Azure AD Provisioning Agent - Object reference is not set to an instance of a object

MPS IT 1 Reputation point
2021-07-01T10:07:55.96+00:00

When trying to configure the Provisioning Agent I keep getting this message:
110869-image.png

Its right after I log in with 365 credentials, and also add the domain using AD domain credentials. Whats also odd is I dont get a configure summary either? Any ideas what I am missing here?

This is from the log:
[10:52:27.352] [ 1] [INFO ]
[10:52:27.399] [ 1] [INFO ] ================================================================================
[10:52:27.399] [ 1] [INFO ] Application starting
[10:52:27.399] [ 1] [INFO ] ================================================================================
[10:52:27.399] [ 1] [INFO ] Start Time (Local): Thu, 01 Jul 2021 10:52:27 GMT
[10:52:27.399] [ 1] [INFO ] Start Time (UTC): Thu, 01 Jul 2021 09:52:27 GMT
[10:52:27.399] [ 1] [INFO ] Application Version: 1.1.359.0
[10:52:27.399] [ 1] [INFO ] Application Build Date: 1915-06-02 19:53:32Z
[10:52:27.446] [ 1] [INFO ] Application Build Identifier: AD-ProvisioningAgent master (fdb67b5b) Microsoft Azure®
[10:52:28.086] [ 1] [INFO ] IsServiceAccountGMSA:: Checking if service account is gmsa
[10:52:28.102] [ 1] [INFO ] Get current service credentials.
[10:52:28.455] [ 1] [INFO ] IsServiceAccountGMSA:: Service account: middlewichpri.local\provAgentgMSA$ is a gmsa.
[10:52:34.498] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Launching Login form.
[10:52:47.731] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Login complete for helpdesk@middlewichpri.cheshire.sch.uk. Validating Global Admin status.
[10:52:48.699] [ 13] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Checking for Global Admin role for helpdesk@middlewichpri.cheshire.sch.uk.
[10:52:48.965] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel. Validation complete. Transitioning to the next page.
[10:52:48.981] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.TestConnectivityAndGetDomains in Page:"Connect Active Directory"
[10:52:48.981] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:273
[10:53:10.604] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.ValidateAndAddCredentials in Page:"Connect Active Directory"
[10:53:10.655] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:3123
[10:53:10.659] [ 11] [INFO ] ConfigureActiveDirectoryPageViewModel:ValidateDirectoryConnection:
[10:53:10.659] [ 11] [INFO ] Domain=middlewichpri.local
[10:53:10.659] [ 11] [INFO ] Username=middlewichpri\bd
[10:53:31.933] [ 11] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[10:53:31.933] [ 11] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - middlewichpri.local
[10:53:32.151] [ 11] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if middlewichpri\bd has AccountEnterpriseAdminsSid privileges in middlewichpri.local
[10:53:32.386] [ 11] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-3102522887-3946707510-512379287, group sid - S-1-5-21-3102522887-3946707510-512379287-519
[10:53:32.401] [ 11] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[10:53:32.479] [ 11] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[10:53:32.479] [ 1] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.<>c__DisplayClass44_0.<ValidateAndAddCredentials>b__0()
at Microsoft.ActiveDirectory.SynchronizationAgent.Setup.App.SafeInvokeAction(Action action)
[10:53:57.445] [ 1] [INFO ] Opened log file at path C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace\trace-wizard-20210701-105227.log

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,467 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,551 Reputation points
    2021-07-14T09:24:40.267+00:00

    Hello @MPS IT ,

    Apologies for the delay in response and all the inconvenience caused because of the issue.

    Are you trying to setup new sync provisioning agent or trying to configure existing setup by running wizard from desktop?

    I did research on this issue and found out that there are n number of reasons which might lead to System.NullReferenceException: Object reference not set to an instance of an object .

    Here are few of them which might be helpful:

    • AD domain's account which you used, might not have approprioate access when you add new domain from synchronziation wizard or migth contains invalid credentials.
    • Verify if there is any replication issue between Domain controllers and Azure AD privisioning server, use ADConnectivityTools which validation consists of the following steps:

    Get Domain FQDN (fully qualified domain name) object
    Validate that, if the user selected ‘Create new AD account’, these credentials belong to the Enterprise Administrators group
    Get Forest FQDN object
    Confirm that at least one domain associated with the previously obtained Forest FQDN object is reachable
    Verify that the functional level of the forest is Windows Server 2003 or greater. etc..,

    **Examples: ** 

          Confirm-TargetsAreReachable -Forest "TEST.CONTOSO.COM"  
  Confirm-NetworkConnectivity -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM" -Verbose  
  Confirm-TargetsAreReachable -Forest "TEST.CONTOSO.COM" -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM"  
  Confirm-ValidDomains -Forest "test.contoso.com" -RunWithCurrentlyLoggedInUserCredentials -Verbose  
  Confirm-ValidEnterpriseAdminCredentials -DomainName test.contoso.com -Verbose  
  Confirm-ValidEnterpriseAdminCredentials -RunWithCurrentlyLoggedInUserCredentials -Verbose

    You can find reference information on the functions in the DConnectivityTools Reference

    • If you are using GMSA Service account then makesure it has permission to AD domain that you are adding.

    I do understand that you might have already gone through few of these steps mentioned above to troubleshoot the issue and these may or may not be helpful. Azure Support is the best resource I will recommend to help you out with this issue . They might have required tools and expertise to check on same. If you have a Support Plan I would request you to open a Support Ticket. If not do let me know I can help out with one time free technical Support for you.

    Hope it helps!!!

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.