AAD Cloud Sync Agent fails to connect

Filippo Martinelli 26 Reputation points
2021-08-12T21:12:27.83+00:00

In January I installed AAD Cloud Sync Agent and it worked till the end of July. Checking Azure AD in the cloud the domain is in quarantine status and the installed agents list reports none. First question: was my agent, which worked for months, automatically removed from the list ?

Executing AAD Cloud Sync Agent Wizard again it reports the following error:

PowerShell: System.Net.WebException: Remote server error: (401) Unauthorized. in System.Net.HttpWebRequest.GetResponse() in Microsoft.ApplicationProxy.Connector.PSModule.OnpremisesPublishingOperations.ProcessRequestWithoutPayload(HttpWebRequest request) in Microsoft.ApplicationProxy.Connector.PSModule.GetPublishedResourceCommand.ProcessRecord() in System.Management.Automation.CommandProcessor.ProcessRecord()

The agent log is full of the following errors:

AADConnectProvisioningAgent.exe Error: 0 : Service bootstrap request failed with exception. Request Id: 'fa4d8a82-150a-4326-a556-ccf43b1a9f45', Error: 'System.ServiceModel.Security.MessageSecurityException: La richiesta HTTP non è autorizzata con lo schema di autenticazione client 'Anonymous'. Intestazione di autenticazione ricevuta dal server: ''. ---> System.Net.WebException: Errore del server remoto: (401) Non autorizzato. in System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) in System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)

It is not a TLS 1.2 problem because it is not mandatory yet. Admin AAD login has been verified. The public ip of AAD agent on premise may have changed, is it possible the requests fail because the ip is filtered ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,901 questions
{count} votes