Failed to decrypt connection password for ConnectionForectName. Please refresh connection credentials

Question

I am trying to configure User Profile Service using AD Import on SharePoint 2016. I am able to create synchronization connection but when I run full synchronization, I get error:

Failed to decrypt connection password for ConnectionForectName mydomain.com', ConnectionUserName 'mydomain\UserProfileSync'. Please refresh connection credentials.

This user UserProfileSync has Replicating Directory Changes permission as per infrastructure team. But I will double check it so may be this is the cause of this error?

But it doesn't make any sense because when creating a new synchronization connection, I didn't receive any password error and it is only happening after connection is create and I run synchronization job.

Couple of questions:

1. I remember in SharePoint 2013, farm service account needs to be in local administrator group for User Profile Service to work. Is it still the same case in SharePoint 2016? Because my farm service account is not part of local administrator group.

2. When creating User Profile Service Application, I noticed that User Profile Service on SharePoint is stopped. Is it supposed to automatically start when I create a new service application?

EDIT

By the way service didn't start after I created service application so do I need to start it before creating service application?

Answer 1

It’s not necessary to farm service account needs to be in local administrator group, make sure the user profile synchronization account have Replicate Directory Changes on the domain.

After you created User Profile Service Application and then run the full sync, whether the user profile service and User Profile Synchronization Service are started? If not, you need to start them manually.

If the issue still exists, I recommend you re-write the user account and password in the connection, and check if the user password is change in the domain.