SharePoint : User profile Sync Service Stuck at starting , at Configuring certificates step .
Seen this in couple of Scenarios where stating the UserProfile Sync service is stuck on starting as seen from Central Admin . Looking at the ULS logs filtered on Category ="User Profiles" we can see the ILM configuration step last being executed is Tag 9q1h : ILM Configuration: Configuring certificate.
ULS Log Expert
-------------------------------------
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i1s Medium UserProfileApplication.SynchronizeMIIS: Begin setup for 'UPA1'.
OWSTIMER.EXE SharePoint Portal Server User Profiles g4bo High ILM Configuration: The ValidateMiisEncryptionKey process returned True.
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i1x Medium ILMPostSetupConfiguration: ILM Configuration: Validating installation of SQL Service.
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i1y Medium ILM Configuration: Validating account.
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i20 Medium ILM Configuration: Validating the system groups
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i23 Medium ILM Configuration: Setting up WMI
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i24 Medium ILM Configuration: Setting required permissions
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i26 Medium ILM Configuration: Create install config file
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i28 Medium ILM Configuration: Update source project
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i29 Medium ILM Configuration: Changing service account credentials
OWSTIMER.EXE SharePoint Portal Server User Profiles d3bo Medium ILM Configuration: Setting policy for service account
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i2a Medium ILM Configuration: Configuring database
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i2b Medium ILM Configuration: Re-starting mms service
OWSTIMER.EXE SharePoint Portal Server User Profiles 9i2d Medium LM Configuration: Checking mms service
OWSTIMER.EXE SharePoint Portal Server User Profiles 9q1e Medium ILM Configuration: Configuring XML file
OWSTIMER.EXE SharePoint Portal Server User Profiles 9q1f Medium ILM Configuration: Checking for existing FIM database
OWSTIMER.EXE SharePoint Portal Server User Profiles 9q1h Medium ILM Configuration: Configuring certificate.
During this Step we provision the certificates used by the Forefront Identity manager . Here is how this certificate looks like .
At times due to multiple provision attempts to Sync service we may end up seeing multiple certs in the Local computer store of Certificate manager & this some times leads to sync service getting stuck at this step & the provisioning process even if retried starts & gets stuck again at this step ,
The Solution to fix this is to remove all the copies the ForeFrontIdentityManager Certificate from all the containers of Certificate Store (Local Computer). Including the Personal Store
Recycle the Sharepoint Timer Service & try to provision the User Profile Synchronization service again & you should see this move forward from that step , unless we get into other issues of Certificate creation itself.