User Profile Service account Write to AD Permissions

Hi,

I change service account for user profile service application from spfarm to spservice . and then FIM Synchronization Service is stopped and i found this error in event viewer.

"The server encryption keys could not be accessed.

User Action

Verify that the service account has permissions to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service

If the problem persists, run setup and restore the encryption keys from backup."

But i tried to set the permission for spservice in registry. Still can't start the FIM Synchronization Service and also the log on as "Account" is changed to spservice .

When I change to spfarm for User Profile Service Application, it is working fine.

Please advise me that what do i need to configure for spservice ?

Thanks.

---

kmhsad

Hi @ all   I installed two SQL Server 2008 on Server 2008 R2 Std (principal and mirror) and an AD Server 2008, with sperate service accounts, connect as SA, localy all works fine. I created some agent tasks (PowerShell, T-SQL), but I get some Error massages in the history, that service account of SQL Agent didn't have the permission to query a remote machine(access denied for wmi (HRESULT: 0x80070005 (E_ACCESSDENIED)) and linked database(SQLSTATE 42000 Error(7314)). The simple query with SA permissions on the remote machine works and the powershell scripts with the local domain user works too. But not with the SQL Agent. WHY?? Where ist the different between the user account permisions and service account permissions? Which settings are needed? Example: get-wmiobject -class win32_service -computername 192.168.xxx.xxx| where {$_.name -like '*SQL*'} Powershell Console: works                                     SQL Agent Job: access denied I tried some solutions with user rights, group policies and security permissions but nothing works. like: Configuration -Service Accounts, SQL Server or SQL Server Agent service account http://support.microsoft.com/kb/283811/en-us http://msdn2.microsoft.com/

Hi, I have a problem to open Profile User Synchronisation. It doesn' work, I tried to verify this problem by opening services.msc but It show an error when I try to restart the service : Error 1068 The service or the groupe of dependency can't be restarted.   Thanks

Hello, I have the following problem. user profile synchronization service doesn't start up, with the following error in log: The service encryption keys could not be found. User Action Verify that the service account has permissions to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service If the problem persists, run setup and restore the encryption keys from backup. Permissions for registry are availabele. Thank you.    

Hi there, I had configured the User Profile Service and all was working well (Syncing with AD etc.). However, something has gone wrong. The services still appear to be running; both Forefront Identity Manager services are running, and the services show as 'Started' in Central Administration. The 'My Profile' and 'My Site' options have disappeared though, and browsing to the My Sites page results in an error (Could not load user profile). To make matters much worse, it seems to have also broken the Central Administration site. If I try and go to 'Manage Service Applications' I get another error (The specified user or domain group was not found). This error seems to come up on around half of the pages on the Central Administration site. Looking up the error (abb6b174-0f71-413a-a27a-41cdc87b66d0) in the logs I find this: 09/06/2010 15:35:45.44  w3wp.exe (0x0868)                        0x06A0 SharePoint Portal Server       User Profiles                  cm6y High     User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileA

I've got an interesting situation: I've got a domain e.g. FOOBAR.FI. The Netbios domain is due to historical reasons BARFOO. When I use UPS to import accounts from the FOOBAR.FI domain, the user account names in SharePoint are given the id of FOOBAR\<useraccount>. This works so and so. Users are identified and My Sites is fine. However the organizational chart and other fields where you can specify another user don't work as they should. If the manager is specified from AD, the organizational chart works. However, if I edit a profile and check the manager, it's in the form of FOOBAR\<useraccount>. SharePoint highlights this and a tooltip says that the account cannot be found. As a suggestion, it gives BARFOO\<useraccount>, which is found from the AD. All fine and dandy, until you check the organizational chart, which turns out to be empty at this point. This is because in SharePoint there's no user with the name BARFOO\<useraccount>, but only those FOOBAR\<useraccount> users who've been imported from the AD. So bottom line question is: How does UPS select and set the user account name?

Surveys...grrrr.   I am developing a .NET console application that accesses survey data from a single survey list using the MOSS web service "Lists".   I am able to enumerate the survey list and get to the items except for the author of the survey response.  When I get to the column ows_Author, it appears to be a lookup value formatted like this:  "1066;#JOHN DOE".   How can I, using web services alone, lookup the corresponding Windows login ID of that user?  If I go to the survey in SharePoint and click on the name in the view, it takes me to a site-based user profile page that does show the account ID I want.  The page that displays appears to be a virtualized page like this "_layouts/userdisp.aspx?ID=1066".   What I really need is JOHN DOE's account ID like "domain\id". Can I get to this with the data I have available? Thanks

Hi, I have scenario on configuring User Profile Synchronization service on customer site as below. Window AD Server 2003 Domain NetBIOS: foo FDQN: foo.bar.com  User Account to connect: foo\ad-connect This account already set permission as describe in http://technet.microsoft.com/en-us/library/ee721049.aspx  when I try to create connection, system took long time to process then return error as "Client Timeout". I try to check FIM and it's seems to work fine (no error return and can get users data). So could anyone told me what's wrong? Since I've didn't have much knowledge on Network and AD, please advice.Theeraphat.P SharePoint Information Worker

I'm attempting to setup a web part in SharePoint Designer 2007 that will list team members that are currently on call.  I've created the data connection to our oncall database and a dataview web part that has two columns.  One column lists the users ID, and the other lists their oncall priority.  This part works great! Example: USERID  |   PRIORITY ID1234   |       1 ID5678   |       2 Now, what i would like to see instead is the user's name instead of their ID. Example: USERNAME  |   PRIORITY John, D       |       1        Jane, B       |       2 I thought originally i could pull this information from AD using the user profile service from here:  http://<servername>/_vti_bin/userprofileservice.asmx?wsdl I've created the data connection to the user profile service, but at this point, i'm unsure how to merge the two data connection columns and get the right user data to display. Any tips?  Has anyone done this before?

Hi, I'm tryiong to setup UPA service but having some issues after running the UPA service.UPA service appears running, but clicking on the link in Central Administration does not take me to the Service Configuration page. Instead Central Admin flashes unknown error. Error log shows error message similar to the following o    User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext)                34e709d0-90b0-4419-afd0-44aff54ac385 We have a central admin server and two WFE servers. User Profile Application is created on the application pool in central admin server and the Instance (only instance) runs on the Central Admin Server. If anyone has faced the same issue kindly revert back to me. Regards, A