Welcome to UnableTo.com, where you can state any issue that you are unable to perform and receive answers from other members of the community.

Categories

0 votes

DirSync runs just fine upon initial install or re-install. However after a reboot the Forefront Identity Manager Synchronization Service does not start and will not start. It gives an error

Windows could not start the Forefront Identity Manager Synchronization Service service on the Local Computer. Error 1069: The service did not start due to a logon failure.

The service is set to run as a local account named AAD_###########.  I can reinstall DirSync and it works but this is not a long term solution.

If I try and open "C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe"

It gives an error stating

Unable to connect to the Synchronization Service.

Some possible reasons are:

1) The service is not started

2) Your account is not a member of the required security group.

See the Synchronization Service documentation for details.

Service name: FIMSynchronizationService

Service name: MSOnlineSyncScheduler

by (530 points)
Hey there, just curious if you've found a solution?  I'm having the exact same issue on my 08 R2 box.

 

Thanks,

Pat

1 Answer

+1 vote
 
Best answer

The issue was occuring for me because the default GPO contains restrictions of who can logon as a service and is only applied at reboot. Initially after the install it runs just fine until the GPO is applied. What I did to resolve:

  1. Install Dirsync
  2. Find the username (In my case it started with AAD_) of the User that is being used to login to the service listed in Services.msc under Forefront Identity Manager Synchronization Service or Windows Azure Active Directory Sync Service
  3. Add that user to the local "Administrators" user group
  4. Open the Default domain GPO and navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment
  5. Open "Log on as a service" and add the computer's local "Administrators" user group
by (530 points)
selected by
...