![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 8%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Adrian Funk,
Thank you for posting your query on Microsoft Q&A.
I understand that you are getting the error: E_MMS_SCHEMA_NO_CLASSES when trying to upgrade Microsoft Entra Connect.
Basically this error will occur due to multiple reasons. One of the reason is that the Multifactor Authentication(MFA) has been enabled for the affected user who is trying to upgrade the Microsoft Entra Connect.
Please check if the Multifactor Authentication(MFA) has been enabled for the affected user who is trying to upgrade the Microsoft Entra Connect by following the below steps.
Below are the different sources of MFA.
1.Per-User MFA.
2.Conditional Access policies.
3.Security Defaults.
4.Identity Protection(MFA registration policy).
1.Per-User MFA
Please check if the Per-User MFA is enabled or not for the user by following the below mentioned steps.
View the status for a user
The per-user MFA administration experience in the Microsoft Entra admin center is recently improved. To view and manage user states, complete the following steps:
- Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
- Browse to Identity > Users > All users.
- Select a user account, and then select Per-user MFA.
- Please refer to the below Screenshot for your reference.
Search for the affected user and check the Per-user MFA status. If it is enabled, please select Disable MFA as shown in the below Screenshot for your reference.
2.Conditional Access policies
You can verify whether any CA policy is getting applied to complete MFA by following the below mentioned steps.
To view the sign-in logs from the Microsoft Entra admin center:
- Sign in to the Microsoft Entra admin center as at least a Reports Reader.
- Go to Users -> All Users -> Select the affected user and select Sign-in logs and check for the sign ins where the Authentication requirement is showing as Multifactor Authentication. Please refer to the below Screenshot for your reference.
3.If any of the sign ins where the Authentication requirement is showing as Multifactor Authentication, please select that sign in and navigate to Conditional Access tab to check which CA is policy is getting applied for that sign in. Please refer to the below Screenshot for your reference.
3. Security Defaults
Please note that if there is no CA policy enabled in your tenant, then please check if the Security Defaults is enabled in your tenant by following the below mentioned steps.
- Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.
- Browse to Identity > Overview > Properties.
- Select Manage security defaults.
- Check if Security Defaults is enabled or not.
Please note that this Security Defaults is tenant wide settings and it will be applicable to all the users in your tenant.
If Security Defaults is enabled in your tenant, then all the users in your tenant are getting MFA through Security Defaults.
For additional details, please refer to the below document for your reference.
Providing a default level of security in Microsoft Entra ID - Microsoft Entra | Microsoft Learn
4.Identity Protection(Multifactor Authentication Registration policy)
Please check if you have enabled Multi factor Authentication Registration policy from Identity Protection by following the below mentioned steps.
- Sign in to the Microsoft Entra admin center as at least a Security Administrator.
- Browse to Protection > Identity Protection > Multifactor authentication registration policy.
- Please check whether the affected user is part of that policy and also check whether the policy is enabled or not from Policy enforcement section.
For additional details, please refer to the below document for your reference.
Configure the MFA registration policy - Microsoft Entra ID Protection | Microsoft Learn
Also, this error can occur if TLS 1.2 is not enabled on your Microsoft Entra connect server
In the recent releases of Microsoft Entra connect the communication happens via TLS 1.2. Please make sure TLS 1.2 is enabled in your Entra connect server.
Please refer to the below document to get the PowerShell script to check if the TLS 1.2 is enabled and the PowerShell script to enable TLS 1.2 on your Microsoft Entra connect server.
Also please try to refresh the Microsoft Entra Connect schema by following the below mentioned steps.
- Open Synchronization Service Manager on the Microsoft Entra Connect Server.
- Navigate to “Connectors”
- Select the connector named after your On-Premises Active Directory.
- Start action “Refresh Schema”
Please refer to the below Screenshot for your reference.
For more information regarding the upgrading of Microsoft Entra Connect from previous version to the latest version, please refer to the below document for your reference.
Microsoft Entra Connect: Upgrade from a previous version - Microsoft Entra ID | Microsoft Learn
I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".