Cloud syn agent v 1.1.1586 networking issues contacting on premise agent

Question

Hi everybody,

in have cloud sync running with both, sync from entra to AD (Group write back) and sync from AD to Entra. It runs fine in the last months but after I have checked the local Agent boxes yesterday, I saw trouble with all the agents. In the portal they stated "Provisioning Quarantine" with the error code "HybridSynchronizationTimeoutError"

It is mentioned that the local agents couldn't be contacted. Thats strange for me, because I had it already running in the past.

I followed the guidelines in the mentioned troubleshooting article and I cannot find any related issues with this topic. I checked the tracelogs, event logs, etc. Are there any knows issues with the new agent version 1.1.1586 or any other ideas.

Thanks a lot

Regards

Answer 1

Hello @KlausBierschenk,

Thank you for posting your query on Microsoft Q&A.

Based on your description, you have cloud sync running both from Entra to AD (Group write back) and from AD to Entra, which has been working fine for the past few months with the new agent version 1.1.1586. However, after you checked the local Agent boxes yesterday, you observed issues with all the agents. In the Azure Portal Provisioning logs, the agents are showing "Provisioning Quarantine" with the error code "HybridSynchronizationTimeoutError."

This issue can occur if the agents are not active, not reachable, or busy. To address this, please ensure the agent is running and active. Check the network configuration (firewall and proxy) and performance (CPU, memory, and disk) of the on-premises server.

Regarding your question about known issues with the new agent version 1.1.1586, I have checked internally and can confirm that no such incidents have been reported recently.

To investigate the issue further, please consider the following steps:

1. Check when the issue started and if any changes were made to the network configuration or environment around that time.
2. Verify that the network configuration hasn't changed and that the necessary ports are open for the agents to communicate with Azure.
3. Ensure that DNS resolution is working correctly for the Azure endpoints.

Verify the required open ports

I hope this information is helpful. Please feel free to reach out if you have any further questions.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Thanks,
Raja Pothuraju.

Answer 2

Hi Raja,

thanks for the answers. I have checked the networking and troubleshooting dokumentation. All the adresses are reachable, One thing here is, that I am not sure how can I check accessibility to adresses with a wildcard (e.g. *.msappproxy.net). Can you please give me a hint with this?

One more thing: the entire setup is running on Hyper-V VMs and i have one tenant and two on-prem domains. One is synched with cloud connect (this works perfekt for years now) and the other domain is synched with cloud sync, which makes the trouble now. They are in the same network under same Router/FW conditions. I checked the trace logs on the agent boxes, without any result. But I think, they cannot log something, when the agents are not reachable from Entra. Do you have a hint what I can check next here? I deleted the agent server, and installed new server... I have deleted the entire cloud sync configuration etc. all without result

Thanks a lot.

Best regards

Klaus