.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Kaviya Balasubramanian
Imran Ghani
Post New Web Links

Change Service Account for User Profile Service application

Posted By:      Posted Date: October 20, 2010    Points: 0   Category :SharePoint
 

Hi,

I change service account for user profile service application from spfarm to spservice . and then FIM Synchronization Service is stopped and i found this error in event viewer.

"The server encryption keys could not be accessed.

User Action

Verify that the service account has permissions to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service

If the problem persists, run setup and restore the encryption keys from backup."

But i tried to set the permission for spservice in registry. Still can't start the FIM Synchronization Service and also the log on as "Account" is changed to spservice .

When I change to spfarm for User Profile Service Application, it is working fine.

Please advise me that what do i need to configure for spservice ?

Thanks.


kmhsad


View Complete Post


More Related Resource Links

User Profile Service account Write to AD Permissions

  
I followed this guide here (http://www.harbar.net/articles/sp2010ups.aspx) to provision the UPS service in sharepoint 2010. I found the guide very helpful and informative. Everything is working correctly except for the write back to AD I've followed the steps and have assigned the listed permissions to the UPS service account, however I still get permissiong errors in the FIM GUI Our AD is running in a 2008 environment but is in 2003 mode, so I made sure to add the UPS account to Pre Windows 2000 Compatible access built in group and restart the server so that the new group settings would take affect. Do I need to reprovision the UPS service or something? Or am I missing something completely. (Hopefully the latter lol!) Thanks RKB

"Use Social Features" permission in "User Profile Service Application"

  

Hi,

We wish to disable the "Tags and Notes" feature on our SharePoint 2010 site.  When I remove the "Use Social Features" permission from the "User Profile Service Application" this also removes the "My Site" link from the drop down at the top of the page.

Why on earth would this happen?  According to the TechNet page on social features (http://technet.microsoft.com/en-us/library/ee721063.aspx) the Use Social Features permission "Includes social tags, Note Board, and ratings."  Nothing in there indicates that it would remove the link to My Site.

My Site continues to work of course, it is just that the link is removed (which confuses users).

We want to disable Tags and Notes but leave the link to My Site.  Is there a way?

Thanks,
David


Is there PowerShell command to change service application account?

  

I associated User Profile Synchronization Service with managed account "svcebrd" in CA. For some reason this created duplicated managed account. Now there are two "svcebrd" under Configure Managed Account. If I try do delete one of the accounts in CA I get "key has already been added in dictionary". Running Remove-SPManagedAccount fails with "The account Dev\svcebrd is still being used by ... User Profile Syncronization Service".

Does anybody know powershell command to changed service application account?

 


CustomAction for User Profile Service Application

  

Hi,

Is it possible to add a custom link to the People section of ManageUserProfileServiceApplication.aspx? I used two custom actions:

<CustomAction Id="THIS_ACTION_DOES_NOT_WORK"
 GroupId="TPE"
 Location="Microsoft.SharePoint.ManageUserProfileServiceApplication.ManageUserProfileServiceApplicationTenant"
 Sequence="9"
 Title="This Action Does Not Work"

Cannot get user profile service application to work using the guide on harbar.net?

  

Guys,

I'm hoping someone on here can help with this, as I've really been round the houses with this.

Anyway I've attempted to provision the UPS Service App probably 4 times now, each time learning more and more about the common problems.

The last time, I rolled my VM back to just after the installation of SharePoint 2010 binaries, and then ran the PCW and created the farm again from scratch.

I then followed this guide: http://www.harbar.net/articles/sp2010ups.aspx

Everything seemed to work perfectly well, after provisioning UPS I did a couple of iisresets as welll as execadmsvcjobs until I could see the timer job that provisions the FIM services.

These services came up and the following errors were reported in the event log:

 

The first one is lies, I did start the service and verified it was running, anyway for completeness:

"There are no instances of the User Profile Service started on any server in this farm. Ensure that at least one instance is started on an application server in the farm using the Services on Server page in Central Administration."

This one I have seen constantly on my Farm through various builds:

"An exception occurred when trying to issue security token: An error occurred while receiving t

How can I change identity of User Profile Sync Service?

  

1) I cannot remove duplicate managed account with remove-spmanagedaccount because this account is used by user profile synchronization service.

2) I cannot change the account in CA-Configure Service Accounts, it says "item has already been added..." because of duplicate managed account (1)

Is there a way of changing the account of user profile sync service so that it can be removed with remove-spmanagedaccount?

 


Creating User Profile Service application and proxy using PowerShell

  
Hi All,

Not sure if anybody have tried creating a new user profile service application and user profile service aplication proxy using PowerShell?

I am able to create the user profile service application using the following cmdlet:

$demoProfileServiceApp=New-SPProfileServiceApplication
-ApplicationPool "SharePoint Web Services Default"
-Name "Demo Profile User Service"
-MySiteHostLocation http://demo2010a:80/my
-ProfileDBName UserProfile_ProfileDB_Demo
-ProfileSyncDBName UserProfile_SyncDB_Demo
-SocialDBName UserProfile_SocialDB_SyncDB

I was also not able to supply the MySite Host Relative Path (-MySiteRelativePath) and MySites have not been set up for the user profile application. And again, get-help lists MySiteRelativePath as a valid parameter, but when executed, PowerShell throws that the parameter is invalid. 

I am unable to create  a new proxy for the above created user profile service application using the cmdlet:

New-SPProfileServiceApplicationProxy

The cmdlet keeps asking for parameter Uri which seems to be undocumented.

