This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 5%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
We are running a multi-forest trusted environment (3 forests, 1 domain each) that uses one AD Connect to a single Microsoft 365 tenant.
We've recently encountered an issue where passwords are not sync'ing either way between on-prem and AAD.
Checking the Event Logs on the ADConnect domain controller we see a Password Hash Synchronization problem with one of the domains. The other two domains are working properly with no errors.
The 611 Event Viewer error we're getting is:
Password hash synchronization failed for domain: [omitted.domain2], domain controller hostname: <not available>, domain controller IP address: <not available>. Details: Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: [omitted.domain2]. Error: An exception occurred while attempting to resolve the hostname/ipaddress 10.20.0.12. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: An exception occurred while attempting to resolve the hostname/ipaddress 10.20.0.12. ---> System.Net.Sockets.SocketException: No such host is known
The domain that's encountering the PHS errors was recently configured with IP addresses of domain controllers (10.20.0.12 in the above error excerpt) and to "Only use preferred domain controllers" in 'Connectors -> On-prem connector -> Configure Directory Partitions -> Domain controller connection settings' in the Syncrhonization Service Manager, but we've changed it back to 'auto' (unticked "Only use preferred domain controllers" and removed the IP addresses).
The error is still occurring even after reverting back to the 'auto' configuration.
We have not configured the domain controller IP addresses anywhere else within AD Connect.
How do we resolve this error?
We're not sure where to go from here to get the passwords sync'ing between on-prem and AAD.
Please help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 82%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Disregard. I see your reply to the answer. It was hidden
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 93%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
I also had this issue. Turned out the problem was an older DC that was not denoted but offline. This older DC was the primary DC with all the FSMO roles, before we migrated to the new DC.
I had to boot up the old DC and set is a the preffered DC in the settings of the failing connector.
Now I wonder if it is safe to denote the old DC. Or if connect will break again.
IAs alwasy, ensure you are running the latest version:
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/pwd-hash-sync-stops-work
One option that may pop it:
Try unchecking the PHS option in AADConnect , saving and then re-enabling.
Disabling and re-enabling the PHS option in AADConnect fixed the issue.
Thanks!
Still having the issue. Just want to verify I am disabling and enabling the password hash synchronization correctly.
Launch AAD Connect
Click Configure
Click Change user sign-in
Select Do not configure under Select the Sign on method
Click Next
Click Configure
Click Exit
Relaunch and Re-enable PHS
Hi KAM,
I re-enabled PHS this way:
If that doesn't work, try rebooting the server and repeat the process.
Unfortunately that did not work for me. I appreciate the response. I guess I need to re-install it
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 67%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
Hi KAM
May I know if you resolved this issue?