Azure AD Connect - Password Hash Synchronization - Error 611 - domain controller hostname: <not available>

Shuli Fang 20 Reputation points

We are running a multi-forest trusted environment (3 forests, 1 domain each) that uses one AD Connect to a single Microsoft 365 tenant.

We've recently encountered an issue where passwords are not sync'ing either way between on-prem and AAD.

Checking the Event Logs on the ADConnect domain controller we see a Password Hash Synchronization problem with one of the domains. The other two domains are working properly with no errors.

The 611 Event Viewer error we're getting is:

Password hash synchronization failed for domain: [omitted.domain2], domain controller hostname: <not available>, domain controller IP address: <not available>. Details:  Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: [omitted.domain2]. Error: An exception occurred while attempting to resolve the hostname/ipaddress ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: An exception occurred while attempting to resolve the hostname/ipaddress ---> System.Net.Sockets.SocketException: No such host is known

The domain that's encountering the PHS errors was recently configured with IP addresses of domain controllers ( in the above error excerpt) and to "Only use preferred domain controllers" in 'Connectors -> On-prem connector -> Configure Directory Partitions -> Domain controller connection settings' in the Syncrhonization Service Manager, but we've changed it back to 'auto' (unticked "Only use preferred domain controllers" and removed the IP addresses).

The error is still occurring even after reverting back to the 'auto' configuration.

We have not configured the domain controller IP addresses anywhere else within AD Connect.

How do we resolve this error?

We're not sure where to go from here to get the passwords sync'ing between on-prem and AAD.

Please help.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,646 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 130.9K Reputation points MVP

    IAs alwasy, ensure you are running the latest version:

    One option that may pop it:

    Try unchecking the PHS option in AADConnect , saving and then re-enabling.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful