I've been trying to get Azure AD Connect Health Sync working for the past couple of days on a Windows Server 2012 R2 VM, and have just had no luck. During Azure AD Connect it tells me that the health check is broken. Okay, fine, I'll do the usual checks.
> Test-AzureADConnectHealthConnectivity -Role Sync
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...
Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://login.windows.net
Endpoint validation for https://login.windows.net is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/policymanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
Connectivity Test Step 1 of 3 - Testing dependent service endpoints completed successfully.
Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
Unhandled exception occurred: System.Security.Cryptography.CryptographicException: The parameter is incorrect.
at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.LoadIdentityInfo()
at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProcedure()
at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.ProcessRecord()
Okay. So I try uninstallling AAD Connect, wiping the VM, reinstalling 2012 R2 from scratch, Windows Updates, re-installing AAD Connect, and... still broken. Based on some searches, I run the AAD Network tool to see if I have any network issues, and it comes back clean. So what gives?
- There's nothing else installed on the VM.
- It's on a private network, but there's no outgoing firewall, no proxy.
- This is for a Microsoft 365 setup.
- Version 3.1.71.0 of the Health agent for sync.