Unable to retrieve the Azure Active Directory configuration

Fran 0 Reputation points
2024-08-06T11:14:20.7+00:00

Hello everyone!

When I try to connect to Azure with Azure Active Directory Connect, I put credentials and I take this error:

User's image

I put an user with the roll of global administrator, later a window to authenticate, in this case barrylado@gmail.com, and later this error message.

I use Windows Server 2022, and the latest version of ADDConnect, downloaded from the Azure Portal.

Any help please?

Thank you very much!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,318 questions
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 24,136 Reputation points Microsoft Employee
    2024-08-06T21:03:00.0833333+00:00

    Hi @Fran , can you please try the following for me and let me know your results?

    1. Check that your server has internet connectivity and can access the Azure AD endpoints. You can test this by opening a web browser on the server and navigating to https://login.microsoftonline.com. If you are unable to access this site, you may need to check your network configuration or firewall settings.
    2. Check that your server's clock is set correctly. If the clock is out of sync, it can cause issues with authentication and connectivity.
    3. Try running Azure Active Directory Connect in compatibility mode. Right-click on the Azure Active Directory Connect icon and select "Properties". Click on the "Compatibility" tab and check the box for "Run this program in compatibility mode for" and select "Windows 8" from the dropdown menu.
    4. Try running Azure Active Directory Connect as an administrator. Right-click on the Azure Active Directory Connect icon and select "Run as administrator".
    5. Check that your user account has the necessary permissions to access Azure AD. Make sure that your user account is a member of the Global Administrator role in Azure AD.
    0 comments No comments

  2. Sandeep G-MSFT 18,451 Reputation points Microsoft Employee
    2024-08-07T07:44:32.9066667+00:00

    @FranThank you for posting this in Microsoft Q&A.

    As I understand you are unable to install Entra connect as you are getting an error in the "connect to Azure AD" step.

    Usually, if you are getting an error, you can check below requirements,

    • First, make sure you TLS 1.2 on your server is enabled. Microsoft Entra Connect (version 1.1.614.0 and after) by default uses TLS 1.2 for encrypting communication between the sync engine and Microsoft Entra ID. If TLS 1.2 isn't available on the underlying operating system, Microsoft Entra Connect incrementally falls back to older protocols (TLS 1.1 and TLS 1.0). From Microsoft Entra Connect version 2.0 onwards. TLS 1.0 and 1.1 are no longer supported and installation will fail if TLS 1.2 is not enabled. Prior to version 1.1.614.0, Microsoft Entra Connect by default uses TLS 1.0 for encrypting communication between the sync engine and Microsoft Entra ID. To change to TLS 1.2, follow the steps in Enable TLS 1.2 for Microsoft Entra Connect.

    Note: Version 2.3.20.0 is a security update. With this update, Microsoft Entra Connect requires TLS 1.2. Ensure that you have TLS 1.2 enabled before updating to this version.

    All versions of Windows Server support TLS 1.2. If TLS 1.2 is not enabled on your server you will need to enable this before you can deploy Microsoft Entra Connect V2.0.

    For a PowerShell script to check whether TLS 1.2 is enabled, see PowerShell script to check TLS

    For more information about TLS 1.2, see Microsoft Security Advisory 2960358. For more information on enabling TLS 1.2, see how to enable TLS 1.2

    • You can check if you have any firewall or proxy in your environment to block traffic going to internet. If you're using an outbound proxy for connecting to the internet, the following setting in the C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config file must be added for the installation wizard and Microsoft Entra Connect Sync to be able to connect to the internet and Microsoft Entra ID. This text must be entered at the bottom of the file. In this code, <PROXYADDRESS> represents the actual proxy IP address or host name. <system.net>
          <defaultProxy>
      
              <proxy
      
              usesystemdefault="true"
      
              proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
      
              bypassonlocal="true"
      
              />
      
          </defaultProxy>
      
      </system.net>
      
    • If your proxy server requires authentication, the service account must be located in the domain. Use the customized settings installation path to specify a custom service account. You also need a different change to machine.config. With this change in machine.config, the installation wizard and sync engine respond to authentication requests from the proxy server. In all installation wizard pages, excluding the Configure page, the signed-in user's credentials are used. On the Configure page at the end of the installation wizard, the context is switched to the service account that you created. The machine.config section should look like this: <system.net>
          <defaultProxy enabled="true" useDefaultCredentials="true">
      
              <proxy
      
              usesystemdefault="true"
      
              proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
      
              bypassonlocal="true"
      
              />
      
          </defaultProxy>
      
      </system.net>
      

    Let me know if you have any further questions regarding this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.