question

Frank-0528 avatar image
1 Vote"
Frank-0528 asked JesseFlintoff-4117 answered

Windows Essentials 2016 Dashboard stop password sync with Office365/Azure Active Directory

Hello,

I have already asked my question here

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_password-mso_o365b/windows-essentials-2016-dashboard-stop-password/965651d4-2e8e-4c5e-a1d4-3cbac13c66a5?messageId=aa135e9e-428f-42e8-a84c-b0ea6a472173

(please read whole current thread there)

and was referred to this forum, as the problem is probably related to Windows Essential Server or Azure AD.

My WSE 2016 has suddenly stopped password synchronisation with Office 365. Office 365 and Azure Active Directory are integrated in the dashboard.

The following behaviour:

In the Dashboard -> Office 365 -> Change Administrator Password is supposedly executed successfully with any password (even the correct one). However, the event viewer shows the error PCNSSVC 6036 - No connection could be established because the target computer refuses the connection. ESSENTIALS_PWD_SYNC_GEOCENTRAL 0x000006BA - The RPC server is not available.

In the dashboard, all data on subscriptions, domains, mailboxes from Exchange Online are listed under Office 365. The distribution groups are visible under Users -> Distribution Groups.

In the Dashboard -> User - > Change User Password results in the error in the file SharedServiceHost-EmailProviderServiceConfig.log

[9312] 210630.172727.0800: PasswordChangeRepository: User name with SID S-1-5-21-34824797-2272319941-1929610800-1129 has been changed from domain\surname.name to surname.name

[12812] 210630.172727.1250: O365ManagementProvider(IO365Callback): ChangePassword:bdcbd278-2186-4296-93-ea520436de starts

[12812] 210630.172727.4123: GraphAdapter: Failed to call Graph service with status code 404 and error: {"error":{"code":"ResourceNotFound","message":"Invalid version: v2","innerError":{"date":"2021-06-30T15:27:27","request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905","client-request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905"}}}

[12812] 210630.172727.4123: O365ManagementProvider(IO365Callback): ChangePassword:bdcbd278-2186-4296-93-ea520436de failed due to O365ConfigurationFault = Unexpected

Microsoft.WindowsServerSolutions.O365Integration.O365ConfigureException: Failed to call Graph service with status code 404 and error: {"error":{"code":"ResourceNotFound","message":"Invalid version: v2","innerError":{"date":"2021-06-30T15:27:27","request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905","client-request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905"}}}

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.DefaultHandleGraphServiceError(Int32 statusCode, GraphServiceError error, Int32 retryTimes, Action`2 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.<>c_DisplayClass60_1`1.<InvokeWebServiceWithRetry>b_1(Int32 statusCode, GraphServiceError error)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.HandleGraphServiceException[TResult](Func`1 func, Func`3 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.InvokeWebServiceWithRetry[TResponse](Func`2 func, Action`2 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagementCore.ChangePassword(String localUserName, String password)

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagementProvider.<>c_DisplayClass30_0.<ChangePassword>b_0()

bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderBase`1.InvokeOperation[TResult](String operationName, Func`1 func)

[12812] 210630.172727.4403: O365Manager: TResult : Boolean, args : Microsoft.WindowsServerSolutions.Common.ProviderFramework.OperationInvokeEventArgs`1[System.Boolean]

[12812] 210630.172727.4413: O365Manager: actualArgs : Microsoft.WindowsServerSolutions.Common.ProviderFramework.OperationInvokeEventArgs`1[System.Boolean]

[9312] 210630.172727.4453: O365ManagerPasswordSyncWrapper: Failed due to OperationInvokeException:Microsoft.WindowsServerSolutions.Common.ProviderFramework.OperationInvokeException: Failed to invoke <ChangePassword>b__0 ---> Microsoft.WindowsServerSolutions.O365Integration.O365ConfigureException: Failed to call Graph service with status code 404 and error: {"error":{"code":"ResourceNotFound","message":"Invalid version: v2","innerError":{"date":"2021-06-30T15:27:27","request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905","client-request-id":"41ad162f-b06b-4dd8-a78d-50bf776c1905"}}}

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.DefaultHandleGraphServiceError(Int32 statusCode, GraphServiceError error, Int32 retryTimes, Action`2 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.<>c_DisplayClass60_1`1.<InvokeWebServiceWithRetry>b_1(Int32 statusCode, GraphServiceError error)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.HandleGraphServiceException[TResult](Func`1 func, Func`3 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.GraphAdapter.InvokeWebServiceWithRetry[TResponse](Func`2 func, Action`2 errorHandler)

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagementCore.ChangePassword(String localUserName, String password)

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagementProvider.<>c_DisplayClass30_0.<ChangePassword>b_0()

bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderBase`1.InvokeOperation[TResult](String operationName, Func`1 func)

--- Ende der internen Ausnahmestapelüberwachung ---

bei Microsoft.WindowsServerSolutions.Common.ProviderFramework.ObjectModelBaseExtended`1.SyncWrapper[T](Action`1 act)

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagerPasswordSyncWrapper.<>c_DisplayClass18_0.<ChangePassword>b_0()

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagerPasswordSyncWrapper.CallWrapper[T](Func`1 func)

[9312] 210630.172727.4493: PasswordSyncManagementCore: Password Sync Configuration Issue: PwdSyncConfigurationFault = LocalProviderIssue

Microsoft.WindowsServerSolutions.PasswordSync.PwdSyncConfigurationException: Failed to invoke <ChangePassword>b__0

bei Microsoft.WindowsServerSolutions.O365Integration.O365ManagerPasswordSyncWrapper.CallWrapper[T](Func`1 func)

bei Microsoft.WindowsServerSolutions.PasswordSync.PasswordSyncManagementCore.SyncPassword(Object state)

[9312] 210630.172727.4503: PasswordSyncManagementCore: Neither O365 nor HES are running

In the dashboard -> Startpage -> status monitoring, a critical error is displayed. "The password for the following accounts cannot be reset by the Windows Server Essentials service ... Listing of accounts.

