SP 2010 User Profile Sync Service Won't start

Issue: SharePoint 2010 User Profile Sync Service won't start. As many are already pulling their hair over the UPA Sync service issues, one of the errors and resolution is as below.

Error:-

02/22/2012 11:49:18.87 OWSTIMER.EXE (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles g4wt High UpdateILMMA: Failed to update password. Exception: {1}.. Available parameters: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime) at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone) at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints) at Microsoft.Office.Server.UserProfiles.Synchronization.MAConfiguration..ctor(Guid resourceIdentifier) at Microsoft.Office.Server.UserProfiles.Synchronization.ILMMAConfiguration..ctor(Guid resourceIdentifier) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.UpdateILMMA(String databaseServerIlm, String databaseInstanceIlm, String databaseName, String domain, String userName, SecureString password) . a4398ace-cf1f-4a23-a976-830806ce4c67

02/22/2012 11:49:18.87 OWSTIMER.EXE (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles 9q17 High UserProfileApplication.SynchronizeMIIS: Failed to configure ILM MA, will attempt during next rerun. Exception: Microsoft.ResourceManagement.WebServices.Client.PermissionDeniedException: Access to the requested resource(s) is denied at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.GetResource(UniqueIdentifier identifier, String[] attributeNames, Nullable`1 resourceTime) at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints, TimeZoneInfo localTimeZone) at Microsoft.ResourceManagement.WebServices.ResourceManager..ctor(UniqueIdentifier resourceIdentifier, String typeName, String[] attributeNames, CultureInfo locale, Boolean includePermissionHints) at Microsoft.Office.Server.UserProfiles.Synchronization.MAConfiguration..ctor(Guid resourceIdentifier) at Microsoft.Office.Server.UserProfiles.Synchronization.ILMMAConfiguration..ctor(Guid resourceIdentifier) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.UpdateILMMA(String databaseServerIlm, String databaseInstanceIlm, String databaseName, String domain, String userName, SecureString password) at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance). a4398ace-cf1f-4a23-a976-830806ce4c67

02/22/2012 11:49:18.87 OWSTIMER.EXE (0x1A10) 0x0AE8 SharePoint Portal Server User Profiles 9i1u Medium UserProfileApplication.SynchronizeMIIS: End setup for 'UserProfileServiceApplication'. a4398ace-cf1f-4a23-a976-830806ce4c67

Log Name:  Application
 
Source: FIMSynchronizationService
Date: 2/22/2012 11:49:18 AM
Event ID: 6331
Task Category: MA Extension
Level: Error
Keywords: Classic
User: N/A
Computer: computer.domain.com
Description:

A update on the configuration of a MA or MV failed to replicate to a target connector directory that is capable of storing MA/MV configurations. As a result, the MA/MV configuration data in this connector directory is not up to date. Please correct the condition that causes the error, and triggers a resync by updating the password information of the target MA.

Additional information:
Error Code: 0x80231317
Error Message: (The management agent failed to validate against the application store with the specified credentials.)
Operation: Clean up MAs
Name of the MA to replicate: 
Name of the target MA: ILMMA
Guid of the target MA: {F2CD610F-9L7E1-45S2-834J-D76734328DFCAC4}

(The management agent failed to validate against the application store with the specified credentials.)
 
Clean up MAs

 

Resolution:-

1. Make sure you are logged into the Server as the UPA Service account.

2. Run RSOP information for account specifically for  'Allow Logon Locally' and 'Deny Logon Locally' GPO.

3. If the User Account is part of any AD group and that Group is added to the "Deny Logon Locally" policy, the UPA Sync service will NOT start.

4. The Service account has to be specifically be part of the "Allow Logon Locally" GPO.