Azure Adconnect 0030 issue but write back is successful.

Claus, Frank 40 Reputation points
2023-01-26T20:44:15.3866667+00:00

We are using Adconnect verison 2.1.20.0

We have recently enabled write back.

When I perform a Self Service Password reset from Azure the Password on prem changes successfully.

The issue is that the browser implies and states a connectivity issue and does not display a success message to the user.

I am getting SSPR_0030 error within the browser.

I have done all the basic Permissions work, restarted AD sync service, Disabled and re enabled write back.

None of this fixes the browser message issue.

I have handed over trace files to MS and they say communication between our site and Azure is ok.

They are now suggesting a complete re install of adconnect.

Has anybody experienced this?

ssprfailurer0030_1

ssprfailurer0030_2

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments
Accepted answer
  1. Andy David - MVP 141.6K Reputation points MVP
    2023-01-27T13:48:44.1966667+00:00

    Hi, would it be possible to bring up a new AADConnect server and see if the problem continues?

    You could do a swing migration and export/import the current config and it wouldnt disrupt the existing server:

    [https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-upgrade-previous-version#swing-migrationhttps://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-upgrade-previous-version#swing-migration

    [https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-confighttps://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-config

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,511 Reputation points
    2023-01-26T22:11:20.84+00:00

    Hi,

    It seems a network issue between adconnect server and the URL: passwordreset.microsoftonline.com

    Check if adconnect can reach the URL above through the port 80 and 443.

    Below the list of all required URL for adconnect:

    Microsoft 365 Common and Office Online

    Please don't forget to mark helpful answer as accepted

  2. Rohit Kumar Sinha 1,321 Reputation points
    2023-01-27T14:06:53.81+00:00

    Are you getting this error for the 1st time password is reset or on subsequent attempts , also please check the On Prem AD domain policy for Minimum password age , it should be set to 0 for SSPR to work without issues.

  3. Limitless Technology 43,941 Reputation points
    2023-02-01T11:01:08.93+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query.

    The error message SSPR_0030 that you are seeing in the browser suggests that there is an issue with the connectivity between the Azure Active Directory Connect (ADConnect) and the on-premises Active Directory during a self-service password reset (SSPR).

    The error message can be caused by various reasons such as:

    1. Network connectivity issues: There may be an issue with the network connectivity between the Azure AD Connect server and the on-premises Active Directory.
    2. Configuration issues: There may be an issue with the configuration of the ADConnect or the SSPR settings.
    3. Authentication issues: There may be an issue with the authentication of the user performing the SSPR.
    4. Incorrect version: If you're using an incorrect version of AdConnect, it could lead to this error.
    5. Missing prerequisites: SSPR feature requires specific prerequisites.

    To troubleshoot the issue, you can try the following steps:

    1. Check network connectivity: Verify that the Azure AD Connect server has connectivity to the on-premises Active Directory.
    2. Review the ADConnect and SSPR configuration: Verify that the ADConnect and SSPR settings are configured correctly.
    3. Check the authentication: Verify that the user performing the SSPR has the correct permissions and that the authentication settings are correct.
    4. Verify the version: Verify that you're using the correct version of ADConnect and that it is compatible with the SSPR feature.
    5. Check for missing prerequisites: Verify that the SSPR feature requirements are met.
    6. Check the ADConnect and Azure AD logs: Check the ADConnect and Azure AD logs for any errors or warnings that may provide additional information about the issue.

    It's also recommended to check the ADConnect and Azure AD documentation for any known issues or requirements related to the version you're using.

    You can also check for any updates for the ADConnect version and see if it resolves the problem.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments