Microsoft Azure AD Connect installation problem

Question

Microsoft Azure AD Connect installation problem

He, Erchuang/何二创 141

Excuse me, there is a problem about Microsoft Azure AD Connect installation.
The installation process is as follows:

Sign in as a local administrator to the server where install Azure AD Connect.
Find AzureADConnect.msi and double-click it.
On the Welcome screen, select the check box to accept the terms of the license and click Continue .
On the Easy Settings screen, click Use Easy Settings .
On the Connect to Azure AD screen, enter Azure AD global administrator username and password. Click Next .
On the Connect to AD DS screen, enter the user name and password for administrator account. Click Next .
Configuration of the Azure AD Sign In page.Custom field not validated.Select the check box at the bottom of the screen. Click Next .
On the Ready to configure screen, Click Install.

During the installation in step 8, an exception occurred. According to the prompt information on the installation screen,
System.Net.WebException had an exception and failed to parse 'login.microsoftonline.com',Azure AD Connect installation stopped.

Install environment:
Install OS environment:Windows 2019 GUI Server (Standard x64bit)
Microsoft Azure AD Connect Version:2.0.28.0
Internet:Normal access to other Internet servers
Install OS DNS:Finished with the correct settings
In addition, the attachment adds the installation log:[163792-trace-20211223-090323.log]

Accepted answer

3 additional answers

Your answer

Answer 1

@He, Erchuang/何二创 ,

Looking at the attached logs file, it appears that Azure AD connect failed to establish outbound internet connectivity via device context for Authentication and the AdminWebService endpoint, as shown in the screenshot below:

Are using any using an outbound proxy to connect to the internet? the above success response (200) may have come from the user context rather than device context, therefore request you to the following setting in the C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config file to update your outbound proxy details in case of outbound proxy using.

  <system.net>  
        <defaultProxy>  
            <proxy  
            usesystemdefault="true"  
            proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"  
            bypassonlocal="true"  
            />  
        </defaultProxy>  
    </system.net>

In case if your proxy server requires authentication, the service account must be located in the domain. Use the customized settings installation path to specify a custom service account also the machine.config section should look like this:

<system.net>  
        <defaultProxy enabled="true" useDefaultCredentials="true">  
            <proxy  
            usesystemdefault="true"  
            proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"  
            bypassonlocal="true"  
            />  
        </defaultProxy>  
    </system.net>

Hope this helps.

He, Erchuang/何二创 141 Reputation points

2022-01-11T10:06:04.13+00:00

Thank you very much for your answer. I have modified the machine.config file and tried the above settings respectively, but the installation problem is still not solved.
Attached is the latest installation log.163807-trace-20211223-090323.log

Answer 2

Manu Philip 20,206 MVP Volunteer Moderator

Check, if there is a firewall is blocking required connectivity/ports. Make sure that all the required ports are opened. Following reference will guide on opening the required ports:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports

Siva-kumar-selvaraj 15,721 Reputation points

2022-01-11T07:38:18.56+00:00

Appreciate your contribution on Microsoft Q7A forum :)
He, Erchuang/何二创 141 Reputation points

2022-01-11T08:06:55.437+00:00

Thank you very much for your answer. According to the URL "https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports" you suggested, I checked the port number problem. According to the actual environment test results, some port numbers are owned by other services. Since I installed AADC for the first time, could you please tell me which ports must be available during the installation process?
Manu Philip 20,206 Reputation points MVP Volunteer Moderator

2022-01-12T04:07:47.66+00:00

Coming back to the first comment. Have you checked, if the basic port requirements are met - 80, 443? Also see if you are able to establish connection to the urls mentioned in ID 56 here: urls-and-ip-address-ranges
He, Erchuang/何二创 141 Reputation points

2022-01-12T06:05:47.307+00:00

Thank you very much for your reply. I checked the usage of port numbers 80 and 443. From the results, it seems that ports 80 and 443 can be used, but the installation still fails.
The port number check result is uploaded to the attachment in the form of a picture.164203-portcheck.png

Answer 3

Thanks for reaching out.

As @Manu Philip stated, this appears to be a connectivity issue; please confirm that the Azure AD Connect server has actual connectivity with the Proxy and Internet, and use PowerShell to determine if the proxy is accepting web requests or not. Run the following command in a PowerShell prompt:

Invoke-WebRequest -Uri https://login.microsoftonline.com/
Invoke-WebRequest -Uri https://adminwebservice.microsoftonline.com/ProvisioningService.svc

if the proxy is correctly configured, you should get a success status:

Hope this helps.

Refer to the following link to lean more : https://learn.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity#verify-proxy-connectivity

-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

He, Erchuang/何二创 141 Reputation points

2022-01-11T07:47:21.963+00:00

Thank you very much for your answer, access "https://login.microsoftonline.com/" and "https://adminwebservice.microsoftonline.com/ProvisioningService.svc" through powershell, the StatusCode are returned as 200

Answer 4

Manu Philip 20,206 MVP Volunteer Moderator

I suggest you to check if the requirements are met using the PowerShell Script found here
https://www.powershellgallery.com/packages/AADConnect-CommunicationsTest/4.2.1

As you are trying to install in a stand alone server, domain controller parameter (-DCs parameter) should be specified while running the script

If the Answer is helpful, please click "Accept Answer" and upvote it

He, Erchuang/何二创 141 Reputation points

2022-01-11T11:01:11.083+00:00

Thank you very much for your answer. According to the prompts, I executed the operation of the installation script "AADConnect-CommunicationsTest.ps1" on powershell. After the installation was completed, the ".\AADConnect-CommunicationsTest.ps1 -AzureCredentialCheck -Network -DCs dc1" command was executed. Please refer to the attached log for the command execution result.163865-2022-01-11-aadconnectconnectivity.txt
Manu Philip 20,206 Reputation points MVP Volunteer Moderator

2022-01-11T11:37:38.443+00:00

As indicated in the logs shared, try installing MSOnline module and try once again
Install-Module MSOnline
Make sure that you are running the latest version of the script - 4.2.1
He, Erchuang/何二创 141 Reputation points

2022-01-12T03:05:19.22+00:00

Thank you very much for your answer, I installed the MSOnline module and executed the ".\AADConnect-CommunicationsTest.ps1 -AzureCredentialCheck -Network -DCs dc1" command again, the attachment is the command execution result log164080-2022-01-12-aadconnectconnectivity.txt

Share via

Microsoft Azure AD Connect installation problem

3 additional answers

Your answer