Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (bMicrosof)
  • When: 9 Oct 2012 12:10 PM
  • Last revision by (cMVP, Microsoft Community Contributo)
  • When: 2 Apr 2013 5:42 PM
  • Revisions: 6
  • Comments: 2
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  TROUBLESHOOTING: FIM2010: Event ID 6208-The server encryption keys could not be accessed

TROUBLESHOOTING: FIM2010: Event ID 6208-The server encryption keys could not be accessed

TROUBLESHOOTING: FIM2010: Event ID 6208-The server encryption keys could not be accessed

PROBLEM STATEMENT

Recently worked an issue where an O365/DIRSYNC customer was attempting to start the Forefront Identity Manager Synchronization Service and it would not start.  Upon investigation I found the following information.

APPLICATION EVENT LOG – EVENT ID 6208

The server encryption keys could not be accessed.    User Action  Verify that the service account has permissions to the following registry key:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Identity Manager\2010\Synchronization Service    If the problem persists, run setup and restore the encryption keys from backup.

 

PROCESS MONITOR LOG

12:34:08.4998737 PM      sqlservr.exe       1244       CreateFile           C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSONLINE\MSSQL\DATA ACCESS DENIED                Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: S-1-5-21-1760301770-621578649-900842474-1007

 

 

SYSTEM EVENT LOG – EVENT ID 7000

The Forefront Identity Manager Synchronization Service service failed to start due to the following error:  The service did not start due to a logon failure.

 

RESOLUTION

Here are the steps taken to resolve the issue.

(1)    Click the Start Button, and go to All Programs > Microsoft Forefront Identity Manager > Synchronization Service Key Management Utility
If for some reason that you do not have this menu item, then you will need to look for miiskmu.exe file on your system.

(2)    You will get the Microsoft Identity Integration Server Key Management Utility dialog

(3)    Select Abandon Key Set, and click Next and follow the wizard through to Abandon the Key Set

(4)    Go back into the Microsoft Identity Integration Server Key Management Utility dialog and select Add New Key to Key Set

(5)    Follow the wizard through, and create a new Key Set which will create a new BIN file for you.

(6)    Once you do this, please test and see if you can start the service

, , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 8 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 2 Apr 2013 5:42 PM

    Richard Mueller edited Revision 4. Comment: Added tags

  • 13 Mar 2013 8:48 AM

    Andrew Masse edited Revision 1. Comment: Edited title as event log is 6208 not 6028

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 13 Mar 2013 8:48 AM

    Andrew Masse edited Revision 1. Comment: Edited title as event log is 6208 not 6028

  • Posted by
    on 2 Apr 2013 5:42 PM

    Richard Mueller edited Revision 4. Comment: Added tags

Page 1 of 1 (2 items)