no-start-credentials Azure AD Connect

Question

After performing a fresh install of Azure AD Connect, and having healthy synchronization for over a week, today an error caused synchronization to stop. The status is no-start-credentials and the incidents Status lists failed-authentication - Invalid Credentials Error Code 0x31. I have come across this article "https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-addsacct-pass" but during the install I did not create the account that I see in the properties of the on prem connector. This account starts with MSOL and the password field is empty. I am pretty sure this account was created automatically during the install and I can confirm that no changes were made to this account and it is not disabled. I know I can change the password for this account and assume that it will work but I am unsure what could have changed to cause these credentials to fail. Has anyone seen this issue before?

Answer 1

@jpcapone In most of the scenarios where someone resets the password for this account, results in this kind of issue. The account is created during the express install with a long complex password that does not expire. To resolve this you would either need to rerun the installation wizard (if the new password is not known), or update the correct password in the connector if someone has changed it.

It is highly unlikely that it will stop working without any changes made. To find what might have happened, you can open a support case with us to investigate further.
You can learn more about the accounts used in AAD Connect here.
You can also update the sync service with a new password for ADDS account.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.