2,119 questions
Azure ADSync service not starting - Invalid user and password
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 62%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Eric Logsdon
81
Reputation points
We are running AD servers in prem on Windows Server 2022. We have a VNET in Azure that has a third AD server. Azure ADSync Service (V2.3.8.0) runs on one of the AD servers on prem.
This morning, I received this e-mail:
You’re receiving this email because we have detected a critical alert on one of your AadSyncService instances.
Title Password Hash Synchronization heartbeat was skipped in last 120 minutes.
Description Password Hash Synchronization has not connected with Microsoft Entra ID in the last 120 minutes. As a result passwords will not be synchronized with Microsoft Entra ID. Please refer to: Troubleshoot Password Hash Synchronization
Raised July 11, 2024 2:54 UTC
Recommended action
Restart Microsoft Entra Sync Services:
Please note that any synchronization operations that are currently running will be interrupted. You can choose to perform below steps when no synchronization operation is in progress.
- Click Start, click Run, type Services.msc, and then click OK.
- Locate Microsoft Entra Sync, right-click it, and then click Restart.
If FIPS compliance is enabled for your machine(s), please disable password hash sync to remediate this alert. Password hash sync is currently not supported for FIPS compliant machines.
To check health of your services monitored by Microsoft Entra Connect Health, visit the Microsoft Entra Connect Health Portal.
If you no longer wish to receive these notifications, read the instructions for updating your settings. Only global administrators can change settings.
We are not set to be FIPS compliant, so I restarted the Sync Service (it was showing as running). The restart failed with an event 7038
The ADSync service was unable to log on as Domain\MSAUser with the currently configured password due to the following error:
The user name or password is incorrect.
Most of the information I've found says to uninstall and reinstall ADSync Services. Is this the best course of action or is there something else I should look at. Since sync is not working at all right now, I'm a little nervous.
Thanks in advance,
Eric.
{count} votes
-
Eric Logsdon 81 Reputation points
2024-07-11T14:58:07.5333333+00:00 Corrected the original post formatting.
Sign in to comment