Sunday, 9 January 2011

Solving ‘Configuring certificate’ hang for User Profile Synchronization Service.

The quick explanation:

1. If you re-provision the UPA service and encounter an error while creating the certificate, check this blog post by Paul Culmsee: More User Profile Sync issues in SP2010: Certificate Provisioning Fun.

2. If you delete the certificate in Trusted Root Certification Authorities and still are stuck on ‘Starting’ you also need to delete the certificate “higher up” in the certificate chain at Personal –> “ForefrontIdentityManager”.

A few good pointers:

Start to put the User Profile ULS category to Verbose, then read this blogpost by the SharePoint Escalation Team. Compare the ULS log entries you got with the blogpost, it´ll show where in the process the provisioning fails.

To unprovision the service run the powershell command: Stop-SPServiceInstance –Identity ‘'GUID’

Get the GUID by “Get-SPServiceInstance”, if you have more than one SP server in the farm you have two instances of the service name ‘User Profile Synchronization’, the one which is active has the status “Provisioning”. You might also need to delete the “UserProfileSyncronizationSetup” job before the unprovisioning can start.

In my case I could disregard these error messages in the ULS logs:

ILMPostSetupConfiguration: ILM Configuration: Validating installation of SQL Service. ILM Configuration: Error 'ERR_SERVICE_NOT_INSTALLED' ILMPostSetupConfiguration: ILM Configuration: Validating installation of SQL Service FAILED

Update: Another case required the removal of all subfolders in the MaData folder. I had alot of errrors regarding MS DTC before the removal