Who's Online
12 visitors online now
2 guests, 10 bots, 0 members
Support my Sponsor

User Profile Synchronization Service Gets Stuck on Starting SharePoint 2010 \ 2013

For some reason once you provision the User Profile Service Application the User Profile Synchronization Service gets stuck on Starting, and it can’t be stopped in Central Administration. After some research on User Profile Synchronization service I found that when we Start the UPA sync service in “Services on Server” a series of tasks executes which includes Forefront Identity Manager setup. It means setting up windows services, certificates, installing database schemas, registry changes, etc. If it ails at any stage, it will try again nearly 15 times and shows failure after 15 attempt. This is the reason it appears to be “stuck” when in fact its attempting each of the runs. After around 20 to 45 minutes the status will return to Stopped, and you can attempt to start it again.

Observed that some try to reboot the server to get rid of this issue, but it still remain as “Starting” even after reboots. Now this is not a good sign because apparently a very common issue and I have even heard of people re-building SharePoint Servers to fix the issue. Here you might loss data \ settings configuered in UPA if you have to recreate UPA.

Below steps will help you start the UPA service which was stuck on starting which was working fine previously but if its a new setup then I would recemmond you to try create a new UPA service and try below.
Some cause and solutin to this issue
1. Permissions issues:
Incorrect Permissions are most known cause of “Stuck on Starting” behaviour. There is no work around for same. If you don’t set the permissions correctly things won’t work, pretty simple.

We need two accounts to configure UPS Service viz. UPS Service Instance Service Identity which run the FIM services (It is also Farm Account) and Synchronization Connection account, this is the account which actually performs the sync.

You must run the UPS Service Instance as the Farm Account. Just because its possible to change the service identity in Manage Service Accounts, doesn’t mean it will work, and more importantly it is unsupported. So don’t change it.
Next, the Farm Account must be a local administrator of the machine running the UPS Service Instance during provisioning only. When we hit Start in Services in Server a series of tasks are run, which are akin to running the second stage of the Forefront Identity Manager setup. Many of these tasks require local machine administrator rights. You must grant this right before hitting start, and more importantly they must be applied. As the Farm Account is running services on your box (SPTimerV4 and the Central Admin app pool) we must simulate a log off and log on for the change in rights to be applied. You can do this by restarting SPTimerV4, or better yet, rebooting the machine. Once UPS is provisioned you can remove the Farm Account from the local administrators group.

Note: Any event in your farm that requires the UPS service instance to be provisioned will require the Farm Account be a local admin. Such events include the re provisioning of the service instance following the deployment of a SharePoint Cumulative Update and performing a Farm Backup from Central Administration (which stops and starts the UPS service instance). Don’t forget to ensure that the correct rights are assigned (and actually taking effect) when planning and scheduling your farm operational maintenance tasks.

Farm Account must have Log on Locally rights on the machine running the UPS Service Instance. Now be careful, you may think the account has these rights, and it will do if you made it a local administrator. However once you remove the admin rights, you may not have Log On Locally. If you don’t various operations will fail.

Very importantly make sure that Synchronization Connection Account must have Replicating Directory Changes on the Domain you are syncing with. It is the only way sync will work. It’s a hard requirement. Despite the scary name the Replicating Directory Changes permission makes zero changes to AD. It provides a change log capability, which improves the speed of operations such as Sync.

If you are syncing with a Windows Server 2003 functional level domain, the Synchronization Connection Account must be a member of the Pre-Windows 2000 Compatible Access group.

If you wish to do an Export, the Synchronization Connection account must have Create Child Objects and Write permissions on the OUs you are syncing with. Watch out for a common gotcha, that these rights are set on the container level only, you must ensure that This object and all descendants is selected.
2. SQL server 2014:
Environment : If you are using SQL 2014 with SharePoint 2013 or SharePoint 2010

Error : The Open Procedure for service “WmiApRpl” in DLL “C:\Windows\system32\wbem\wmiaprpl.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code

Performance counters for the FIMSynchronizationService (Forefront Identity Manager Synchronization Service) service are already in the registry, no need to reinstall. This only happens when you install the same counter twice. The second time install will generate this event.

Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code

Solution :
The issue can be resolved by downloading any of the CU updates from April 2014 CU and running PSConfig. Once the CU has been deployed, go through the usual process of starting User Profile Synchronization Service from Central Admin. The issue arises due to the use of SQL 2014

Note: I always recemmond you to install latest updates on all sharepoint servers
3. Environment : SharePoint 2010
Error : Attempting to Manage the UPA, you receive an error, Not Found, Correlation ID: [guid], or Could not load file or assembly ‘Microsoft.ResourceManagement’

Try below updates to resolve the issue
KB2281364 ( Description of the SharePoint Server 2010 hotfix package (wosrv-x-none.msp, pplwfe-x-none.msp, osrv-x-none.msp): July 21, 2010)

KB983497 ( Description of the SharePoint Server 2010 hotfix package (Osrchwfe-x-none.msp;Pplwfe-x-none.msp;Spswfe-x-none.msp): June 29, 2010 )

Note: I always recemmond you to install latest updates on all sharepoint servers
4. If you are not able to resolve the issue and you want to create a new uPA service, Try to stop the User Profile Synchronization Service you need to run a Powershell Command.

a. Open up Powershell on your SharePoint Server and type in the following command

b. This will list out all of the services on your SharePoint Server with their associated GUID’s. Copy the GUID for the User Profile Synchronization Service.

c. Then run the following command to stop the User Profile Synchronization Service.

Stop-spserviceinstance <GUID>

d. Now go back into Central Administration > Application Management > Manage Service Applications and delete the User Profile Service Application.

e. Restart your server and set up the User Profile Service Application again.

Leave a Reply