Solution: Make sure the server is connected to the Internet.

I have not switched to MFA, Server is rebooted, PasswordChangeNotificationService is running.

Any help is appreciated!

windows-serverazure-ad-password-hash-sync
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I would like to check if there is any progress made in solving your issue? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.

Best Regards,
Joan

0 Votes 0 ·

Hello,
no, there is no progress at the moment. Installing the updates from 13. July on WSE 2016 did not solve the problem for me. In my opinion, the best change to solve the problem at the moment is the post by JesseFlintoff-4117 with the support of the PG team.
Kind regards,
Frank

0 Votes 0 ·

Hi,

Got it!

We will also keep track on this issue! Hope to hear your good news soon!

BR,
Joan

0 Votes 0 ·

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·
jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered

Hi,

Thanks for posting on our forum!

Based on your log information, your issue does has something to do with Azure AD and Essential. However, analyzing log information is beyond our forum's scope. The supporter should have suggested you to open a case with our senior supporter at the first hand.

For one thing, Microsoft Customer Support and Services can offer you real-time service and more in-depth investigation. In our forum, I can read some logs for you, but this could be really time-consuming and I just do a general interpretation. If your issue turns out to be more complex and needs further researching, at that time, I still have to suggest you to open a case.

For another, posting your personal log information on our forum may be unsafe since our forum is open to the public, which means everyone can access to your private information. When you open a case, your information will be severely protected by our engineers and after your case is completed, your log information will be erased from our record permenantly.

In addition, if the issue has been proved as system flaw, the consulting fee would be refund. You may find phone number for your region accordingly from the link below.
Global Customer Service phone numbers:
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers

Thanks for your support and understanding!

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GregZartman-2833 avatar image
0 Votes"
GregZartman-2833 answered

I am having the exact same problem as the OP.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexR-8572 avatar image
0 Votes"
AlexR-8572 answered

Same issue. Might just upgrade to 2019 and call it a day.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SamC-5106 avatar image
0 Votes"
SamC-5106 answered

Same issue as OP. I'm using Server 2019 with the Essentials Role reinstalled using the OfficeMaven product.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JulianBlting-7635 avatar image
0 Votes"
JulianBlting-7635 answered JulianBlting-7635 published

same issue here with 3 Server...
I've been looking for the fault for 2 days

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JesseFlintoff-4117 avatar image
0 Votes"
JesseFlintoff-4117 answered

Having same issue on 14 servers.....

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SamC-5106 avatar image
0 Votes"
SamC-5106 answered SamC-5106 edited

I'm going to go out on a limb here and say someone at Microsoft deleted a DNS entry and because they can't be bothered to provide meaningful support anymore a simple issue goes unfixed...

Something I discovered is the client machine with the essentials tray application receives an error message about password sync. When you click it it tries to take you to https://prs-scu.passwordreset.microsoftonline.com/?mkt=EN-US&ru=https://login.microsoftonline.com/login.srf%3flc%3d1033%26mkt%3dEN-US%26lc%3d1033%26id%3d271346%26vv%3d1300&lc=1033 but the website does not load with a DNS Probe error.

I've tried resolving prs-scu.passwordreset.microsoftonline.com on multiple networks with different ISPs and DNS servers as well as a DNS lookup on mxtoolbox and there are no DNS entries.

Lookup details: prs-scu.passwordreset.microsoftonline.com has a canonical name of ssprprod-a-sspr-scu.cloudapp.net which then resolves to 0.0.0.0

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JesseFlintoff-4117 avatar image
0 Votes"
JesseFlintoff-4117 answered jiayaozhu-MSFT commented
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello JesseFlintoff-4117,

thank you for sharing this update here.

0 Votes 0 ·

Hi,

I am glad to see that you can achieve some progress! I also read the blog @JesseFlintoff-4117 posted and I think if this issue is related to some inbuild problems, you can go to post your discovery on our Feedback website, so that our product team can notice it:
https://techcommunity.microsoft.com/

Besides, I found that this issue seems to be a common issue and I think it can be really helpful if you could put this blog on top of our blog, so that many other clients who have the same issue can get to their workaround more quickly. An accepted answer blog can be put on top of the forum and you can accept any useful answers in this blog, such as @JesseFlintoff-4117's, at any appropriate time (like after this issue is solved or has certain workarounds). I will also keep track on this issue and report this issue to our product team. Thanks for your understanding!

BR,
Joan

0 Votes 0 ·
JesseFlintoff-4117 avatar image
0 Votes"
JesseFlintoff-4117 answered

This is now working. No action required.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.