User Profile Stuck on Starting

Hi! Recently I came across this issue provisioning the User Profile Service Application.

I followed the procedure as always, first start services, créate User Profile Service App and finally Starting User Profile Sync Service. But with this last step, the User Profile Sync stuck on “Starting” and hangs several hours. So I will explain the procedure I followed to solve this problem.

If the User Profile Service Synchronisation Service is stuck on ‘Starting’:

1. Run SharePoint Management Shell as a farm administrator.
2. Type: stop-spserviceinstance | where { $_.typename -eq “user profile synchronization service” }
3. The User Profile Synchronization service status should now be ‘Stopped’ or ‘Disabled’.
4. Ensure you have the service “User Profile Service” running in the “Services on Server” on the intended server running UPS.
5. Ensure BEFORE you start the “User Profile Synchronization Service”, go into the servers Services and set “Forefront Identity Manager Service” and “Forefront Identity Manager Synchronization Service” startup type to “Disabled” and Log On as “Local System Account” (these will get setup to the proper values later on – just trust me).

Check the Certificates store on the server that runs the User Profile Synchronization Service and delete all the ForefrontIdentityManager certificates.

1. Start -> Run -> mmc
2. File -> Add / Remove Snap-in
3. Select Certificates -> Computer Account -> Finish -> Local Computer -> Finish -> OK
4. Expand Certificates -> Personal -> Certificates
5. Delete all ForefrontIdentityManager certificates (if you have tried to provision the UPS unsuccessfully several times, you will see more than one certificate).
6. Expand Certificates -> Trusted Root Certification Authorities -> Certificates
7. Delete all ForefrontIdentityManager certificates (if you have tried to provision the UPS unsuccessfully several times, you will see more than one certificate).

Check Central Administration for the ProfileSynchronizationSetupJob and delete any running jobs.

1. Go to Central Administration -> Monitoring
2. Delete the job.

Add the service account to Local Admin group on the server

Go to:

• Start type in “compmgmt.msc”
• Go to Local Users and Groups
• Go to Groups
• Double Click Administrators

Add the service account to the group

Add the service account to all the FIM groups

Do the exact same to all of the FIM groups as you did above

And BANG! adding my service account to this groups I was able to start the User Profile Sync Service and create a new connection.

Hope it helps someone!

Advertisement