Symptoms:
When starting User Profile synchronization server, ULS log contains following:
1 2 3 4 5 |
ILM Configuration: The miissku.exe process exited with error code -2147024894. Error: . ILM Configuration: The ValidateMiisEncryptionKey process returned False. Synchronization database is already initialized. Importing the encryption key for the database into the registry UserProfileApplication.SynchronizeMIIS: Failed to configure MIIS pre database, will attempt during next rerun. Exception: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.Office.Server.Administration.UserProfileApplication.RestoreMiisEncryptionKey(ILMPostSetupConfiguration psc) at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance). |
Issue:
Sync database is encrypted by the key, that wasn’t migrated to the new environment.
Resolution:
Correct way how to migrate encryption key during User Profile migration
- [CURRENT ENVIROMENT] Export encryption key from current SharePoint environment by using miiskmu.exe (located in [drive]\Microsoft Office Servers\15.0\Synchronization Service\Bin\”
run: miiskmu.exe- choose Export key
- specify credentials for farm administrator (account that is running user profile service, usually it is farm administrator account)
- [NEW] Start service User Profile service
- [NEW] Create new service application – User Profile Service Application by specifying all UPA databases
- [NEW] Reset IIS and SPTimerV4 service
- [NEW] Import encryption key
miiskmu.exe /i [PATH_TO_EXPORTED_KEY] {0E19E162-827E-4077-82D4-E6ABD531636E} /u:[FARM_ADMIN_LOGIN] * - [NEW] Start User Profile Synchronization service
For detailed description see my article User Profile Migration from SharePoint 2010 to 2013
You are one of the only people I’ve seen make use of the /u parameter, and it was exactly what I needed since the location I was restoring to was using a different farm account. Thanks!