SharePoint Dev Center >
Unable to start Profile Synchronization Service

Answered Unable to start Profile Synchronization Service

  • Friday, July 23, 2010 4:46 PM
     
     
    Sign In to Vote
    0

    I get these exceptions in ULS log.

    The service instance User Profile Synchronization Service is successfully provisioned.

    Exception trying to write the dbName regkey for MIIS System.Security.SecurityException: Requested registry access is not allowed.     at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)     at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance)  The Zone of the assembly that failed was:  MyComputer

    ProfileSynchronizationService: Provisioning TImer Job encountered an exception: System.Security.SecurityException: Requested registry access is not allowed.     at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)     at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance)     at Microsoft.Office.Server.Administration.ProfileSynchronizationSetupJob.Execute(SPJobState state)  The Zone of the assembly that failed was:  MyComputer

    Unprovisioning service instance User Profile Synchronization Service.

    We have 1 App server,1 WFE,1 Index, 1 Data base servers with Windows 2008 R2.

    Thank you, Anil
     

All Replies

  • Friday, July 23, 2010 6:25 PM
     
     Answered
    Sign In to Vote
    0

    I posted a bunch of stuff here. http://msmvps.com/blogs/shane/archive/2010/07/09/configuring-profile-import-in-sharepoint-2010.aspx 

    Shane

     
  • Saturday, July 24, 2010 2:59 PM
     
     
    Sign In to Vote
    0

     

    I was able start synchronization, but it failed to import user profiles. 

    The management agent "MOSSAD-[SYNCHRONIZATION CONNECTION NAME]" failed on run profile "DS_DELTAIMPORT" because of connectivity issues.

    failed on run profile "DS_FULLIMPORT" because of connectivity issues

    Thank you, Anil
     
  • Saturday, July 31, 2010 7:49 AM
    Moderator
     
     
    Sign In to Vote
    0

    Seems don't have the replicate directory change permission:

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/2dafa806-51ec-4ab5-9372-ef580f4dd246

    http://technet.microsoft.com/en-us/library/ee721049.aspx

     
  • Saturday, July 31, 2010 1:47 PM
     
     
    Sign In to Vote
    0

    from your relpy 

    "According to http://blogs.msdn.com/b/russmax/archive/2010/03/20/sharepoint-2010-provisioning-user-profile-synchronization.aspx, in a multi domain scenario where a root domain and child domain exists, if users reside solely in the child domain, then the only requirement is to grant the dir sync account replicate directory changes permission on the child domain NC. The dir sync account requires “no” permission within the root domain in order to successfully sync to\from the child domain."

    But we have only one domain. Does it require "replicate directory change" permission?


    Thank you, Anil
     
  • Saturday, April 07, 2012 8:40 PM
     
     
    Sign In to Vote
    0

    For the profile synchronization to work, our service account which is being used by UPS should have the “Replicate Directory Changes” permission on a domain.

    This rights for query changes in the directory. This permission does not allow an account to make any changes in the directory. Refer: http://technet.microsoft.com/en-us/library/hh296982.aspx#RDCdomain


    So, Here are the steps to fix:

    Open the Active Directory Users and Computers snap-in

    1. On the View menu, click Advanced Features.
    2. Right-click the domain object, such as “company.com”, and then click Properties.
    3. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
    4. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
    5. Click OK to return to the Properties dialog box.
    6. Click the desired user account.
    7. Click to select the "Replicating Directory Changes" check box from the list.
    8. Click Apply, and then click OK.

    After that, start UPS full import again, and the issue will get fixed!

    More info: http://salaudeen.blogspot.com/2011/10/user-profile-sync-not-importing-ad.html

     
  • Thursday, June 28, 2012 3:54 PM
     
     
    Sign In to Vote
    0

    I am in a similar position, however we have the correct permissions for our service account for Replicate Directory Permissions and farm account is in the local adminsitrators group. Both services start but when I go to add the Configure Sync Connections, and query for containers it just hangs with a greyed out box and nothing happens.  I installed SP1 and latest CU then attempted to increase the timeout settings to no avail.  Our domain enviroment is kind of unique as we have a parent domain and many child domains. The child domains do not have permissions to one another.  Has anyone encountered a scenario like this? We have been working on this for weeks and about to contact Microsoft for support.