Hi, In one of the environments (RTM) we support the AD has over 7000 users and wait the 10 minutes after starting the 2nd service (UPSS as per the link<http://technet.microsoft.com/en-us/library/ee721049.aspx>) we have seen the service stuck on starting at which point we reboot the server and wait for it to initialize again and it is successful (be patient).
You can monitor the progress inside the service application as it crawls the AD, when it is complete we remove the farm account from the local admin group making sure the account retains the "Log on Locally" right. Another thing to check is the permissions against AD, the link above is very good (updated Nov 18th, 2010) we have used it many times to configure UPSA. Here is a blog post regarding UPSS and a security exception in a 2003 AD environment, it is a long shot but we had a similar problem related to our FAST Search Server. http://blogs.msdn.com/b/yvan_duhamel/archive/2010/06/29/you-get-a-system-security-securityexception-when-you-try-to-start-the-fim-synchronization.aspx Wes From: [email protected] [mailto:[email protected]] On Behalf Of Aaron Saikovski Sent: Tuesday, January 18, 2011 12:21 AM To: ozMOSS Subject: RE: User Profile Sync Also one thing to note is to leave the FIM services alone. Don't try stopping or starting them manually hth Regards, Aaron Saikovski | Senior Consultant - SharePoint Technologies | Microsoft Services Australia [cid:[email protected]] ' +61 2 8817 9280 |È +61 410 480 971 | 7 +61 2 9870 2499 | Blog: http://blogs.msdn.com/aaronsaikovski<http://blogs.msdn.com/aaronsaikovski/> | Web: www.microsoft.com/australia/services<http://www.microsoft.com/australia/services> From: [email protected] [mailto:[email protected]] On Behalf Of Jason Taylor Sent: Tuesday, 18 January 2011 3:54 PM To: ozMOSS Subject: RE: User Profile Sync Hi Chris, I had so much trouble getting this working, but now have reliable sync with AD. After hitting countless errors and reading all the previously mentioned blog posts I started again and reinstalled SharePoint (luckily I used mostly PowerShell). The trick I used to properly get the services to start were this: - Add the SharePoint Farm user to local admin group - Reboot the server and login as SharePoint Farm account (I believe it needs a local profile for this user). - Start the services: o User Profile Service o User Profile Synchronization Service (this service can take a while so be patient and don't try and kill it). Remove the SharePoint Farm from local admin group. If you get an error in the event log "ILM Certificate could not be created: Cert step 2 could not be created: C:\Program Files\Microsoft Office Servers\14.0\Tools\MakeCert.exe -pe -sr LocalMachine -ss My -a sha1 -n CN="ForefrontIdentityManager" -sky exchange -pe -in "ForefrontIdentityManager" -ir localmachine -is root" then you need to delete the certificates labelled "ForefrontIdentityManager" from the Trusted Root Certification Authorities -> Certificates section. See this blog for details: http://www.cleverworkarounds.com/2010/08/15/more-user-profile-sync-in-sp2010-certificate-provisioning-issues/. Hope this helps. Cheers, Jason Taylor SAGE Automation From: [email protected]<mailto:[email protected]> [mailto:[email protected]]<mailto:[mailto:[email protected]]> On Behalf Of Chris Walsh Sent: Tuesday, 18 January 2011 2:57 PM To: ozMOSS Subject: User Profile Sync Ok, This is an email to find out if anyone has actually managed to fully deploy User Profile Sync into a "real" SP2010 farm? I've tried numerous of times, with each newer CU, each fails at a different point. I went through the great blogpost that Jeremy Thake linked to me (thanks mate) but didn't help unfortunately. I've got 4 WFE's Clustered DB servers Dedicated search Dedicated "Application Server", which hosts most of the service apps. AD Server 2008 R2 with 2003 functional level with about 12,000 AD user objects. It shouldn't be this hard. Cheers, Chris SAGE is the first and only Australian company certified to the global benchmark standards of the Control Systems Integration Association. To see how this benefits you, simply visit www.controlsys.org<http://www.controlsys.org> ________________________________ Disclaimer: The information contained in this e-mail is intended only for the use of the person(s) to whom it is addressed and may be confidential or contain legally privileged information. If you are not the intended recipient you are hereby notified that any perusal, use, distribution, copying, modification or disclosure is strictly prohibited. If you have received this e-mail in error please immediately advise us by return e-mail and delete the document without making a copy. No warranty is made that any attachments are free from viruses. It is the recipient's responsibility to establish its own protection against viruses and other damage.
<<inline: image001.png>>
_______________________________________________ ozmoss mailing list [email protected] http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
