The Entra Connect installer is unable to create the synchronization service account for Azure Active Directory

David Luczak 0 Reputation points
2024-07-18T11:07:14.8633333+00:00

We tried to reinstall the Entra Connect today.

The Entra Connect installer is unable to create the synchronization service account for Azure Active Directory. At least that is what the installer said.

The user was successfully created in Entra but the installer is reporting it was not created.

We have already excluded the account (On-Premises Directory Synchronization Service Account) from conditional access but it still won't install correctly. We also deleted the account and the Entra installer created a new one. But the installer still shows the same error and says he can't create the account.

We also deleted the msol user in our AD and the on-premise use in Azure. We deinstalled the entra connect and reinstalled everything from the start. We are still not able to successfully install Entra connect (the newest version- 3 days old)

We already opend a ticket with microsoft but we can't wait for that. It is the second days now without sync and we starting to get nervous.

Perhaps somebody here could help and point us to the right direction.

Please check the attached screenshots and logfile.

sync-user-azure.png

entra-connect-error.png

log.log

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,166 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Luczak, David 0 Reputation points
    2024-07-24T06:39:02.2766667+00:00

    We could fix the problem with a workaround. We added our proxy to the machine.config that is used during the installation of Entra Connect and that worked.

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

    <system.net>    

    <defaultProxy>

               <proxy

                usesystemdefault="true"

                proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"

                bypassonlocal="true"

                />

          </defaultProxy>

    </system.net>

    0 comments No comments

  2. Givary-MSFT 35,216 Reputation points Microsoft Employee
    2024-07-24T06:43:40.1566667+00:00

    @David Luczak I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: The Entra Connect installer is unable to create the synchronization service account for Azure Active Directory. At least that is what the installer said.

    The user was successfully created in Entra but the installer is reporting it was not created.

    We have already excluded the account (On-Premises Directory Synchronization Service Account) from conditional access but it still won't install correctly. We also deleted the account and the Entra installer created a new one. But the installer still shows the same error and says he can't create the account.

    We also deleted the msol user in our AD and the on-premise use in Azure. We deinstalled the entra connect and reinstalled everything from the start. We are still not able to successfully install Entra connect (the newest version- 3 days old)

    Resolution: Resolved with the help of Microsoft Support (2407190050002189) Thank you @David Luczak for sharing the below steps which helped to resolve your issue

    We could fix the problem with a workaround. We added our proxy to the machine.config that is used during the installation of Entra Connect and that worked.

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

    <system.net>    

    <defaultProxy>

               <proxy

                usesystemdefault="true"

                proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"

                bypassonlocal="true"

                />

          </defaultProxy>

    </system.net>

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.