Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
PROBLEM STATEMENT
An issue where an O365/DIRSYNC customer was attempting to start the Forefront Identity Manager Synchronization Service and it would not start.
Upon investigation I found the following information.
APPLICATION EVENT LOG – EVENT ID 6208
The server encryption keys could not be accessed. User Action Verify that the service account has permissions to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization
PROCESS MONITOR LOG
12:34:08.4998737 PM
sqlservr.exe
1244
CreateFile
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSONLINE\MSSQL\DATA ACCESS DENIED
Desired Access: Read Attributes, Synchronize,
Disposition: Open,
Options: Synchronous IO Non-Alert, Open Reparse Point,
Attributes: N,
ShareMode: Read, Write,
AllocationSize: n/a,
Impersonating: S-1-5-21-1760301770-621578649-900842474-1007
SYSTEM EVENT LOG – EVENT ID 7000
The Forefront Identity Manager Synchronization Service service failed to start due to the following error: The service did not start due to a logon failure.
RESOLUTION
Here are the steps taken to resolve the issue.
Click the Start Button, and go to All Programs > Microsoft Forefront Identity Manager > Synchronization Service Key Management Utility
If for some reason that you do not have this menu item, then you will need to look for miiskmu.exe file on your system.
You will get the Microsoft Identity Integration Server Key Management Utility dialog
Select Abandon Key Set, and click Next and follow the wizard through to Abandon the Key Set
Go back into the Microsoft Identity Integration Server Key Management Utility dialog and select Add New Key to Key Set
Follow the wizard through, and create a new Key Set which will create a new BIN file for you.
Once you do this, please test and see if you can start the service