User Profile Synchronization Service–Hangs on Starting (fixed it!)

-
It happens a lot, and finally instead of creating a new server every time (and I have) I decided to fix the issue.  After several hundred hours of debugging.

Here is what I was getting…

image
To resolve it do the following things:
  • Stop the User Profile Synchronization Service
  • Open IIS (inetmgr)
  • Click on the server name and select Authentication
  • Selected Anonymous Authentication then choose Edit
  • Click the specific user, then enter “IUSR”
  • Add the service account to Local Admin group on the server
  • Add the service account to all the FIM groups
  • add the service account to the WSS_WSP and WSS_Admin_WPG group
  • Perform an IISRESET
  • Create a new User Profile Synchronization Service Application
  • Started the User Profile Synchronization Service

Stop the User Profile Synchronization Service
First you have to start SharePoint PowerShell
  • Go to Start
  • Microsoft SharePoint 2010 Products
  • Right click on SharePoint 2010 Management Shell
  • Choose “Run as Administrator” from the context menu
image
Type in Get-SPServiceInstance then capture the GUID of the User Profile Synchronization Service as shown below
image
Now that you have the GUID, type in Stop-SPServiceInstance as shown below…
image
Now your service is stopped…
image
…But we are not yet out of the woods…  We have a lot left to go…
Open IIS (inetmgr)
Go to:
  • Start
  • Type in “inetmgr
Click on the server name and select Authentication
Click on your server host name, then double click Authentication
image

Selected Anonymous Authentication then choose Edit
Click on Anonymous Authentication then click Edit…
image

Click the specific user, then enter “IUSR”
Add IUSR to the specific user account
image

Add the service account to Local Admin group on the server
Go to:
  • Start type in “compmgmt.msc
  • Go to Local Users and Groups
  • Go to Groups
  • Double Click Administrators
image

Add the service account to your computer
image
Click “OK” then keep the Computer Management window open

Add the service account to all the FIM groups
Do the exact same to all of the FIM groups as you did above
image

Add the service account to the WSS_WSP and WSS_Admin_WPG group
Again, do the same as you did above but for all the WSS_WSP and WSS_Admin_WPG groups
image

Perform an IISRESET
Go to:
  • Start
  • Type in “cmd
  • In the command shell type in “IISRESET”

    Create a new User Profile Synchronization Service Application
    image 
    Choose User Profile Service Application
image
Add the following fields (I added 2 to any of the database table names as shown below)
image
Click Create
Perform an IISReset
Make sure you can get to this new application with out errors.  It is very important that you can access this and that you know you can at this point.  If you can not, then you will have to do further trouble shooting…
image

Note: If still unable to get to the User Profile Application…
If you are still unable to get to the User Profile Application service, you will want to check one more thing. That is to ensure that your WCF services are still running in IIS Manager, you will need to make sure the site has been started
image
Perform another IISReset then try again.

Open ULS Log Viewer to get ready…
At this point in time, you will want to be ready to start tracing the User Profiles logs…
In ULS Log Viewer, right click on the log area and choose Filter by Item.  Then choose Category and type in “User Profiles”.  This will allow you to filter out only what you need at this point.
image

Started the User Profile Synchronization Service
Now you must restart your service with the new user profile synchronization service application that you just created.
  • Navigate to Central Admin again
  • Under System Settings, choose Manage Services on Server
image
  • Click on Start under User Profile Synchronization Service
    • image 
  • Enter your system account’s password twice
  • Click OK
image
  • Now in the ULS Log Viewer you will notice the following, this is good, it is rebuilding the FIM configuration (formally called ILM, but SharePoint never updated the name)
image
And if you did everything correctly then you should see everything running as it needs to be:
image

Don’t forget to configure your MySite information in the new User Profile Service Application you created.  You will need to re-run all of your profile synchronization.

Happy SharePointing.  :)

Comments

Post a Comment

Popular posts from this blog

How to Improve Workflow Performance in SharePoint Server 2010

-
Image
How to Improve Workflow Performance in SharePoint Server 2010 SharePoint workflows are getting  slow for several reasons. in my environment I'm having a problem with following performance issues, therefore in my environment i got following problems. When a item added to the library it takes some times to initiate the workflow. Workflow mail generating is not very fast sometimes. Workflows takes more time to process “Due to heavy load, the latest workflow operation has been queued. It will attempt to resume at a later time” is coming sometimes. I had a custom workflow approval web part and it is taking more than 30 seconds to proceed. Work Done I had a custom workflow approval web part and it is taking more than 30 seconds to proceed. here in my custom web part there is the function which is programmatically updating the workflow. SPWorkflowTask.AlterTask(item, data, false) the last parameter mentioning whether it is synchronous asynchronous. if  is it ...
Read more

PowerShell Script to Check and Generate Report on Access Rights for a Specific User:

-
Requirement: To ensure security, generate permissions report on all locations like (sites, lists, etc.) where a specific user has permissions. When people moving from one role to another, Its necessary to audit their permissions on sites and lists where user has access rights. But unfortunately, There is no out of the box ways to find all sites and lists where a particular user has been granted access in SharePoint with out using third party tools. Luckily, We've PowerShell! Lets find all SharePoint sites and lists where a particular user has access rights. PowerShell Script to Check and Generate Report on Access Rights for a Specific User: With this script, you can analyze and track the security effectively check what permissions on an account has been granted on each all places in SharePoint. This PowerShell script scans these areas to to retrieve a specific user's access rights: •Farm Administrator's Group •Central Administration Web Application Polici...
Read more

Disable Loopbackcheck using PowerShell

-
Disable Loopback Check Powershell To disable Loopback check run the following cmd on the (each) SharePoint server from a SharePoint PowerShell prompt (run as administrator): New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword
Read more