In one of my project I had faced an issue where I was working with User Profile Synchronization connection and the service abruptly stuck on starting phase.
We did some troubleshooting like specified below
# User Profile sync service was stuck on starting on "Application Server".
# Stopped UPA sync on "Application Server" running below commands:
Get-SPServiceInstance (copy UPA sync guid)
# Verified that User profile sync service is using farm account.
# Farm account has Replicate Directory Changes permission on domain.
# Added farm account to local admin group on server "App Server/Index Server".
# Added farm account to all FIM & WSS groups in Local users and computers.
# Added farm account to "Log on as a batch job" and "Log on as a service".
# Followed below steps to start UPA sync service on server "App Server/Index Server".
1 Stopped SP timer and SP Administration service under services.msc
2 Clear the SharePoint Config cache and set the counter to 1
3 stsadm -o execadmsvcjobs
4 Started SharePoint timer and SharePoint admin service from services.msc
5 Delete all the certificated related to ForefrontIdentityManager from MMC - Certificates.
6 Gave full permission to SharePoint groups "WSS_WPG" & WSS_ADMIN_WPG" on below folder.
# Started sync service with farm account.
# However the sync service stopped again.
# Verified that farm account was not having connect permission on sync db.
# Gave said permissions to the farm account.
# Reset User profile's sync database as per below article:
# Tried starting synch service, still same behavior.
# Created a new User Profile Service Application with new databases, still same behavior.
# Went to Start->Administrative tools->Local Security policy->Local Policies->user right assignments on App server and removed Admin account from "Deny log on localy" group
After lot of Troubleshooting and inconstant touch with microsoft we got the solution to our problem.
SharePoint is supposed to create a folder “Madata” at" C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service" which was missing. We created the folder manually and created a txt file inside Madata folder with name "UpdateFile.txt" and restarted the sync service.
Our sync service was up and active and we were able to import profile from active directory.