Would be glad if anyone can help out here.

Thanks,
Regards,
Chakkaradeep
SharePoint Developer - MCTS SharePoin

Recreate User Profile Service Application error

  

I have deleted the User Profile Service Application, I am not able to create the same.

It creates the service with the respective content databases, but does not create a proxy for it, I get a correlation id after i create the service application, I am a farm admin, local admin

Need help to get this up and running


Central Administration, "User Profile Service Application" could not be provisioned

  
Hi,

SP 2010 beta2 installed in Server Farm mode, using local account. OS = Windows 2008 R2, SQL Server 2008.

After SP Config Wizard is complete, the SP 2010 Central Administration is opened. I filled in the Service Account, clicked Next and a processing screen is spinning for abiut 3 minutes. After that IE8 displays an error message.

The service application proxy "User Profile Service Application" could not be provisioned because of the following error: The request channel timed out while waiting for a reply after 00:00:19.5439453. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.

Corelation Id: fe1bc44d-88ff-4297-85f8-4b5dcce248c1

 
Is it a critical error and can you please suggest where I can increase the timeout value?

Thanks very much in advance.


Forefront Identity Manager errors when starting the User Profile Synchronization Service Application

  
I have seen several people who are having trouble getting the User Profile Synchronization Service to start.  None of those threads have the set of errors that I am seeing.  I have all the prerequisites installed and I am using the farm administrator account which has admin rights both on the SP server and the SQL box.  This is a split back-to-back extranet topology and there is a one way trust between the extranet domain and the internal domain.  The administrator account is an internal domain account.  I receive the following two Forefront errors every five seconds in the event log after starting the User Profile Synchronization Service Application:

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered
   at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
   at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection`1& activ

Profile User Synchronisation Service

  
Hi, I have a problem to open Profile User Synchronisation. It doesn' work, I tried to verify this problem by opening services.msc but It show an error when I try to restart the service : Error 1068 The service or the groupe of dependency can't be restarted.   Thanks

Change the Timer Service Account

  
I did an install with Sharepoint 2010 RTM and have it working well but when I checked the Monitoring - Review Problems and solutions it states a security concern that the Farm Account should not be used for other services.  At this stage I have to change out the timer service since it is using the farm account.  But I don't see the timer service in the "Security - Manage service Accounts" location.  I created a timer account with no problems but how does one go about changing the timer service to use this account?  I know I can go to services and change it there but I am wondering if there is a need to do this within Sharepoint?  Am I missing a credential management piece that did not show up in the list of services? Any help would be appreciated Workerbee09  By the way, The problem points to a failing service SPTimerService (SPTimerV4) but its started and working cause I can see services being started and history of the service where it was successfull. 

User Profiles Service Application and Import of SharePoint 2007 SSP data

  
I have setup a test SharePoint 2010 Farm. I will be using this as a test upgrade of a current live SharePoint 2007 Farm. The database attach method will be used. I have replicated the web application and AAM settings of the SharePoint 2007 Farm to the SharePoint 2010 Farm and have made the 2010 Farm a DC in a new Forest. I don't want to join this to the current domain at the moment. It also has SQL server 2005 with SP3 and cumulative update 3 installed. I have just setup the User Profiles Serice Application and when I go to Manage it, I get this. Error An unexpected error has occurred.   Troubleshoot issues with Microsoft SharePoint Foundation. Correlation ID: a1760e87-372f-4711-afac-3ceba34bc599 Date and Time: 8/31/2010 4:22:56 PM I have verified and configured the following. Created the Managed Metadata Service. The status is started via Service Applications and Services on Server. Created the User Profiles Service Application and ensured status is started via Service Applications. I started the User Profile Service and User Profile Synchronisation Service via Manage Services on Server.      

Change the Timer Service Account

  
I did an install with Sharepoint 2010 RTM and have it working well but when I checked the Monitoring - Review Problems and solutions it states a security concern that the Farm Account should not be used for other services.  At this stage I have to change out the timer service since it is using the farm account.  But I don't see the timer service in the "Security - Manage service Accounts" location.  I created a timer account with no problems but how does one go about changing the timer service to use this account?  I know I can go to services and change it there but I am wondering if there is a need to do this within Sharepoint?  Am I missing a credential management piece that did not show up in the list of services? Any help would be appreciated Workerbee09  By the way, The problem points to a failing service SPTimerService (SPTimerV4) but its started and working cause I can see services being started and history of the service where it was successfull. 

Unable to start user profile synchronization service

  
Hello, I have the following problem. user profile synchronization service doesn't start up, with the following error in log: The service encryption keys could not be found. User Action Verify that the service account has permissions to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service If the problem persists, run setup and restore the encryption keys from backup. Permissions for registry are availabele. Thank you.    

Unable to change the Service account??

  
Followed this guide: http://support.microsoft.com/kb/832770 I have setup my account SPadmin to have access to my SQL DB i went into IIS and attempted to change it there for my Default sharepoint site in the applications pool page > Properties>Identity Nada, i changed it his apply reset IIS and back to my old account(very frustrating) so further reading showed attempting to change it via Central administration.   Went there and chose Operations>Service accounts chose my webservice,Application pool and configurable and setup my SPadmin, reset IIS and still no change.   Thoughts? i feel like there is  some stupid step i'm missing because it will not change regardless.   Thanks Steve K

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend