We are also seeing this on a windows 2008R2 physical member server. We are using this for Office 365 directory synchronization.
We have tried adding the logon account to the local administrators group, changing the password on the account, then finally removing and re-installing (The only one that seems to work).
Any thoughts?
Nathan,
Two things I would look at.........you stated that the event log shows a logon failure error. I would suspect that when you perform the install and designate the service account, the install program provides a user right such as 'log on as a service'. You possibly could have GPOs or local policy set that ultimately takes this away or possibly puts it in 'deny log on as a service'. You would only see this after some time during a service restart, which of course a reboot would expose.
The other possibility, much less likely based on what you have reported, is that the service account is attempting to get to the Internet looking for a CRL as FIM 2010 R2 service does CRL checking by default. If this is the case, you can turn this off in a variety of ways.
If I could add to Glenn's post, go to your AD and in the Users container, look for the domain account that was added during installation of DirSync.
It has a very long description explaining that Azure DirSync added it, and probably starts with MSO.
Add this domain account to the group policy that controls the Run As Service for the server that has your DirSync installed. This account will not match the actual local account on the server that you see the ForeFront Identity Manager and the Windows Azure Active Directory Syn services, but they are tied together.
After you have added the domain MSOxxxxxxxxx account to the Run As Service policy, gpudate your dirsync server and then go in and start the Windows Azure AD Sync service - it'll automatically start the ForeFront Identity service.
I struggled with this and just wanted to help anyone else looking for details.
Hi Guys,
I experience exactly the same issue.
I have reinstalled the server on a 2008 R2 (coming from a 2012).
As soon as I reboot the server, FIM service is not starting and if I try to start it manually, I get a Logon Failure in the evnet log.
I have created a special OU with no GPO to be sure the logon as a service right doesn't get messed up on that server by any GPO.
One thing I have noticed is te serice account is a local to the FIM server, not an AD account.
This happens at each install I have tried.
I don't know if you already found a solution to that.
Any comment/help welcome
Fabian
To add to Glenn's reply, if you are having internet difficulties you may try to increase the service timeout value also. This has worked for me numerous times.
check out this post. http://social.technet.microsoft.com/Forums/en-US/853796a7-b446-43de-a9f0-138795f7b42d/fim-2010-r2-fimservice-suddenly-stops-working-wont-start
Good luck,
Peter