Hi All,
I am facing following issue when I try to configure on-premises application provisioning option and getting following error when configuring authentication part to connect Microsoft Entra ID. I am using windows 2016 server to install the AADConnectProvisioningAgent. I have tried to install agent with or without domain controller but getting same error in both. I thought the provisioning agent might require domain controller or domain-joined server.
It would be highly appreciated your guidance and solution on this issue. Your quick response would be great.
[14:39:59.801] [ 1] [INFO ]
[14:39:59.801] [ 1] [INFO ] ================================================================================
[14:39:59.801] [ 1] [INFO ] Application starting
[14:39:59.801] [ 1] [INFO ] ================================================================================
[14:39:59.801] [ 1] [INFO ] Start Time (Local): Thu, 14 Mar 2024 14:39:59 GMT
[14:39:59.801] [ 1] [INFO ] Start Time (UTC): Thu, 14 Mar 2024 14:39:59 GMT
[14:39:59.801] [ 1] [INFO ] Application Version: 1.1.1373.0
[14:39:59.801] [ 1] [INFO ] Application Build Date: 1907-10-20 19:15:35Z
[14:39:59.801] [ 1] [INFO ] Application Build Identifier: AD-ProvisioningAgent master (c3b5090504d0408c6f6d1cb7a836d376b86f50eb) Microsoft Azure®
[14:39:59.895] [ 1] [INFO ] Registry flag 'UseAdalAuthentication' set to 'False'. Using MSALAuthenticationProvider for AzureAuthentication.
[14:40:00.255] [ 1] [INFO ] IsServiceAccountGMSA:: Checking if service account is gmsa
[14:40:00.255] [ 1] [INFO ] Get current service credentials.
[14:40:00.333] [ 1] [INFO ] IsServiceAccountGMSA:: Service account: NT SERVICE\AADConnectProvisioningAgent is not gmsa. SamAccountName does not end with '$'.
[14:40:04.801] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Launching Login form.
[14:40:04.817] [ 8] [INFO ] Authenticate-MSAL: acquiring token using interactive authentication.
[14:40:04.832] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] MSAL MSAL.Desktop with assembly version '4.49.1.0'. CorrelationId(3cc3584f-85f1-41c7-b145-9ec58b3ce7f1)
[14:40:04.848] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
[14:40:04.848] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1]
=== Request Data ===
Authority Provided? - True
Scopes - https://proxy.cloudwebappproxy.net/registerapp/user_impersonation
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
[14:40:04.864] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] === Token Acquisition (InteractiveRequest) started:
Scopes: https://proxy.cloudwebappproxy.net/registerapp/user_impersonation
Authority Host: login.windows.net
[14:40:04.864] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] [Instance Discovery] Instance discovery is enabled and will be performed
[14:40:04.864] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] [Region discovery] Not using a regional authority.
[14:40:04.879] [ 8] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:04Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Fetching instance discovery from the network from host login.windows.net.
[14:40:05.192] [ 11] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:05Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Authority validation enabled? True.
[14:40:05.192] [ 11] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:05Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Authority validation - is known env? True.
[14:40:05.207] [ 11] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:05Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Using legacy embedded browser.
[14:40:22.237] [ 12] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] [Legacy WebView] Redirect URI was reached. Stopping WebView navigation...
[14:40:22.315] [ 9] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] An authorization code was retrieved from the /authorize endpoint.
[14:40:22.315] [ 9] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Exchanging the auth code for tokens.
[14:40:22.331] [ 9] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
[14:40:22.639] [ 13] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Response status code does not indicate success: 400 (BadRequest).
[14:40:22.639] [ 13] [WARN ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Request retry failed.
[14:40:22.639] [ 13] [INFO ] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] HttpStatusCode: 400: BadRequest
[14:40:22.639] [ 13] [ERROR] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] === Token Acquisition (1005) failed.
Host: login.windows.net.
