[Troubleshooting] DirSync FIM Sync Service would not start
Background
After installing the Directory Synchronization Appliance, Forefront Identity Manager Synchronization Service would not start.
Troubleshooting Actions
- Attempted to start the Forefront Identity Manager Synchronization Service manually, but it would fail immediately. The Forefront Identity Manager Synchronization Service would not timeout; it would just fail immediately.
- Reviewed file and registry permissions
- Reviewed Event Log Information (Application and System Event Log)
- Examined the account that the Forefront Identity Manager Synchronization Service was running under
- In the Directory Synchronization Appliance installation, this account is created during the installation
- Tried restarting the machine
- Re-Executed the Directory Synchronization Appliance configuration wizard
- Obtained a Process Monitor (ProcMon) trace while attempting to start the Forefront Identity Manager Synchronization Service.
- Compared the trace side-by-side for a baseline Directory Synchronization Appliance
- In reviewing the Process Monitor (ProcMon) trace side-by-side with a baseline trace, we were able to determine where the process began to diverge from the baseline ("known good") configuration.
- Identified the following DLL: C:\Windows\System32\AMInit64.dll
| miiserver.exe | RegOpenKey | HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | Forefront Identity Manager Synchronization Service |
| miiserver.exe | RegQueryValue | HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs | Forefront Identity Manager Synchronization Service |
| miiserver.exe | RegQueryValue | HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs | Forefront Identity Manager Synchronization Service |
| miiserver.exe | RegQueryValue | HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CreateFile | C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\Bin\AMINIT64.DLL | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CreateFile | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CloseFile | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CreateFile | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CreateFileMapping | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CreateFileMapping | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | CloseFile | C:\Windows\System32\AMInit64.dll | Forefront Identity Manager Synchronization Service |
| miiserver.exe | RegOpenKey | HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide | Forefront Identity Manager Synchronization Service |
Cause
A quick search found that this DLL ( C:\Windows\System32\AMInit64.dll ) belongs to a 3rd Party Anti-Virus or Monitoring Software.
Resolution
- Utilized a SysInternals Tool called AutoRuns (https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx).
- AutoRuns allowed us to test deselecting this DLL to disable it. Once we unchecked the DLL, we were able to successfully start the Forefront Identity Manager Synchronization Service
- By utilizing AutoRuns, we were able to show the conflicting software that was preventing the Forefront Identity Manager Synchronization Service from starting successfully.