25,185 questions
Solution.
The problem was the configuration of the network, more precisely, the traffic went out and came back with two different internet providers. After setting the traffic to one ISP, the problem disappeared.
AD Azure Connect installation - Response status code does not indicate suffess 403 (forbidden)
Michał Witwicki
6
Reputation points
Hi, when installing AD Azure Connect I get an error message (Response status code does not indicate suffess 403 (forbidden)). The error appears at the very end during configuration. I have installed AD Azure Connect many times and there was no problem. Has anyone encountered this problem?
Log output:
[13:33:55.689] [ 28] [ERROR] Creation of connector ***.onmicrosoft.com - AAD failed. This may be due to replication delay. Retry timespan exceeded. NOT retrying.
[13:33:55.689] [ 28] [INFO ] Task 'Configure AAD Sync' has finished execution
[13:33:55.689] [ 20] [ERROR] System.Management.Automation.CmdletInvocationException: Response status code does not indicate success: 403 (Forbidden). ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Response status code does not indicate success: 403 (Forbidden).
Microsoft Security | Microsoft Entra | Microsoft Entra ID
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 20,921 Reputation points Microsoft Employee Moderator2023-04-17T08:24:44.3866667+00:00 This error message indicates that the creation of a connector for your Azure AD tenant has failed. This can occur due to a variety of reasons, such as replication delays or network connectivity issues. Here are some steps you can take to troubleshoot this issue:
- Check the status of your Azure AD tenant**1**. You can do this by going to the Azure portal and selecting Azure Active Directory. From there, you can check the status of your tenant and see if there are any issues that may be causing the connector creation to fail.
- Check your network connectivity. Ensure that your network is properly configured and that there are no issues with connectivity between your on-premises environment and Azure.
You can check below article to get required ports and URL's
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports#table-2---azure-ad-connect-and-azure-ad - Retry the connector creation. If the issue is due to replication delays, you can try to create the connector again after waiting for some time. You can also try to create the connector from a different location or network to see if that resolves the issue.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
-
Michał Witwicki 6 Reputation points
2023-04-17T08:43:52.28+00:00 I have one more remark. The local Active directory consists of a short name (domain name: companyA, not companyA.local). Could this be a problem?
-
Sandeep G-MSFT 20,921 Reputation points Microsoft Employee Moderator
2023-04-17T08:46:51.1033333+00:00 This also might be the issue. You can try giving full name instead of short name.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 59%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Michał Witwicki 0 Reputation points2023-04-17T08:49:22.96+00:00 The problem is that the full name consists of one part. There are no dots.
-
Michał Witwicki 6 Reputation points
2023-04-19T11:40:57.99+00:00 - Tenant status is healthy.
- Network is properly configured and that there are no issues with connectivity between your on-premises environment and Azure. The Sync_ account was created automatically in the wizard.
- I tried for 4 days. The same.
-
Sandeep G-MSFT 20,921 Reputation points Microsoft Employee Moderator
2023-05-03T08:21:14.3266667+00:00 Let's try to connect offline to work on this issue.
Please send us an email on azcommunity [at] microsoft [dot] com with Sub - Attn: Sandeg and following details in the email body:
Link to this thread/post
We can connect offline and discuss further on this.
Sign in to comment