AADDS104 critical alert without any changes to nsg

Question

AADDS104 critical alert without any changes to nsg

Mim Kol 0

Managed domain reporting AADDS104 (Critical) – “Microsoft is unable to reach the domain controllers.”

No NSG, DNS, UDR, or peering changes were made.
Internal connectivity verified:
- LDAP 389 reachable
- DC IPs responding
- Replica set shows Running

Restart option is not available in the current portal UI.

This appears to be a backend connectivity or replica heartbeat issue.
Please perform backend health verification and restart replica set if necessary.
Region: West US 2
Replica Set: aadds-vnet/aadds-subnet

Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-24T05:19:02.72+00:00

Hello Mim Kol,

We need few details to proceed further. Please check your Private messages tab and provide those details.
SUNOJ KUMAR YELURU 17,981 Reputation points MVP Volunteer Moderator

2026-02-24T06:54:08.4666667+00:00

Hello @Mim Kol,

The alert AADDS104 indicates that Microsoft is unable to reach the domain controllers for a managed domain, various reasons, including network security group (NSG) rules blocking access or user-defined routes preventing incoming traffic.

In your case, since no NSG, DNS, UDR, or peering changes were made, and internal connectivity checks (like LDAP on port 389) show that domain controllers are reachable and responding, it suggests that the issue may be related to backend connectivity or replica heartbeat problems. It is advisable to perform backend health verification and restart the replica set if necessary.

If the critical alert remains unresolved for 15 days, the managed domain could enter a suspended state, where domain controllers become unreachable, and various services may fail.

Understand the health states and resolve suspended domains in Microsoft Entra Domain Services

If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.
Mim Kol 0 Reputation points

2026-02-25T23:44:01.49+00:00

Any news on this? It has been a couple of days. Alert still there. Last Detected: Tue, Feb 24, 2026, 04:48:47 UTC
Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-26T05:33:51.0333333+00:00

Hello Mim Kol,

Thank you for your patience.

Based on the details you shared, and since there were no recent changes to NSG, DNS, UDR, or peering, and the replica set and domain controllers are reachable, this does not indicate an issue with your current network configuration.

AADDS104 alerts can occasionally appear during backend service maintenance or internal health checks in Microsoft Entra Domain Services. In such cases, the alert may remain visible temporarily even though the managed domain continues to function normally.

Could you please confirm if you are seeing any actual issues, such as domain join failures, authentication problems, or LDAP connectivity issues? Or is the alert the only concern at this time?

We will continue monitoring from our side and share updates if any action is required.
Mim Kol 0 Reputation points

2026-02-27T00:36:23.05+00:00

The alert has now disappeared. Did you end up refreshing the domain or did it self-resolve? Thank you.
Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-28T08:42:21.16+00:00

Hello Mim Kol,

Thank you for the update. Glad to hear the alert has cleared.

No refresh or restart was performed from our side. It appears the alert resolved automatically after the backend health checks stabilized.

Please let us know if you notice the alert again or experience any issues.

1 answer

Your answer

Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-24T05:19:02.72+00:00

Hello Mim Kol,

We need few details to proceed further. Please check your Private messages tab and provide those details.
SUNOJ KUMAR YELURU 17,981 Reputation points MVP Volunteer Moderator

2026-02-24T06:54:08.4666667+00:00

Hello @Mim Kol,

The alert AADDS104 indicates that Microsoft is unable to reach the domain controllers for a managed domain, various reasons, including network security group (NSG) rules blocking access or user-defined routes preventing incoming traffic.

In your case, since no NSG, DNS, UDR, or peering changes were made, and internal connectivity checks (like LDAP on port 389) show that domain controllers are reachable and responding, it suggests that the issue may be related to backend connectivity or replica heartbeat problems. It is advisable to perform backend health verification and restart the replica set if necessary.

If the critical alert remains unresolved for 15 days, the managed domain could enter a suspended state, where domain controllers become unreachable, and various services may fail.

Understand the health states and resolve suspended domains in Microsoft Entra Domain Services

If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.
Mim Kol 0 Reputation points

2026-02-25T23:44:01.49+00:00

Any news on this? It has been a couple of days. Alert still there. Last Detected: Tue, Feb 24, 2026, 04:48:47 UTC
Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-26T05:33:51.0333333+00:00

Hello Mim Kol,

Thank you for your patience.

Based on the details you shared, and since there were no recent changes to NSG, DNS, UDR, or peering, and the replica set and domain controllers are reachable, this does not indicate an issue with your current network configuration.

AADDS104 alerts can occasionally appear during backend service maintenance or internal health checks in Microsoft Entra Domain Services. In such cases, the alert may remain visible temporarily even though the managed domain continues to function normally.

Could you please confirm if you are seeing any actual issues, such as domain join failures, authentication problems, or LDAP connectivity issues? Or is the alert the only concern at this time?

We will continue monitoring from our side and share updates if any action is required.
Mim Kol 0 Reputation points

2026-02-27T00:36:23.05+00:00

The alert has now disappeared. Did you end up refreshing the domain or did it self-resolve? Thank you.
Sridevi Machavarapu 22,120 Reputation points Microsoft External Staff Moderator

2026-02-28T08:42:21.16+00:00

Hello Mim Kol,

Thank you for the update. Glad to hear the alert has cleared.

No refresh or restart was performed from our side. It appears the alert resolved automatically after the backend health checks stabilized.

Please let us know if you notice the alert again or experience any issues.

Answer 1

Hello Mim Kol,

Thank you for the update. I’m glad to hear the alert has cleared.

No manual restart or refresh was performed from our side. Based on the behavior, the alert appears to have resolved on its own.

Alerts such as AADDS104 can sometimes appear temporarily during backend service maintenance or internal health checks in Microsoft Entra Domain Services. During this time, the alert may remain visible even though the managed domain continues to function normally. Once the backend health checks complete and connectivity signals stabilize, the alert typically clears automatically.

Since the alert has now disappeared and there were no reported issues with domain join, authentication, or LDAP connectivity, the managed domain can be considered healthy.

If you notice the alert again or experience any service impact, please feel free to reach out.

Share via

AADDS104 critical alert without any changes to nsg

1 answer

Your answer