This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
I am encountering significant issues with Azure AD Connect synchronization between our on-premises Active Directory and Azure AD. The sync status shows enabled, but the last sync was more than one day ago. Password hash synchronization fails with the following error:
Password hash synchronization health task failed during ping operation. Details:
System.InvalidOperationException: An error occurred, SynchronizationEngineManagedHandle.cpp(190), code 80004005,
BAIL: MMS(15828): ..\PasswordHashSync.cpp(748): 0x80004005 (Unspecified error)
Azure AD Sync 2.3.6.0
at SynchronizationEnginePasswordHashSyncManagedHandle.Ping(String state)
at Microsoft.Online.PasswordSynchronization.Fim.FimNotificationManager.Ping(String forestInfo, TimeSpan interval)
at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetryT
at Microsoft.Online.PasswordSynchronization.HealthTask.SynchronizeCredentialsToCloud()
<forest-info>
<partition-name>INTERN.__________.__</partition-name>
<connector-id>7b9e921d-8ce6-44c3-8442-c02300994cb3</connector-id>
</forest-info>
The server encountered an unexpected error while processing a password change notification:
"AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: 33cf2e6c-2754-4f2d-b5d0-a4ac53192400 Correlation ID: faa03b1a-58b8-4e3e-a265-043cb3789063 Timestamp: 2024-06-03 14:18:02Z
at InitializeAndGetTargetExtension(Object lockObject, TargetTaskScheduler taskScheduler, Dictionary`2 targetExtensions, ECMAInformation* ecmaInformation)
at TargetExtensionManager.Ping(TargetExtensionManager* , ECMAInformation* ecmaInformation, Char* state, Int32* result)
InnerException=>
none
Troubleshooting Steps Taken
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Marius Tarau Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello Marius,
Thanks for your question.
Please can you go to Azure and search for your directory sync account as MFA may have been enabled on it. The account should be this format.
Exclude account from all CA policies.
https://learn.microsoft.com/en-us/entra/id-governance/conditional-access-exclusion
Please let me know if you have further questions.
If the above information was useful, please remember to 'Accept Answer'
thanks for the answer, synchronization works fine again :)