Cannot upgrade Entra Connect Sync

Kiedroň Tomáš 0 Reputation points
2024-11-11T16:08:52.22+00:00

have upgrade Entra Connect Sync. I am getting error during upgradinf configuration like this:

Configure AAD Sync

An error occurred executing Configure AAD Sync task: System.InvalidOperationException:

There was an issue obtaining cloud sync intervals --- >

Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50079: Due to a configuration

change made by your administrator, or because you moved to a new location, you must enroll

in multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID:

30899e49-84c1-43e1-9ad5-272f73b4e600 Correlation ID: 4db1d100-d056-40d5-

aaae-8572bfa3a79b Timestamp: 2024-11-11 16:02:18Z

at

Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AuthenticateMS

AL(AzureService azureService, String userName, SecureString password, Boolean

useCachedToken, String& access Token, String& errorCode, String& additionalDetails, Boolean

throwOnException, Boolean throwExceptionOnMFAError)

at

Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo

ken(AzureService azureService, String& serviceEndpoint, String& errorCode, String&

additionalDetail, AuthenticationStatus& status, Boolean throwOnException, Boolean

throwExceptionOnMFAError)

at

Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo

ken(AzureService azureService, String& serviceEndpoint, String& additionalDetail,

AuthenticationStatus& status, Boolean throwOnException)

at

Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo

ken(AzureService azureService, String& additionalDetail, Boolean throwOnException)

at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken()

at

Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning

WebServiceAdapter.InitializeProvisionHelper()

at

Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning

WebServiceAdapter.Initialize()

at

Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning

WebServiceAdapter.GetCompanyConfiguration(Boolean includeLicenseInformation)

at

Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerl

nterval()

at

Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get CurrentSchedulerSetti

ngs()

--- End of inner exception stack trace ---

at

Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSetti

ngs()

at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , ConfigAttrNode* pcanList,

Ulnt32 ccanltems, Char ** syncSettingsSerialized, Char ** errorString)

I have tried to set exception from MFA and Conditional Access for admin account used for setting Sync but the result is same.

Any proposition?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,718 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,436 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. akinbade abiola 20,145 Reputation points
    2024-11-11T23:58:19.01+00:00

    Hello, this looks like conditional access is enabled on your synchronization account.

    17313694089594210701359372626463

    You need to remove this account from CAP policies

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-accounts-permissions

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.