This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 91%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hi,
I have two Windows 2022 DC's running Entra Sync Connect 2.4.131.0 with Entra Sync Health Agent 4.5.2520.0. There is no firewall enabled on the servers and have direct internet access.
All was well until I upgraded from legacy versions of these tools last week, the installs stated all was completed successfully but we are no longer sycing with Entra AD.
Running the health diagnostic tool I get.....
PS C:\Windows\system32> Test-MicrosoftEntraConnectHealthConnectivity -Role SYNC
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...
ProxyInUse:False, Source:Default, Address:NotSet
Connectivity Test Step 1 of 2: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://s1.adhybridhealth.azure.com/providers/Microsoft.ADHybridHealthService/diagnostics/version
[CriticalError!]: Unhandled exception occurred: The operation has timed out
Connectivity Test Step 1 of 2 - Failed to connect some service endpoints, please investigate.
Connectivity Test Step 2 of 2 - EventHub data upload procedure begins ...
Tenant Id is successfully collected during agent registration.
Connectivity Test Step 2 of 2 - EventHub data upload procedure completed successfully.
Test-AzureADConnectHealthConnectivity failed...
I re-registered the agent and it seems to connect fine to the same resource that fails in the connectivity test...
Register-MicrosoftEntraConnectHealthAgent -AttributeFiltering $false -StagingMode $false
2025-04-07 11:33:26.237 Log: C:\Users\apjadmin\AppData\Local\Temp\AadConnectHealthAgentConfiguration.2025-04-07_12-33-26.log
2025-04-07 11:33:26.251 SecurityProtocol set to Tls, Tls11, Tls12
2025-04-07 11:33:26.253 Current Monitoring Level in Registry is Full
2025-04-07 11:33:26.254 ProductName: Microsoft Entra Connect Health Agent, FileVersion: 4.5.2520.0, Current UTC Time: 2025-04-07 11:33:26Z, ParameterSet: Prompt
2025-04-07 11:33:26.256 AdHealthServiceUri (ARM): https://management.azure.com/providers/Microsoft.ADHybridHealthService/
2025-04-07 11:33:26.259 AdHybridHealthServiceUri: https://s1.adhybridhealth.azure.com/
2025-04-07 11:33:26.26 AdHealthServiceUri (ARM): https://management.azure.com/providers/Microsoft.ADHybridHealthService/
2025-04-07 11:33:26.261 AdHybridHealthServiceUri: https://s1.adhybridhealth.azure.com/
2025-04-07 11:33:26.263 ProxyInUse: False
2025-04-07 11:33:26.702 AdHealthServiceApiVersion: 2014-01-01
2025-04-07 11:33:26.734 Obtaining token using prompt, Authority: https://login.microsoftonline.com/organizations/oauth2/nativeclient, Scope: https://management.core.windows.net/.default, ClientId: cf6d7e68-f018-4e0a-a7b3-126e053fb88d, ExtraQueryParameters: instance_aware=true
2025-04-07 11:33:49.171 Monitoring enabled for AadSyncService, AdDomainService
2025-04-07 11:33:49.176 Detecting AadSyncService roles...
2025-04-07 11:33:49.493 Detected ServiceType: AadSyncService, ServiceSignature: apjeuropean.onmicrosoft.com, Role: AadSync_AadConnectSync_1.0
2025-04-07 11:33:49.495 Detecting AdDomainService roles...
2025-04-07 11:33:49.747 Detected ServiceType: AdDomainService, ServiceSignature: 50e99c3a-ac5a-4c8f-8cca-2f91c06ed30b, Role: AddsDomainController
2025-04-07 11:33:49.748 Detected the following role(s) for apjeuropean.onmicrosoft.com:
2025-04-07 11:33:49.75 Microsoft Azure Active Directory Sync Services, Active Directory Domain Services
2025-04-07 11:33:50.926 Fetched and stored agent credentials successfully...
2025-04-07 11:34:07.306 Detected the following role(s) for APJ.INTERNAL:
2025-04-07 11:34:07.307 Microsoft Azure Active Directory Sync Services, Active Directory Domain Services
2025-04-07 11:34:23.845 Starting agent services...
2025-04-07 11:34:25.601 Started agent services successfully...
2025-04-07 11:34:25.603 Agent registration completed successfully.
When I run the Sync Service tool i get this.... which looks good but I know its not actually syncing!
Help please!!
"I have two Windows 2022 DC's running Entra Sync Connect 2.4.131.0"
You mean two instances of Entra Connect and one is in staging mode and the other is exporting to Entra?
They were installed as a pair for redundancy and both showed as active in Entra. I have not done anything to to make on live and one staging.
I have seen this meantioned elsewhere, is there an easy way to confirm this?
Yea, one has to be exporting for this to work, the other needs to be in staging mode. Only one server can export at any one time
Very important to check that one is set to export!
So on both servers, run that command. If both are set to TRUE for StagingModeEnabled, then follow the instructions to set ONE of them to StagingModeEnabled to FALSE by running the wizard
Hi, seems to have sync'd now, thanks. Just want to check how long does it take for Entra to say its up to date, as currently it still says....
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Simon Bane If the Sync is working fine, last sync will also be updated in next refresh, just wanted to check does it still show the same.