILMProfileSynchronizationJob.Execute()

I have the 2008 and 2012 native clients applied, but this seems like this might be the issue:

https://social.technet.microsoft.com/Forums/systemcenter/en-US/60d1a022-6fb6-43f3-af78-cfd3e88e9bdb/cant-start-user-profile-sync-service?forum=sharepointadmin

Like some of the posters, I'm not sure what profile folder or file is referred to, as I have no profile.ps1 file in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\CONFIG\POWERSHELL   ?

It seems this is the most useful error:

User Profile Application: SynchronizeMIIS encounters an exception: System.NullReferenceException: Object reference not set to an instance of an object.    
 at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.<>c__DisplayClass2.<

In this link (https://social.technet.microsoft.com/Forums/systemcenter/en-US/60d1a022-6fb6-43f3-af78-cfd3e88e9bdb/cant-start-user-profile-sync-service?forum=sharepointadmin), it's not clear just what folder or file needs to be moved?

Simon,

I've removed/unprovisioned UPS multiple times since the CU's got applied.  Today, I was removing the UPS, and I got stuck with the UPS service (not sync) stuck in 'Unprovisioning.'  stop-spserviceinstance in powershell was having no affect stopping it, so I tried stsadm (a variation on this https://delacruzr.wordpress.com/2014/06/03/user-profile-synchronization-service-stuck-in-stopping/)

Fortunately, that did stop UPS.  So, restarted, created a new UPS.  No errors in ULS or on SQL.  Waited 30 minutes, got a number of these errors: User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException

After 30 minutes, I did an IISRESET, about the only error to speak of so far is this: [Forced due to logging gap, cached @ 03/31/2015 11:58:43.81, Original Level: Verbose] GetPartitionPropertiesCache :: Found existing cache in httpcontext

I've been holding tight for 2 hours now, not restarting anything, the only thing ULS shows now is this at 1 minute intervals: UserProfileDBCache.GetChangedDBItemsPrimaryKeys: m_AllPropertyIDs =

In CA, the UPS Sync still shows starting.  I figure I'm just going to let the server sit for a day, no restarts, no interaction whatsoever, then restart it tomorrow and I'll report the results here.

Thank you for checking back,

Chad

• Edited by UNM Law School Tuesday, March 31, 2015 7:54 PM

Sorry Chad, but I didnt find the profile either when I had problem with UPS.

See if this chart can help your troubleshooting.

If I was you, I would have start from scratch, remove old databases, certs etc. Then have ULSViewer running from start with filter Category = User Profiles 
Look for "ILM Configuration" and see which the last one are before the UPSS become stuck.

I hope this help somewhat. 

Simon

Simon,

Thank you for sticking with this - I think I'm going to take this to MS Support.  It's probably just as easy to nuke and pave, but I really want to get to the bottom of what hosed UPS.  I deliberately kept this system clean of custom code and anything exotic, so why the UPS (and also the built-in SharePoint backup and restore function) on this system broke is perplexing, and I want to avoid it in future builds.

I'll report back on this thread what the final resolution ends up being.

Chad

Good luck!

Simon

An update on the ongoing work with MS support:

1. On the support site, after selecting UPS as the issue, it ran a slick utility that scanned for things like the SQL 2008 and 2012 Clients being installed on the server.  It ran for a bit, and seemed to be highly customized for UPS issues.  I wish it was available online.
   
2. UPS isn't fixed yet, but it appears that a stuck One-Time timer job that was supposed to handle password changes for the farm account hung, and basically scores of one-time jobs queued up behind it.  The technician deleted ALL one-time timer jobs.
3. He ran into the same issue that many of us have with powershell not being able to stop UPS, so used STSADM

I'll update as I know more on this issue.

Can you check the permissions on the Sync database to make sure the Farm Admin has dbo rights? Also, only the SQL 2008 R2 native client is supported for SharePoint.

Trevor,
1. Farm Admin has dbo rights to Sync
2. This system had both the 2008 and 2012 Native clients installed when UPS provisioned and worked a year ago.  What's also odd, the Microsoft diagnostic seemed to be checking to ensure both clients were installed (it ran rather quickly, so I'm not absolute on this).  In any case, the MS tech has not flagged the clients as being at issue, so I don't think they're preventing re-provisioning.

Thank you,
Chad