Problem

You have followed Harbar’s Rational Guide to setting up the User Profile Service Application in SharePoint 2010 but the User Profile Service is still stuck on starting.

Solution

Ensure that the account you are running the UPS service is a local administrator for the provisioning process.

This is normally the farm account which also runs the SharePoint Timer service. You can remove admin rights later. If it is not a local admin, you will need to restart the Timer service after you grant the correct permissions.

Log on as the account that will run the User Profile Synchronization service.

If the User Profile Service Synchronisation Service is stuck on ‘Starting’:

  1. Run SharePoint Management Shell as a farm administrator.
  2. Type: stop-spserviceinstance | where { $_.typename -eq “user profile synchronization service” }
  3. The User Profile Synchronization service status should now be ‘Stopped’ or ‘Disabled’.

Check the Certificates store on the server that runs the User Profile Synchronisation Service and delete all the ForefrontIdentityManager certificates.

  1. Start -> Run -> mmc
  2. File -> Add / Remove Snap-in
  3. Select Certificates -> Computer Account -> Finish -> Local Computer -> Finish -> OK
  4. Expand Certificates -> Personal -> Certificates
  5. Delete all ForefrontIdentityManager certificates (if you have tried to provision the UPS unsuccessfully several times, you will see more than one certificate).
  6. Expand Certificates -> Trusted Root Certification Authorities -> Certificates
  7. Delete all ForefrontIdentityManager certificates (if you have tried to provision the UPS unsuccessfully several times, you will see more than one certificate).

Set the FIM Services to run as Local System

  1. Start -> Run -> services.msc
  2. Locate the two FIM Services: Forefront Identity Manager Service, Forefront Identity Manager Synchronization Service.
  3. Edit properties and set it to run as Local System account.

Check Central Administration for the ProfileSynchronizationSetupJob and delete any running jobs.

  1. Go to Central Administration -> Monitoring
  2. Delete the job.

Provision the User Profile Service using Central Administration.

Run your ULS logger to see what is happening. It should take no longer than 10 minutes to provision.