User Profile Service: View the management agent run history for details.

Do you still use FIM for User Profiles in SharePoint 2013?
If requirements allow, I highly recommend to switch to SharePoint Active Directory Import

If not, you may be lost with intricacy of FIM configuration. I hope this How to start User Profile Synchronization service post alleviate some configuration pain.

One the Sp2013 uses FIM, and I recently found an error message in the event log:

The management agent "MOSSAD-User Profile Synchronisation" failed on run profile "DS_FULLIMPORT" because of connectivity issues.

 Additional Information
 Discovery Errors       : "0"
 Synchronization Errors : "0"
 Metaverse Retry Errors : "0"
 Export Errors          : "0"
 Warnings               : "0"

 User Action
 View the management agent run history for details.

And was wondering where IS this agent run history.

Here it is:
C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell

Alert error: You do not have an e-mail address.

You do not have an e-mail address.
Alert has been created successfully but you will not receive notifications until valid e-mail or mobile address has been provided in your profile

Got this error on your on-prem SP2013 while setting alerts?
The reason, in my case, was that User Property "Work email" wasn't setup correctly.

Don't worry , it is easy to get it straight and here is how:
1. Go to Manage User Properties, and find "Work Email", Edit
2. In the "Work Email" properties, add a new mapping "mail"
3. Make sure that Policy settings: Replicable, and Edit settings: Allow users to edit values for this property.

4. Start Full synchronization.

Done!

Simple concept: Profile synchronization log file

[Question]:
The profile synchronization failed. I found an error in the Event log:



The management agent  failed on run profile "DS_FULLIMPORT" because of connectivity issues.

 Additional Information
 Discovery Errors       : "0"
 Synchronization Errors : "0"
 Metaverse Retry Errors : "0"
 Export Errors          : "0"
 Warnings               : "0"

 User Action
 View the management agent run history for details.



Where is the management agent?


[Answer]:


C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe

"SharePoint 2007 to 2010 Upgrade" online project (part 8) : How to start User Profile Synchronization service

[What you have]:
You have a 2010 farm.

[What you want]:
You want to pull users from AD into Profiles.

[What you want to know]: 
Here is a beautiful represenation of User Profile Architecture from UPA 2010 : Intro – Part1

In order to get AD connection configured, you want to configure User Profile Synchronization.
Before you get your hands dirty with that, the essential understanding of the User Profile architecture is required.

Terminology:

User Profile Application -  a logical set of functionality that allows to have profiles, and if needed social tagging, my site functionality (note: you can configure whether users will be able to create "my site" -Central Administration  Manage Profile Service: User Profile Service -> Manage User Permissions)

"A key thing to understand is that Service Applications, in the general case, are just a logical concept made up of one or more components, one of which may be an actual Service Application component that defines the configurations for a particular implementation of a specific Service Instance." (Gary Lapointe's book)

( you want more of that? - Service Application : Architecture in one picture)

What is the User Profile Synchronization service anyway? - just a wrapper for the ForeFront Identity Manager (FIM) services.

[What you want to do]:

Make sure that:
1. Start the “User Profile Service” first.
2. Create the “User Profile Service Application”
"You must create the User Profile Service Application while logged on as the Farm Account 
This is generally contrary to well-understood best practices that stipulate that you should never log as the Farm Account, but unfortunately, it is a neccessary eveil due to an issue with how the Service Application is created."
(Gary Lapointe's book)

Now you are ready to kick the User Profile Synchronization server off:

1. Make sure that A farm account is in the Farm Administrator group (/_layouts/people.aspx?MembershipGroupId=3).
2. Add temporarily a farm account into Local Administrators group on the application server where you want to run the User Profile Synchronization service.
3. You logged as a farm account into the application server where you want to start the User Profile Synchronization service.
4. Network service account is a member of WSP_WPG group on that application server
5. Don't forget to reset the application server if you have just added a member to the local group. I even would recommend to restart IIS and SharePoint 2010 Timer.

In case NetBIOS Name and FQDN mismatch:

Before Start User Profile Synchronization Service:

First, enable netbios name 

$UserProfileServiceApp = Get-SPServiceApplication | where {$_.TypeName -eq "User Profile Service Application"}                                                                                           

   $UserProfileServiceApp.NetBIOSDomainNamesEnabled = 1                                                                                                                                             

   $UserProfileServiceApp.Update()    

6. Run User Profile Synchronization service on the same application server where the User Profile Service is running.
7. IIS reset after the provisioning of User Profile Synchronization service
8. The permanent assigment "log on locally" must be granted to the Farm Account (Local Policies->User Rights Assignments - Allow Log on locally).
"Though adding the farm Account into the Local Administrator group does achieve this, do not be tempted to leave the Farm Account in the group as doing so is considered a security risk". (Gary Lapointe's book)

9.Check whether User Profile Synchronization works. If it does, remove the farm account from Local Administrator group, you don't need it anymore.

* Because User Profile Sync Service doesn't work with the managed account, if you ever change the farm account password, it will break the user profile synchronization

**Farm backup will stop the User Profile and after the backup job is done, it will try to start the User Profile Service. If at that time all required conditions (That mention above) don't meet, you will end up with broken USP after the farm backup. (Why SharePoint backups break the User Profile Sync Service and other mysteries solved (Todd Klindt))

[What you want to consider]:

To get more details on the topic - Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization

To know exactly what's going on under the hood - refer to UPA 2010 : Setting up the User Profile Service Application

My personal respect to the  author of the post Forefront Identity Manager & User Profile Synchronization Service. This post is responsible for that I got the User Profile Synchronization running.

To encourage me to write you  helpful posts, you can acquire knowledge from a great book by Gary Lapoint through Amazon associate program. (just click this link and buy Automating SharePoint 2010 with Windows PowerShell 2.0)

Simple concept: Manage services on server link is missing

[Question]:
I have logged into Central Administration as a farm account but I can't see the link "Manage services on server".
The request of the page _admin/Server.aspx gives an error "Access denied".
Where the link to "Manage services on server"?


[Answer]:
First of all, I don't know the true nature of permission on the page _admin/Server.aspx. But I have discovered that my farm account can't get to it - Access denied.
In order to make it through:


I have added a farm account into Local Administrator group.(Btw, it goes against the Best Practices)


I have logged  as a farm account on the server  where Central Administration is running.


Vuala!


P.S.


As I understand the _admin/Server.aspx, it shows you the services that are running on the server and you can manage them. And because these services are really running on this box, I would say it makes sense to restrict the use of page only to local administrators.
The question is arising, why would you login as a farm account to manage services on server? And again I can see the reason behind it. For example, for user profile synchronization I heard it's needed to login as a farm account to start the service.