Share via

Microsoft Server rejecting connection when installing Entra ID sync on domain controller

John McCormack 0 Reputation points
2024-05-31T06:45:39.0333333+00:00

I've created a new Server 2019 domain controller for Entra ID sync as my other domain controllers failed to load the Entra ID sync software properly, local authentication issues with the sync service and gMSA account.

The new domain controller is only has RSAT Powershell added and TLS 1.2 forced by registry. The firewall is off. The proxy is off and Windows is set to proxy off.

When at the "Connect Microsoft Entra ID" page of the AADConnectProvisioningSetup installer I press authenticate and get the error:

extendedMessage: An error occurred while sending the request. | Unable to connect to the remote server | No connection could be made because the target machine actively refused it 
20.190.167.149:443 
webException: Unable to connect to the  to the remote server
STS endpoint: https//login.windows.net/common

Ping to the 20.190.167.149 IP address returns a response. The STS endpoint TLD responds but the /common URL does not respond to my requests.

Can anyone help diagnose the issue?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Server | User experience | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. John McCormack 0 Reputation points
    2024-06-07T01:36:03.36+00:00

    I wasted many hours trying to make this tool work. It was trying to contact IP addresses not in the defined whitelisted ranges supplied by Microsoft and not resolving to reserved DNS servers.

    After excluding the DC from my proxy the tool worked fine, until I tried to import users using the cloud console, then it failed again. This last week has been a nightmare of bugs and undocumented issues. It's apparent that customers are being used as Microsoft beta testers again.

    I loaded the older Azure AD Connect tool and it worked first time, with no errors, and synced correctly from behind my proxy.

    To anyone reading this trying to install/configure/provision the cloud sync tool and having many explainable errors despite having gone over everything multiple times... it's not you. It really is extremely buggy. It'd be humorous if it wasn't a multi-trillion dollar software company pushing this junk as ready to use.

    Was this answer helpful?

  2. Jing Zhou 7,805 Reputation points Microsoft External Staff
    2024-06-03T08:47:14.1666667+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    To further troubleshoo this issue, please kindly try below steps:

    1.Go to event viewer and check if there's event 7041 in the system log.

    2.Check if the service acount has proper permission to run the service.

    3.Check the network connection from this DC to STS endpoint: https//login.windows.net/common by ping/telnet command.

    4.Please run network monitor or wireshark when executing step 3 and check if there's any insights in the network trace capture.

     

    Best regards,

    Jill Zhou

     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

     

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.