When I tried to configure UPS service in SharePoint Server 2013 by following
I tried to restart UPS service. But unfortunately, I found out unexpected behavior; it was starting then it stopped!
Cause:
As I mentioned before in this article, there are more reasons regarding this issue,
But In this case, the problem is related to the permission of the farm account where it must be added to local administrator group during starting and provisioning UPS service.
Solution:
To add a farm account to local Administrator group, you should follow the mentioned steps:
Note: If the Active Directory had been installed on SharePoint Server for testing/DEV purpose only you could remove the service account by following the mentioned steps below:
If it’s not started, you should follow the mentioned instruction in this article or try to restart the server then delete and reconfigure UPS service again!
Keep in mind, adding the farm account to local Administrator group is required only to start the User Profile Synchronization service.
After the User Profile Synchronization service has been started, you should remove the farm account from the Administrators group to avoid raising the following security warning in Health Analyzer.
- Open Central Administration as a Farm account.
- Go to Application Management > Manage Service Application.
- Create a New User Profile Service Application.
- The Create New User Profile Service Application page will be shown.
- After the UPS service has been created successfully, I went back to
- System Settings > Manage Services on Server.
I tried to restart UPS service. But unfortunately, I found out unexpected behavior; it was starting then it stopped!
Cause:
As I mentioned before in this article, there are more reasons regarding this issue,
But In this case, the problem is related to the permission of the farm account where it must be added to local administrator group during starting and provisioning UPS service.
Solution:
To add a farm account to local Administrator group, you should follow the mentioned steps:
- Open Server Manager > Tools > Computer Management.
- From left side > Select Local User and Groups > Click on Groups > Administrator Group.
- Right Click on Group name > Properties > From Member tab > Select the service account > Add.
Note: If the Active Directory had been installed on SharePoint Server for testing/DEV purpose only you could remove the service account by following the mentioned steps below:
- Open Active Directory Users and Computer as administrator.
- From left side > Select Buildin > Double click on Administrators groups.
- From Members Tap > Select the service account > Click Add.
- Repeat the previous steps on all SharePoint Servers that running this service.
Note: After making changes to the farm account, you must restart the SharePoint 2013 Timer service or restart the server.
This ensures that every SharePoint service that is currently running as the farm account is using the latest credentials.
- Go back to System Settings > Manage Services on Server.
- Try to start UPS service that should be started now.
If it’s not started, you should follow the mentioned instruction in this article or try to restart the server then delete and reconfigure UPS service again!
Keep in mind, adding the farm account to local Administrator group is required only to start the User Profile Synchronization service.
After the User Profile Synchronization service has been started, you should remove the farm account from the Administrators group to avoid raising the following security warning in Health Analyzer.
Accounts used by application pools or service identities are in the local administrator group
0 comments:
Post a Comment