SharePoint 2010 User Profile Service fails to start

So after many an hour of playing with this I wanted to share how I managed to resolve the issue of starting the User Profile service.

Couple of things to make you aware of early on:

  • This is not a conclusive guide on how to setup user profile service application
  • I used to the SharePoint Farm account to start the service (other accounts fail)
  • The User Profile Service Application was run under an application pool account under a separate AD account
  • SQL on the same server
  • Windows 2008 R2 with hot fix for WCF (KB976462)
  • I ran the wizard to install SharePoint 2010 (creating the user profile service application for me)

So following a series of excellent posts from Spencer Harbar on setting up and providing the correct permissions for the user profile implementation to succeed I hit an error where i couldn't start the user profile service, well I could but it wouldn't stay in a state of ‘started’ for long. Trawling the event viewer application logs 2 noticeable errors were showing each time I attempted to start the service these were:

Event ID 6306 - FIMSynchronizationService

The server encountered an unexpected error while performing an operation for the client.
"BAIL: MMS(7132): mastate.cpp(3117): 0x80230622 (A management agent with this name already exists.): MA directory cannot be created because it is already in use by an existing MA: C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\MaData\ILMMA
BAIL: MMS(7132): mastate.cpp(1637): 0x80230622 (A management agent with this name already exists.)
BAIL: MMS(7132): server.cpp(964): 0x80230622 (A management agent with this name already exists.)
Forefront Identity Manager 4.0.2450.5"


Event ID 3 – Forefront Identity Manager

Microsoft.ResourceManagement.ResourceManagementException: Exception from HRESULT: 0x80230622 ---> System.Runtime.InteropServices.COMException (0x80230622): Exception from HRESULT: 0x80230622
   at MIISRCW.IMMSServer.CreateMA(String pszMADataXML, String& ppszUpdatedXML)
   at Microsoft.ResourceManagement.SyncConfig.CreateMA(String maData, String& returnString)
   at Microsoft.ResourceManagement.ActionProcessor.SyncConfigActionProcessor.Create(String typeName, IList`1 createParameters, Guid creator, Guid cause)
   --- End of inner exception stack trace ---

After hours of changing security permissions and adding users to different groups to try and resolve this I finally made a breakthrough!

To resolve this issue what I did was delete the User Profile Service Application from the Service Application page and recreated it. IMPORTANT recreating the user profile servie application  with exactly the same name will result in these errors reappearing so I advise that when recreating you give the service application a different name.

Reading between the lines it looks as if somewhere in the configuration it thinks that the user profile service application is either already started and therefore fails when attempting to start it with exactly the same name.

I really hope this helps you out as this one was really frustrating for me!

Related articles worth reading


Pau said...

Hi Paul,

Thanks for the post. I had the same problems and with your help the user profiles services started.

The problem is when I try to managed the User Profile Service. An unexpected error appears and I have to go back to the site, so I cannot finish the configuration.

Do you know what's happening? I entered with the farm account and administration privileges.

Thanks in advanced,


Paul Grimley said...

Glad to hear it helped, as regards your issue it may be that the the ForeFront services have stopped generally meaning something is not setup correctly. It is also worth noting there are a couple of Cumulative Updates for SharePoint which may be worth installing.

Anonymous said...

This happens becouse, when you delete a UPA, the application pool (possibly a reference in SharePoint) and certificate are not deleted.

How to remove both useing Powershell and MMC:

Powershell: "Get-SPServiceApplicationPool" and check for UPA Pools and then "Remove-SPServiceApplicationPool" "your UPA Pool Name"

MMC: "MMC -> certificates -> local computer" and delete cerficates with the following name: "ForeFrontIdentityManager".
These certificates are usually found in the "Trusted Root Cert Auth" and the personal store.


Rich N said...

Thanks Paul for the great post. One follow-up to Anonymous's comments, I performed the cleanup steps using powershell and the MMC snap-in, but subsequent provisioning attempts would hang on "ILM: Configuring Certificates." All of the certs had been cleared out of the snap-in. Turns out a previous provisioning attempt had created a mal-formed certificate that was not showing up in the snap-in, but it was visible through IIS 7's Server Certificates. I could view the certificates, see that they were mal-formed and delete them from there. Once I did that provisioning would not hang on "Configuring Certificates." Hope this might help someone else out there.

Paul Grimley said...

Hi Rich, Thanks for feeding this back and sharing with everyone. I'm glad you resolved your issue.


Anonymous said...

Paul, You are the man! Thank you for sharing you experience that helped me solve this strange issue.


Paul Grimley said...

Hi Jesper, thanks for the comment. Receiving these is the biggest compliment to writing the blog in the first place, glad it helped.

Anonymous said...

I am looking to delete and re-create the UPA. I will give it a new name say UserProfiles.

Is it best to give the Profile database name default is Profile DB to another name such as UserProfile DB and similar to the Sync DB and Social DB?


Paul Grimley said...


You can name the new user profile service as you wish however I would advise that you dont call it 'V2' or 'User Profile (New)' as this would give the perception to others that there's been issues with it and puts doubt in people minds regarding its stability especially with its well documented problems.

Since I experienced this issue I haven't come across it again however that said I have since used PowerShell to create all my SharePoint farms / installations. This article should help recreate the user profile using PowerShell whilst retaining information

Hope that helps!


Ashish Lingwal said...

Thanks for me....very good post...

Post a Comment