Share via

ArgumentOutOfRangeException while loading AD directory schema in Entra Connect 2.3.20.0

Lance Eck 0 Reputation points
2024-08-29T00:44:55.66+00:00

Received error while trying to install Entra AD Connect (version 2.3.20.0) on fully-patched Windows Server 2016 virtual machine.

This occurred after attempting to use Customized settings (rather than Express Settings), using Password Hash Sync and turning on Enable single sign on (although it also happens with this turned off). I am able to connect to Azure AD and can add the Directory (an Active Directory), "<REDACTED>.LOCAL". However, on the next step, where it attempts to retrieve the directory schema, I get an "ArgumentOutOfRangeException" with the explanation "Index was out of range. Must be a non-negative and less than the size of the collection. Parameter name: index".

Here is the salient part of the log:

[16:30:59.558] [  7] [INFO ] SyncDataProvider: Calling refresh schema on connector <REDACTED>.LOCAL
[16:31:00.137] [  7] [ERROR] ConfigSyncDirectoriesPage: Caught exception while creating the connector for directory: <REDACTED>.LOCAL.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2024-08-28 22:30:59.813</date><server><REDACTED>.LOCAL:389</server><cd-error><error-code>0x31</error-code>
<error-literal>Invalid Credentials</error-literal>
</cd-error></incident></error></error> ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2024-08-28 22:30:59.813</date><server><REDACTED>.LOCAL:389</server><cd-error><error-code>0x31</error-code>
<error-literal>Invalid Credentials</error-literal>
</cd-error></incident></error></error>
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchemaFromDirectory(Connector connector, Boolean commit)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.UpdateADSyncConnectorSchemaCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.UpdateConnectorSchema(Connector connector)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.UpdateConnectorSchema()
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.UpdateConnectorSchema(ConnectorAdapterBase connectorAdapter)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.CreateADDSConnector(IDirectoryConnection directory)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.CreateConnectors(Object obj)
[16:31:00.157] [  4] [INFO ] Page transition from "Connect Directories" [ConfigSyncDirectoriesPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel]
[16:31:00.167] [  4] [ERROR] RootWizardPageViewModel: An unhandled exception occurred during a page load.
Exception Data (Raw): System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
[16:31:00.173] [  4] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.MoveNext()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.WaitForTaskCompletion(Task task)
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.OnLoad(NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.ActivatePage(IWizardPage page, NavigateDirection direction)
   at Microsoft.Online.Deployment.Framework.UI.WizardPages.RootWizardPageViewModel.MoveNext()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.WaitForTaskCompletion(Task task)
   at System.Threading.Tasks.Task.Execute()<---
[16:31:00.289] [  1] [INFO ] Page transition from "Azure AD sign-in" [UserSignInConfigPageViewModel] to "Error" [ErrorPageViewModel]

Re-instantiated but got same error. Uninstalled/re-installed. No Joy.I have also tried to use an existing managed account that is part of the Schema Admins group, to no avail.

I am able to walk through the whole process using Express Settings but want to roll-out to a Test OU first.

<error-literal> suggests an invalid credential, but I have checked and double-checked the credentials. Using an account that is a member of all admin Groups.

Cannot find any relevant articles on microsoft.com or other sites.

Ideally, I would be able to set this up with just my Test OU first and, after testing/tweaking, roll it out to the whole organization, but any assistance or guidance would be appreciated.

Thanks!

—Lance

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.