Scenarios where User Profile Synchronization Service (UPSS) is not designed to work
This blog covers some unique scenarios where UPSS is not designed to work & also scenarios where it works only under specific conditions.
Let’s get started.
1. Single Server Farm :UPSS is not designed to start/work on a Single Server Farm
How to check this?
Check the 'ServerRole' by going to: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS"
If the 'ServerRole' says: 'SINGLESERVER' this confirms it is a Single Server Farm
2. SharePoint farm built using SQL Authentication ***
You can check on the below registry which is the 'dsn' key, this 'dsn' key will only be created when SharePoint server is connected to a farm
Got to the SharePoint Server “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure\configdb"
And look for the 'dsn' key
If the 'Integrated Security' says 'False' it means it is a SQL Authentication, for Windows Authentication the 'Integrated Security' will be 'True'
SQL Authentication:
Windows Authentication:
Refer: https://blogs.technet.com/b/sykhad-msft/archive/2011/07/29/building-sharepoint-2010-farm-using-sql-authentication-amp-its-limitations.aspx
***Installing Oct-CU-2012 for SharePoint Server 2010 helps to start User Profile Sync Service even on SharePoint 2010 Farms built using SQL Authentication ***
The fix was included in Oct-CU-2012 and above Cumulative Updates for SharePoint Server 2010
Refer- https://support.microsoft.com/kb/2687557/en-us
“Assume that you create a new User Profile Service Application (UPA), and you configure the synchronous database to use SQL authentication by setting up a SharePoint farm as an administrator. In this situation, the UPA creation is successful, but the UPA synchronization service cannot start”
3. When you have Full Fledged Forefront Identity Manager (FIM) installed on the SharePoint 2010 Server:
When you have Full Fledged Forefront Identity Manager (FIM) installed on the same SharePoint Server, where you are trying to start UPSS, ideally Full Fledged FIM should not be installed on any of the SharePoint 2010 Server as this becomes an unsupported scenario
How to check if this is installed?
§ Go to Control Panel on the SharePoint 2010 and check if that’s installed
§ Get into Services console, right click on "Forefront Identity Manager Sync Service", check the Path to executable which should ideally be:
"C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe" however in cases where FIM Client has been installed, the executable path will be shown as:
"C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe"
§ Also checked into the below registry:
"HKLM\system\currentcontrolset\services\FIMSynchronizationService", even here the ImagePath will show an incorrect path which is:
"C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe" instead of:
"C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe"
What next? How to fix this?
§ Uninstall Full Fledged FIM Client from Control Panel
§ You could try the following: correct the ImagePath of the following registry: "HKLM\system\currentcontrolset\services\FIMSynchronizationService"
from "C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe" to
"C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe"
§ This should correct the Path to executable under the Services Console for the "Forefront Identity Manager Sync Service"
Hopefully this should resolve, however I have seen cases where even after uninstalling FIM Client & modifying the above registry alone is sometimes not sufficient to start back the UPSS, that's because there are a lot of registry key entries which does not get removed when we uninstall FIM, in such cases an extensive cleanup of manual cleanup of registries is required, I would highly recommend to open up a Support Incident with us to get this fixed