We were recently making changes to our FIM environment where our Forefront Identity Manager boxes required restarts. With FIM we’re always making changes in our Development kit before moving into production (which is something everyone should try do). We quickly found that we couldn’t get back into the FIM portal and taking a quick look at the services management console we could see the FIM Service as stopped. We had already set it to delayed start in the beginning of the setup as we found it had a much more reliable rate of starting up in our particular environment.
After some Google-fu and digging through event logs seeing entries such as simply The service did not respond to the start or control request in a timely fashion. You may also get Error 1920. Service ‘Forefront Identity Manager Service’ (FIMService) failed to start. Verify that you have sufficient privileges to start system services. Or A timeout was reached (30000 milliseconds) while waiting for the Forefront Identity Manager Service to connect. Basically, one of the main reasons for this service not starting is around .Net verifying the Authenticode signatures for the FIM service. To try and mitigate the service timeouts we can increase how long the OS is going to wait before issuing an error by adding the following registry key onto the FIM box.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control Name: ServicesPipeTimeout Type: REG_DWORD Value (decimal): 60000
You could also go and disable the .Net Authenticode check by following the instructions at http://social.technet.microsoft.com/wiki/contents/articles/13946.fim-troubleshooting-fim-service-start-up-timeout.aspx.
Leave a Reply