[14:40:22.654] [ 13] [ERROR] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Exception type: Microsoft.Identity.Client.MsalUiRequiredException
, ErrorCode: invalid_grant
HTTP StatusCode 400
CorrelationId 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1
[14:40:22.654] [ 13] [ERROR] MSAL: False MSAL 4.49.1.0 MSAL.Desktop 4.7.2 Windows Server 2016 Datacenter [2024-03-14 14:40:22Z - 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1] Exception type: Microsoft.Identity.Client.MsalUiRequiredException
, ErrorCode: invalid_grant
HTTP StatusCode 400
CorrelationId 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponseT
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__11`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
[14:40:22.654] [ 8] [ERROR] Authenticate-MSAL: unexpected authentication failure [invalid_grant] - AADSTS500202: User account '{EUII Hidden}' from external identity provider 'live.com' is not supported for API version '2.0'. Microsoft account pass-thru users and guests are not supported by the tenant-independent endpoint. Trace ID: eee7576c-3706-4ef9-8f2f-68b7865e4400 Correlation ID: 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1 Timestamp: 2024-03-14 14:40:22Z.
[14:40:22.654] [ 8] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Authentication exception - AADSTS500202: User account '{EUII Hidden}' from external identity provider 'live.com' is not supported for API version '2.0'. Microsoft account pass-thru users and guests are not supported by the tenant-independent endpoint. Trace ID: eee7576c-3706-4ef9-8f2f-68b7865e4400 Correlation ID: 3cc3584f-85f1-41c7-b145-9ec58b3ce7f1 Timestamp: 2024-03-14 14:40:22Z
[14:40:22.670] [ 1] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.FormatException: Input string was not in a correct format.
at System.Text.StringBuilder.FormatError()
at System.Text.StringBuilder.AppendFormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.FormatHelper(IFormatProvider provider, String format, ParamsArray args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at Microsoft.Online.Deployment.Framework.UI.Controls.TextBlock.DynamicTextBlock.DynamicTextBlockDataContextChanged(Object sender, DependencyPropertyChangedEventArgs e)
at System.Windows.FrameworkElement.RaiseDependencyPropertyChanged(EventPrivateKey key, DependencyPropertyChangedEventArgs args)
at System.Windows.FrameworkElement.OnDataContextChanged(DependencyObject d, DependencyPropertyChangedEventArgs e)
at System.Windows.DependencyObject.OnPropertyChanged(DependencyPropertyChangedEventArgs e)
at System.Windows.FrameworkElement.OnPropertyChanged(DependencyPropertyChangedEventArgs e)
at System.Windows.DependencyObject.NotifyPropertyChange(DependencyPropertyChangedEventArgs args)
at System.Windows.DependencyObject.UpdateEffectiveValue(EntryIndex entryIndex, DependencyProperty dp, PropertyMetadata metadata, EffectiveValueEntry oldEntry, EffectiveValueEntry& newEntry, Boolean coerceWithDeferredReference, Boolean coerceWithCurrentValue, OperationType operationType)
at System.Windows.DependencyObject.InvalidateProperty(DependencyProperty dp, Boolean preserveCurrentValue)
at System.Windows.Data.BindingExpressionBase.Invalidate(Boolean isASubPropertyChange)
at System.Windows.Data.BindingExpression.TransferValue(Object newValue, Boolean isASubPropertyChange)
at MS.Internal.Data.ClrBindingWorker.NewValueAvailable(Boolean dependencySourcesChanged, Boolean initialValue, Boolean isASubPropertyChange)
at MS.Internal.Data.PropertyPathWorker.UpdateSourceValueState(Int32 k, ICollectionView collectionView, Object newValue, Boolean isASubPropertyChange)
at MS.Internal.Data.PropertyPathWorker.RefreshValue()
at MS.Internal.Data.ClrBindingWorker.ScheduleTransferOperation(Object arg)
at MS.Internal.Data.DataBindEngine.ProcessCrossThreadRequests()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)
[14:40:37.046] [ 1] [INFO ] Opened log file at path C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace\trace-wizard-20240314-143959.log