Tuesday, August 03, 2010

Issues with starting User Profile Synchronization Service.

Here are some of the issues I faced trying to start the User profile synchronization Service in SharePoint 2010:
1. Exception trying to write the dbName regkey for MIIS System.Security.SecurityException: Requested registry access is not allowed
To solve this error add the farm admin user to the local administrator group on the server on which the service is being started.

2. "The trust relationship between this workstation and the primary domain failed." when trying to start the User profile synchronization service.
The farm admin account needs to be given "Replicating Directory Changes" permission for the domain. Knowledge base 303972 provides the steps needed to grant "Replicating Directory Changes" permission. I am including the steps below from the above knowledge base.

Setting permissions by using the ACL editor

  1. Open the Active Directory Users and Computers snap-in
  2. On the View menu, click Advanced Features.
  3. Right-click the domain object, such as "company.com", and then click Properties.
  4. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
  5. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
  6. Click OK to return to the Properties dialog box.
  7. Click the desired user account.
  8. Click to select the Replicating Directory Changes check box from the list.
  9. Click Apply, and then click OK.
  10. Close the snap-in.
Have a look at http://msmvps.com/blogs/shane/archive/2010/07/09/configuring-profile-import-in-sharepoint-2010.aspx, this covers the setup steps in detail.

No comments: