ArgumentOutOfRangeException while loading AD directory schema in Entra Connect 2.3.20.0

Question

Received error while trying to install Entra AD Connect (version 2.3.20.0) on fully-patched Windows Server 2016 virtual machine.

This occurred after attempting to use Customized settings (rather than Express Settings), using Password Hash Sync and turning on Enable single sign on (although it also happens with this turned off). I am able to connect to Azure AD and can add the Directory (an Active Directory), "<REDACTED>.LOCAL". However, on the next step, where it attempts to retrieve the directory schema, I get an "ArgumentOutOfRangeException" with the explanation "Index was out of range. Must be a non-negative and less than the size of the collection. Parameter name: index".

Here is the salient part of the log:

[16:30:59.558] [  7] [INFO ] SyncDataProvider: Calling refresh schema on connector <REDACTED>.LOCAL
[16:31:00.137] [  7] [ERROR] ConfigSyncDirectoriesPage: Caught exception while creating the connector for directory: <REDACTED>.LOCAL.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2024-08-28 22:30:59.813</date><server><REDACTED>.LOCAL:389</server><cd-error><error-code>0x31</error-code>
<error-literal>Invalid Credentials</error-literal>
</cd-error></incident></error></error> ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2024-08-28 22:30:59.813</date><server><REDACTED>.LOCAL:389</server><cd-error><error-code>0x31</error-code>
<error-literal>Invalid Credentials</error-literal>
</cd-error></incident></error></error>
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchemaFromDirectory(Connector connector, Boolean commit)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.UpdateADSyncConnectorSchemaCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.UpdateConnectorSchema(Connector connector)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.UpdateConnectorSchema()
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.UpdateConnectorSchema(ConnectorAdapterBase connectorAdapter)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.CreateADDSConnector(IDirectoryConnection directory)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.CreateConnectors(Object obj)
[16:31:00.157] [  4] [INFO ] Page transition from "Connect Directories" [ConfigSyncDirectoriesPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel]
[16:31:00.167] [  4] [ERROR] RootWizardPageViewModel: An unhandled exception occurred during a page load.
Exception Data (Raw): System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
[16:31:00.173] [  4] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.MoveNext()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.WaitForTaskCompletion(Task task)
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.MoveNext()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.WaitForTaskCompletion(Task task)
   at System.Threading.Tasks.Task.Execute()<---
[16:31:00.289] [  1] [INFO ] Page transition from "Azure AD sign-in" [UserSignInConfigPageViewModel] to "Error" [ErrorPageViewModel]

Re-instantiated but got same error. Uninstalled/re-installed. No Joy.I have also tried to use an existing managed account that is part of the Schema Admins group, to no avail.

I am able to walk through the whole process using Express Settings but want to roll-out to a Test OU first.

<error-literal> suggests an invalid credential, but I have checked and double-checked the credentials. Using an account that is a member of all admin Groups.

Cannot find any relevant articles on microsoft.com or other sites.

Ideally, I would be able to set this up with just my Test OU first and, after testing/tweaking, roll it out to the whole organization, but any assistance or guidance would be appreciated.

Thanks!

—Lance

Answer 1

Hi @Lance Eck

Thank you for reaching Microsoft Q&A.

Based on the error message it could be issue with the .NET Framework. can you please check the versions of .NET the minimum .NET Framework version required is 4.6.2, and newer versions of .NET are also supported. .NET version 4.8 and greater offers the best accessibility compliance.

Also, please follow and verify the Prerequisites for Microsoft Entra Connect

Hope this helps. Do let us know if you any further queries by responding in the comments section.

Thanks,

Akhilesh.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.