Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 23, 2018 2:49 PM
Hello.
Recently, our FIM synchronization service has stopped running. I noticed this when our user profile synchronization job was failing. Digging through the logs, I see "generic error". When I look into the event viewer, I see
The server encryption keys could not be accessed.
User Action
Verify that the service account has permissions to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service
If the problem persists, run setup and restore the encryption keys from backup.
If I try to start the FIM synchronization service manually, I see the error above. I have verified
Farm account has rights to user profile databases
Farm account is member of local administrators group
Farm account has full permissions to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service
Farm account password has not changed
Rebooted server
None of that has worked.
Any ideas?
Thanks
All replies (3)
Monday, March 26, 2018 7:05 AM âś…Answered
Hi,
Do your use Farm account as the service account?
If not, try to give your service account "replication services" permission and add it to the local administrators group. Also make sure if the service account has the permission in the user profile Database.
Try to stop user profile synchronization service and rre-start the User profile synchronization service. Then chech the result.
Also check if the method in below article is useful to you:
Best regards,
Allen Bai
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Monday, April 2, 2018 9:16 AM
Hi,
How are things going?
Best regards,
Allen Bai
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Thursday, April 19, 2018 1:50 PM
Hi Allen.
Sorry for the delay. Abandoning and creating a new key set seemed to work. I can start the FIM synchronization service now.
Unfortunately, I don't think our users in AD are synchronizing properly in SharePoint. I'm digging into that.
I'll mark your post as the answer.
Thanks