Azure AD Connect - cannot retrieve single sign-on status

S. ONeal 5 Reputation points
2023-05-19T20:53:47.64+00:00

Hi,
I am getting this error all the sudden. I am using the latest version of Azure AD Connect .

MFA is disabled for my global admin account since that what I seen people do online which did not resolve the issue. Any other ideas?

sync works with no errors. I just cant add additional OU to sync, get stuck on the "single sign-on" tab and get the error.

error

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} vote

4 answers

Sort by: Most helpful
  1. Konstantinos Passadis 19,591 Reputation points MVP
    2023-05-19T21:00:15.6266667+00:00

    Hello @S. ONeal !

    Welcome to Microsoft QnA!

    Please verify that the AAD Sync Account is also free from MFA .

    To do that you may need to go to Azure AD and in Security verify Security Defaults are not enabled

    Screenshot of the Azure portal with the toggle to enable security defaults

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards


  2. Konstantinos Passadis 19,591 Reputation points MVP
    2023-06-27T14:14:07.84+00:00

    Hello @S. ONeal

    Can you please verify that the Computer running Ad Connect has TLS 1.2

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-tls-enforcement

    Please take some time to to this and come back with any feedback!

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards


  3. nettech 171 Reputation points
    2025-01-25T23:41:06.8566667+00:00

    For anyone looking for a solution to this problem, in my case the Identity Source of my Global Azure Administrator account was Microsoft, I created a new Global Admin using mydomain.onmicrosoft.com as identity source and removed the other global admin from Microsoft identity.

    I was able to enable SSO using the new Global Admin with is MFA enabled and Security defaults are Enabled

    0 comments No comments

  4. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.