User profile synchronization service not starting in SharePoint 2013
User profile synchronization service not starting in SharePoint 2013 was a mess and it took me more than two hours to figure out that why i was not able to start the user profile synchronization service for Microsoft SharePoint 2013. This service is required to get the users from Active Directory and other sources. Every change in the SharePoint Central Administration almost gave me a new error. Most of these errors were descriptive but not very much to understand the issue clearly. Few of these errors are listed below:
- The server encountered an unexpected error and stopped. “BAIL: MMS(5960): sql.cpp(8490): 0x80231334 (The sql connection string has unsupported values.)
- The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID 6f756e35-1875-494e-8337-ac64e966ba8d) threw an exception. More information is included below. Operation is not valid due to the current state of the object.
- The Execute method of job definition. Microsoft.Office.Server.Search.Administration.CustomDictionaryDeploymentJobDefinition (ID 42f4fa8a-d221-4fe5-86d6-79ae38e1913d) threw an exception.
- Windows could not start the forefront identity manager synchronization services on local computer
-
FIM2013 Troubleshooting: FIM Sync service terminated with service-specific error %%-2146234334.
I think its enough for the errors part, now Lets discuss the solution of this problem.
- Make sure user profile synchronization user is the member of farm administrator group
- Make sure your user is the part of local system administrator group
- Restart the timer service (suggest by a valued user)
- Make sure that you have Delegated active directory replication with general permissions all to the user.
- To make these changes, go to active directory server and follow under given instructions
- Open ADSI edit
- Connect the active directory server
- Right click and go to settings
- “select a well known naming context” and select the configuration from the drop down
- Expand the configuration and right click on it, go to properties and select the security tab
- Add the user profile synchronization user in the security
- Make sure that user is having Read and Replicate Directory Changes permission.
- Change the logon user of the above two services to user profile synchronization user
- Go to SharePoint Central Administration and then go to Application Management and then go to Manage Service Application
- Click the User Profile Service Application section and go to permission and add the user profile synchronization user.
- Add the user profile synchronization user in the administrators also
- Give full permission to the newly added user.
Go back to application management and go to Services on Server and start the service again.
After starting the services schedule a full synchronization and you will be good to go.
If this article helped you, please share it with your friends on FaceBook
When i click on the User Profile Service Application , it takes me to some page … and don’t have time to click on the ribbon actions
Click on the bar next to the service, not directly on the link.
After step 2 – add another step to restart the timer service.
Upon going to UPS service and selecting my user profile application, the account it wants to use is the farm account. I have created a svc account with restricted access to AD for the sync, but am not allowed to select that account. When i attempt to run the sync with the farm account it just hangs and never completes. Please advise on where i might have missed something that wouldn’t allow me to change this option?
Thanks you
Can you please follow the post and make sure you are fulfilling the following?
Make sure user profile synchronization user is the member of farm administrator group
Make sure your user is the part of local system administrator group
Restart the timer service (suggest by a valued user)
Make sure that you have Delegated active directory replication with general permissions all to the user.
Make sure that user is having Read and Replicate Directory Changes permission.
Change the logon user of the two services given in the picture of the post to user profile synchronization user.
I hope this will help. in my opinion, you should not configure the share point with restricted user access because it needs to access many things from active directory
When clicking on the “Start” UPS service i cannot select the account that was created that has access to AD for the sync. It has my farm account which is greyed out, what step did i miss to allow this change?