Symptoms:
When starting User Profile synchronization server, ULS log contains following:
1 2 3 4 5 |
ILM Configuration: The miissku.exe process exited with error code -2147024894. Error: . ILM Configuration: The ValidateMiisEncryptionKey process returned False. Synchronization database is already initialized. Importing the encryption key for the database into the registry UserProfileApplication.SynchronizeMIIS: Failed to configure MIIS pre database, will attempt during next rerun. Exception: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.Office.Server.Administration.UserProfileApplication.RestoreMiisEncryptionKey(ILMPostSetupConfiguration psc) at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance). |
Issue:
Sync database is encrypted by the key, that wasn’t migrated to the new environment.
Resolution:
Correct way how to migrate encryption key during User Profile migration
- [CURRENT ENVIROMENT] Export encryption key from current SharePoint environment by using miiskmu.exe (located in [drive]\Microsoft Office Servers\15.0\Synchronization Service\Bin\”
run: miiskmu.exe- choose Export key
- specify credentials for farm administrator (account that is running user profile service, usually it is farm administrator account)
- [NEW] Start service User Profile service
- [NEW] Create new service application – User Profile Service Application by specifying all UPA databases
- [NEW] Reset IIS and SPTimerV4 service
- [NEW] Import encryption key
miiskmu.exe /i [PATH_TO_EXPORTED_KEY] {0E19E162-827E-4077-82D4-E6ABD531636E} /u:[FARM_ADMIN_LOGIN] * - [NEW] Start User Profile Synchronization service
For detailed description see my article User Profile Migration from SharePoint 2010 to 2013