Error installing Azure AD Connect

Question

Error installing Azure AD Connect

NunoMariano-8843 20

Oct 9, 2023, 11:41 AM

Hi,

We had "successfully" running AD Connect 2.0.3.0 (password hash sync) with 50 on-premises AD endpoints.

We are installing a staging server with 2.2.1.0 and importing a 2.1.1.0 configuration file with only 2 endpoints.

When we trying to connect to the directories this error appears:

User's image

On the ADConnectivityTool log we can see:

[09/10/2023 12:30:56] [INFO ] Starting NetworkConnectivityDiagnosisTools [09/10/2023 12:30:56] [INFO ] Verifying that 'domain.local' exists [09/10/2023 12:30:56] [SUCCESS] domain.local exists [09/10/2023 12:30:56] [INFO ] Verifying if the provided credentials are correct [09/10/2023 12:30:56] [INFO ] Attempting to obtain a domainFQDN [09/10/2023 12:30:56] [INFO ] Attempting to retrieve DomainFQDN object... [09/10/2023 12:30:56] [SUCCESS] The provided credentials were correct [09/10/2023 12:30:56] [INFO ] Attempting to obtain Domain Controllers associated with domain.local [09/10/2023 12:30:56] [INFO ] Obtaining ForestFQDN [09/10/2023 12:30:56] [INFO ] Attempting to retrieve ForestFQDN... [09/10/2023 12:30:59] [SUCCESS] ForestFQDN Name is: domain.local [09/10/2023 12:30:59] [INFO ] Attempting to retrieve domain: domain.local [09/10/2023 12:30:59] [INFO ] Please ensure that the domain: domain.local is reachable. Otherwise install using "Custom" option and provide user created account to proceed with unreachable domain(s).

Any suggestions?

Thanks in advance.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Michael Smith 2,926 Reputation points Microsoft Employee

Oct 9, 2023, 2:23 PM

Hi NunoMariano-8843,

Thank you for contacting the community regarding your issue.

The error you posted suggests the account you are using does not have the rights to view the schema.

Can you please confirm the domain account you are using is an enterprise admin for the root domain?

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-accounts-permissions#express-settings-wizard
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
NunoMariano-8843 20 Reputation points

Oct 9, 2023, 3:23 PM

Hi Michael Smith-MSFT,

Please check the update i've just posted, but we use the same credentials if installing 2.0.3.0 without problems.

Does the requirements have changed since 2.0.3.0 ?

Accepted answer

0 additional answers

Your answer

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Michael Smith 2,926 Reputation points Microsoft Employee

Oct 9, 2023, 2:23 PM

Hi NunoMariano-8843,

Thank you for contacting the community regarding your issue.

The error you posted suggests the account you are using does not have the rights to view the schema.

Can you please confirm the domain account you are using is an enterprise admin for the root domain?

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-accounts-permissions#express-settings-wizard
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
NunoMariano-8843 20 Reputation points

Oct 9, 2023, 3:23 PM

Hi Michael Smith-MSFT,

Please check the update i've just posted, but we use the same credentials if installing 2.0.3.0 without problems.

Does the requirements have changed since 2.0.3.0 ?

Answer 1

Hi NunoMariano,

I based my reply from your update with the following errors.

Error 0x31 is and LDAP error for invalid credentials.

14:57:22.165] [104] [INFO ] SyncDataProvider: Calling refresh schema on connector domain.local

[14:57:23.124] [104] [ERROR] ConfigSyncDirectoriesPage: Caught exception while creating the connector for directory: domain.local.

Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2023-10-09 13:57:22.337</date><server>domain.local:389</server><cd-error><error-code>0x31</error-code>

<error-literal>Invalid Credentials</error-literal>

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/a465ae57-5f89-4539-88b3-90cf37a5ae06

490x31invalidCredentialsinvalidCredentialsLDAP_INVALID_CREDENTIALSERROR_LOGON_FAILUREWhat Active Directory membership does the credentials you are using have?

Please ensure you have the correct username and password and add the account to Enterprise Admin group for the root domain.

NunoMariano-8843 20 Reputation points

Oct 11, 2023, 8:23 AM

Hi Michael Smith-MSFT,

The user is Enterprise Admin and we use the same credentials that works when installing version 2.0.3.0.
Michael Smith 2,926 Reputation points Microsoft Employee

Oct 11, 2023, 8:36 AM

Hi NunoMariano,

Please send an email to 'AzCommunity@microsoft.com' with Sub - Attn: michaesmith and following details in the email body:

Link to this thread/post

We can connect offline and discuss further on this.

Share via

Error installing Azure AD Connect

0 additional answers

Your answer