Issue: SharePoint 2010 User Profile Sync Service won't start. As many are already pulling their hair over the UPA Sync service issues, one of the errors and resolution is as below.

Error:-

02/22/2012 11:49:18.87 OWSTIMER.EXE  (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles g4wt High  UpdateILMMA: Failed to update  password. Exception: {1}..  Available parameters:  Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException:  Access to the requested resource(s) is denied    at  Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier  identifier, String[] attributeNames, Nullable`1 resourceTime)     at  Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier  resourceIdentifier, String typeName, String[] attributeNames, CultureInfo  locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)     at  Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier  resourceIdentifier, String typeName, String[] attributeNames, CultureInfo  locale, Boolean includePermissionHints)     at  Microsoft.Office.Server.UserProfiles.Synchronization.MAConfiguration..ctor(Guid  resourceIdentifier)     at  Microsoft.Office.Server.UserProfiles.Synchronization.ILMMAConfiguration..ctor(Guid  resourceIdentifier)     at  Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.UpdateILMMA(String  databaseServerIlm, String databaseInstanceIlm, String databaseName, String  domain, String userName, SecureString password) .  a4398ace-cf1f-4a23-a976-830806ce4c67

02/22/2012  11:49:18.87 OWSTIMER.EXE (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles  9q17 High UserProfileApplication.SynchronizeMIIS: Failed to configure ILM MA, will attempt  during next rerun. Exception:  Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException:  Access to the requested resource(s) is denied     at  Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier  identifier, String[] attributeNames, Nullable`1 resourceTime)     at  Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier  resourceIdentifier, String typeName, String[] attributeNames, CultureInfo  locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone)     at  Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier  resourceIdentifier, String typeName, String[] attributeNames, CultureInfo  locale, Boolean includePermissionHints)     at  Microsoft.Office.Server.UserProfiles.Synchronization.MAConfiguration..ctor(Guid  resourceIdentifier)     at  Microsoft.Office.Server.UserProfiles.Synchronization.ILMMAConfiguration..ctor(Guid  resourceIdentifier)     at  Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.UpdateILMMA(String  databaseServerIlm, String databaseInstanceIlm, String databaseName, String  domain, String userName, SecureString password)     at  Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance  profileSyncInstance). a4398ace-cf1f-4a23-a976-830806ce4c67

02/22/2012  11:49:18.87 OWSTIMER.EXE (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles  9i1u Medium UserProfileApplication.SynchronizeMIIS: End setup for  'UserProfileServiceApplication'.  a4398ace-cf1f-4a23-a976-830806ce4c67

Log Name:  Application
 
Source:        FIMSynchronizationService
Date:          2/22/2012 11:49:18 AM
Event ID:      6331
Task  Category: MA Extension
Level:         Error
Keywords:      Classic
User:          N/A
Computer: computer.domain.com
Description:

A update on  the configuration of a MA or MV failed to replicate to a target connector  directory that is capable  of storing MA/MV configurations.  As a result, the  MA/MV configuration data in this connector directory is not up to date.  Please  correct the condition that causes the error, and triggers a resync by updating the password  information of the target MA.

Additional  information:
Error Code:  0x80231317
Error  Message: (The management agent  failed to validate against the application store with the specified  credentials.)
Operation:  Clean up MAs
Name of the  MA to replicate: 
Name of the  target MA: ILMMA
Guid of the  target MA: {F2CD610F-9L7E1-45S2-834J-D76734328DFCAC4}

(The management  agent failed to validate against the application store with the specified  credentials.)
 
Clean up MAs

 

Resolution:-

1. Make sure you are logged into the Server as the UPA Service account.

2. Run RSOP information for account specifically for  'Allow Logon Locally' and 'Deny Logon Locally' GPO.

3. If the User Account is part of any AD group and that Group is added to the "Deny Logon Locally" policy, the UPA Sync service will NOT start.

4. The Service account has to be specifically be part of the "Allow Logon Locally" GPO.