I installed FIM client extensions on a Win 7 box. All seemed to go well, until the very end when the service was starting. It never did, ugh.
Not much on this, except make sure the Network Service account had the correct perms on the machine.config file. But which one? There's four, so I gave it full perms on all four; a security violation? ahhh this was a dev environment anyways. That didn't fix the problem, so what's next.
I did realize the client box was a VM and pretty slow, so I changed the service time-out from 30 seconds (default) to 60 seconds. here's the blog on that one, if you want to try it yourself. This just caused the slow failure to go even slower... Strike 2.
After thinking about it, I remembered in the past having issues with services not starting if there was no internet connection. This was true - my dev environment had no internet connection, so I went back and found some notes on this topic. But then I also remembered there was an IE trick I learned from a buddy (thanks Frank Drewes!) the idea is to just turn off CRL checking directly in IE. This was straight-forward and easy to do. Caveat: not really the best for a permanent solution as this is a per user setting. So if this client reboots it'll probably time out again. But if this works then you solved the mystery!
After doing this the service started right up. Time for a beer.
Hopefully this'll help out others in the same boat.