I had a highly frustrating experience with SharePoint 2010 - notably the User Profile service, which cost me a few lost hairs. This all started when I decided to stop my Application and Sites due to a potential security risk. However, I failed to disable the User Profile Synchronisation jobs which corrupted the exising User Profile Service and thus preventing users from accessing the SharePoint platform (my client uses My Sites as its Home Page).
I thought a quick resolution would be to restore from a previous farm backup that I had created, but No, that doesn't provide a solution as there are other settings and configurations that would need to be reset or be recreated in order for the User Profile service to work correctly. After spending several hours searching for a solution, including restore and restarting to no avail, other suggestions appear to be pointing to the fact that you would need to delete the existing User Profile Service (while keeping the existing Profile data) and then create a new one, ensuring that the Profile and Social Databases are kept. However, this is easier said than done as a number of steps have to be completed. Here are the steps below, and I'm sure that if you follow the steps in this particular order, you should have your user Profile service up and running again. Please note, these steps are to re-provision a User Profile Service that had been previously configured correctly and worked and synchronised without errors in the past.
Step 1 - Stop the existing User Profile Synchronisation Service
If the existing User Profile Synchronisation service has been stuck on Starting for more than 20 mins or so, then it has failed and will need to be stopped, otherwise you will continue to have errors. If it has already stopped, then proceed to step 2 instead.
1. The first thing we want to do is get the GUID of the User Profile Synchornisation Service by using the Get-SPServiceInstance command in SharePoint 2010 Management Shell.
Log in using the SharePoint Farm account and click on Start | All Programs | Microsoft SharePoint 2010 Products | SharePoint 2010 Management Shell. Right click on this icon and select Run as an administrator (you can also type SharePoint 2010 Management Shell in the Search field)
2. On the SharePoint 2010 Management Shell focus, navigate on the title bar and right click and then select "Properties". Click on the "layout" tab and change the Window Size Width to 120, so that we can increase the size of the screen and see the GUID of the user profile synchronisation service.
3. In the Shell focus, after the user prompt, type the following:
Get-SPServiceInstance
This will result in all the available services. However, you may not see the GUID clearly, so type this command instead
Get-SPServiceInstance | format-table -autosize
This will now result in the full listing of available services as well as there fully expanded GUID. Note the GUID of the User Profile Synchronisation Service
4.Next, type the following command Stop-SPServiceInstance {GUIDOFTHEUSERPROFILESYNCHRONISATION SERVICE}
5. Navigate to Central Administration | Application Management | Service Applications | Manage Services on Server |
The User Profile Synchronization service status should now be ‘Stopped’ or ‘Disabled’. Once the service is stopped you can now move on to the next step which is to delete existing certificates.
Step 2 - Delete Existing ForeFront Identity Management Certificates
If there are existing Forefront Identity management certificates on the SharePoint Server and you try and recreate a User Profile Service Synchronisation, the synchronisation will fail or remain on the dreaded Starting. To overcome this you need to delete the existing certificates. This can be done using the MMC plug in on the SharePoint 2010 Server.
1. Click on Start | "on the Search Bar" | Type mmc | Click on the Icon
2. The mmc focus will now launch. Click on File | Add / Remove Snap In
3. Double Click on the Certicates Icon and Select Certificates | Computer Account | Finish | Local Computer | Finish | OK
4. Expand Certificates | Personal | Certificates and locate and delete all ForeFront Identity Manager Certificates that exists
5. Expand Certificates | Trusted Root Certificate Authoritiesl | Certificates and locate and delete all ForeFront Identity Manager Certificates that exists.
Performing these steps will ensure that the User Profile Service Synchronisation does start and does not remain on hanging.
Step 3 - Note the details of the Existing User Profile Service
As we will be deleting the existing User Profile service, you wil need to note the following settings on the existing user profile service.
AD connection settings
AD connection filters
Preferred search center
MySite host
User Profile Service Administrators
Permissions
It would be wise to take screen shots from the existing User Profile Service
Step 4 - Delete the Existing User Profile Service application
After noting down all details on the existing User Profile Service application, we will now delete it.
1. From Central Administration | Application Management | Manage Service Applications,
click on the User Profile Service to be deleted and click on the Delete Button.
2. A Warning focus will be displayed telling you that you are going to delete the User Profile Service Application. There will also be a checkpoint saying "Delete Data Associated with the Service application". Ensure that you do not click on this checkbox as doing this will delete the profile, social and sync databases that have already been created and are attached to the User Profile Service. Next, click on the OK button. A message will then be displayed saying that the user profile service has been deleted.
Step 5 - Delete the Sync Database on the SQL 2008 Server
We now have to delete the Sync Database. This database is a staging area for the ForeFront Identity Management modules whilst synchronisations occur. If the Sync Database remains, it will have old sync information which will affect starting up the User Profile Synchronisation Service. Please note that Microsoft does not support direct interactions and operations on the SQL Server Database. However, to do this:
1. log into the SQL 2008 Server and log in using the SharePoint Administrator account.
2. Launch Microsoft SQL Server Management Studio and sign in
3. Click on the Database Node and expand it, then scroll down and locate the Sync Database - should be called Sync DB
4. Right click on it and click on Delete. A Delete Object focus will be displayed. Scroll down to the bottom of the focus and untick the checkbox that says "Delete Backup and restore history information for databases". Click on the checkbox that says "Close Existing Connections" and click on "OK".
5. The Sync DB will now have been deleted. Please do not delete any other databases.
Step 6 - Create the new User Profile Application
1.From Central Administration | Application Management | Manage Service Applications, click on New | User Profile Service Application
2. Create a new User Application by using the same name or a different one (it is recommended that you use a new name by some SharePoint troubleshooters
3. Click on the Create New Application Pool Checkbox and enter a new application Pool and ensure the farm account is selected as the the security account
4. The other databases i.e. Profile DB, Social DB and Sync DB would already be prepopulated, but bearing in mind that we deleted the Sync Database in Step 5, this will be recreated.
5.Enter the mysite URL i.e. the same settings that were entered previously
6. Click on OK, the new user profile service will be created
7. Complete the Administrator details for the User Profile Service including the Search Crawl accounts
8. Complete the AD Connection settings as well.
9. Navigate to Central Administration | Manage Web Application and select the Web application that hosts the My Site Application. Click on "Service Connections". Click on and select the newly created User Profile Service proxy and then click on OK
10. Navigate to Central Administration | Monitoring | Timer Jobs | Review Job Definitions and locate the "My Site Cleanup Job". Double click on it and select Disable button (if you don't do this before resetting the Sync database, you run the risk of it deleting all the user profiles as well as users receiving messages about My Site deletions.
Step 7 - Start the User Profile Synchronisation Service
1. Click on Central Administration | Application management | Manage Services on the Server and locate the User Profile Synchronization Service link which should be showing Stopped. Double click on it. This should then show Starting, and after 5-10 mins will now show Started. You may want to use ULS viewer to check the progress.
2. Once the User Profile Service has changed to Started, navigate to Central Administration | Application Management | Manage Service Applications and click on the newly created user profile service. Navigate to Synchronization | Start Profile Synchronization and click on "Full".
3. Once this has occured, the synchronisation should occur and all users details should now be resynchronised.