Migration Azure AD connect

Cech, Matej 51 Reputation points
2022-09-19T10:20:09.827+00:00

Hello,

i want to ask about my problem with migration AAD connect to another machine.

  • i run AAD (v1.4.18.0| on my DC. sync work fine
  • want change instalation of AAD to other DC (cos first will by deprovision)
  • download instalation file from azure.microsoft.com (v2.1.16.0)
  • succesfully instaled.
  • start setting up connect.

connect to azure AD with global admin - succes

connect your directories (after create new AD acc with Enterprise admin acc (without mfa))

ready to configure, start sync check, enble staging mode check

after click install and wait a few minutes than instalation end with error (figure1)
242417-figure1.jpg

then i read trace log and find:

[12:03:17.556] [ 64] [ERROR] ADPowerShellQueyProvider:SearchAdSyncDirectoryObjects Failed to run the ldap search query. Parameter values passed to PowerShell:

ForestFqdn : "my domain"

[12:03:17.557] [ 64] [ERROR] Unable to discover device sync configuration for forest "my domain"

[12:03:17.558] [ 64] [ERROR] Unable to discover device configuration.

[12:05:51.803] [ 62] [ERROR] TestAadConnectivity: Connection Failed to : SecurityTokenService. Exception Details: System.Threading.Tasks.TaskCanceledException: A task was canceled.

[12:06:33.843] [ 62] [ERROR] TestAadConnectivity: Connection Failed to : AdminWebService. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 20.190.137.32:443

Connection out is by proxy server when is allow all urls.

thank you for any advice

matej

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,293 questions
0 comments No comments
{count} vote

Accepted answer
  1. Michael Smith-MSFT 2,916 Reputation points Microsoft Employee
    2022-09-19T10:32:51.683+00:00

    Hi @Cech, Matej

    Its possible the machine.config still needs to be configured to use the proxy

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#connectivity

    If you're using an outbound proxy for connecting to the internet, the following setting in the C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config file must be added for the installation wizard and Azure AD Connect sync to be able to connect to the internet and Azure AD. This text must be entered at the bottom of the file. In this code, <PROXYADDRESS> represents the actual proxy IP address or host name.

    <system.net>
    <defaultProxy>
    <proxy
    usesystemdefault="true"
    proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
    bypassonlocal="true"
    />
    </defaultProxy>
    </system.net>

    Restart the machine after making the changes to be sure and test the configuration again.

    Let me know if this resolves your issue.


2 additional answers

Sort by: Most helpful
  1. JimmySalian-2011 42,166 Reputation points
    2022-09-19T10:26:14.003+00:00

    Hi,

    It seems like a port issue and connectivity to the domain controller blocked somewhere, check this and ports should allowed to communicate from AAD to the DCs.

    reference-connect-ports

    Also test telnet from the AAD to the DCs on all the ports.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  2. Michael Smith-MSFT 2,916 Reputation points Microsoft Employee
    2022-09-19T11:48:22.88+00:00

    Just tested the text outside the configuration tags and it causes the same issue you have.

    Once you have corrected the format as above it should fix the issue.

    Let me know once you have tested it.

    If it does resolve the issue, please accept this as the answer.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.