Azure AD Connect - Password Hash Synchronization - Error 611 - domain controller hostname: <not available>

Shuli Fang 25 Reputation points
2023-09-07T02:57:42.06+00:00

We are running a multi-forest trusted environment (3 forests, 1 domain each) that uses one AD Connect to a single Microsoft 365 tenant.

We've recently encountered an issue where passwords are not sync'ing either way between on-prem and AAD.

Checking the Event Logs on the ADConnect domain controller we see a Password Hash Synchronization problem with one of the domains. The other two domains are working properly with no errors.

The 611 Event Viewer error we're getting is:

Password hash synchronization failed for domain: [omitted.domain2], domain controller hostname: <not available>, domain controller IP address: <not available>. Details:  Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: [omitted.domain2]. Error: An exception occurred while attempting to resolve the hostname/ipaddress 10.20.0.12. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: An exception occurred while attempting to resolve the hostname/ipaddress 10.20.0.12. ---> System.Net.Sockets.SocketException: No such host is known

The domain that's encountering the PHS errors was recently configured with IP addresses of domain controllers (10.20.0.12 in the above error excerpt) and to "Only use preferred domain controllers" in 'Connectors -> On-prem connector -> Configure Directory Partitions -> Domain controller connection settings' in the Syncrhonization Service Manager, but we've changed it back to 'auto' (unticked "Only use preferred domain controllers" and removed the IP addresses).

The error is still occurring even after reverting back to the 'auto' configuration.

We have not configured the domain controller IP addresses anywhere else within AD Connect.

How do we resolve this error?

We're not sure where to go from here to get the passwords sync'ing between on-prem and AAD.

Please help.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,702 questions
{count} votes

Accepted answer
  1. Andy David - MVP 147.9K Reputation points MVP
    2023-09-07T11:49:05.55+00:00

    IAs alwasy, ensure you are running the latest version:

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/pwd-hash-sync-stops-work

    One option that may pop it:

    Try unchecking the PHS option in AADConnect , saving and then re-enabling.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.