Share via

Azure AD connect configuration fails on Windows Server 2022

Gernot Rücker 20 Reputation points
2024-10-04T10:08:32.1+00:00

I am trying to configure Azure AD connect on Windows 2022 Server.

I configured Password-Hash-Sync.

My local domain name is a subdomain name which I registered in Azure AD (like local.contoso.com).

The configuration fails with the message "failure while sending request".

I found the following error in the error log:

=== Request Data ===

Authority Provided? - True

Scopes - https://graph.windows.net/user_impersonation

Extra Query Params Keys (space separated) -

ApiId - AcquireTokenByUsernamePassword

IsConfidentialClient - False

SendX5C - False

LoginHint ? False

IsBrokerConfigured - False

HomeAccountId - False

CorrelationId - 784a3b58-e970-483a-9d5a-b34a77d078d5

[11:33:26.414] [ 32] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.41 - 784a3b58-e970-483a-9d5a-b34a77d078d5] === Token Acquisition (UsernamePasswordRequest) started:

 Scopes: https://graph.windows.net/user_impersonation

Authority Host: login.microsoftonline.com

[11:33:26.418] [ 32] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.41 - 784a3b58-e970-483a-9d5a-b34a77d078d5] [Region discovery] Azure region was not configured or could not be discovered. Not using a regional authority.

[11:33:26.422] [ 32] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.42 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Fetching instance discovery from the network from host login.microsoftonline.com.

[11:33:26.704] [ 36] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.70 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Authority validation enabled? True.

[11:33:26.704] [ 36] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.70 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Authority validation - is known env? True.

[11:33:26.709] [ 36] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.70 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Sending request to userrealm endpoint.

[11:33:26.800] [ 35] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:26.80 - 784a3b58-e970-483a-9d5a-b34a77d078d5]

[11:33:27.032] [ 35] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.03 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Fetched and parsed MEX

[11:33:27.033] [ 35] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.03 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Fetched and parsed MEX.

[11:33:27.291] [ 36] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.29 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Token of type 'urn:oasis:names:tc:SAML:1.0:assertion' acquired from WS-Trust endpoint.

[11:33:27.291] [ 36] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.29 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Token of type 'urn:oasis:names:tc:SAML:1.0:assertion' acquired from WS-Trust endpoint.

[11:33:27.491] [ 35] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.49 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Response status code does not indicate success: 400 (BadRequest).

[11:33:27.491] [ 35] [WARN ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.49 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Request retry failed.

[11:33:27.500] [ 35] [INFO ] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.50 - 784a3b58-e970-483a-9d5a-b34a77d078d5] HttpStatusCode: 400: BadRequest

[11:33:27.503] [ 35] [ERROR] MSAL: False MSAL 4.36.0.0 MSAL.Desktop 4.8 or later Windows Server 2022 Standard [10.04 09:33:27.50 - 784a3b58-e970-483a-9d5a-b34a77d078d5] Exception type: Microsoft.Identity.Client.MsalUiRequiredException

, ErrorCode: invalid_grant

HTTP StatusCode 400

Any help is appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-10-08T19:18:07.21+00:00

    Hi @Gernot Rücker

    Thank you for post!

    I am sorry for the inconvenience you have faced while you are configuring the Entra connect.

    It might be issue with the TLS 1.2 is not enabled in the .NET framework

    Could you please run the below PowerShell script to enforce TLS 1.2.

    PowerShell script to enable TLS 1.2 Before installing, please read and verify the Prerequisites for Microsoft Entra Connect.

    If your Hybrid Identity Administrators have MFA enabled, the URL https://secure.aadcdn.microsoftonline-p.com must be in the trusted sites list. You're prompted to add this site to the trusted sites list when you're prompted for an MFA challenge, and it hasn't been added before. You can use Internet Explorer to add it to your trusted sites.

    If the issue persists, please refer the below article

    Azure AD Connect – Unable to validate credentials due to an unexpected error.

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.