"Failed to Disable staging mode."

Question

"Failed to Disable staging mode."

We added a second AD Connect on a different server and configured it as a staging server. We used the process where we exported settings from the active AD Connect server and imported them during the configuration process. In running AAD Connect Config Documenter, everything looks to be as expected in the report. However, when we disable AD Connect synchonization on the active AD Connect server and place it in staging mode, and then disable AD Connect synchronization on the staging server and try place it in active mode, we get the following error: "An error occurred executing Configure AAD Sync task: Failed to Disable staging mode." Please see attached.![172441-capture.png][1] [1]: /api/attachments/172441-capture.png?platform=QnA What is causing this and how can we resolve it? Thanks, Seth

Jasen Crisp 1 Reputation point

2022-02-09T18:12:17.147+00:00

I'm getting the exact same error trying to disable staging on my new server as well.

[10:35:03.878] [ 33] [ERROR] Failed to Disable staging mode.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Exception details =>
Type => System.InvalidOperationException
An error occurred, ..\server.cpp(10880), code 80004005,

I was able to re-enable syncing on my older server.

Jasen Crisp 1 Reputation point

2022-02-09T18:12:17.147+00:00

I'm getting the exact same error trying to disable staging on my new server as well.

[10:35:03.878] [ 33] [ERROR] Failed to Disable staging mode.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Exception details =>
Type => System.InvalidOperationException
An error occurred, ..\server.cpp(10880), code 80004005,

I was able to re-enable syncing on my older server.

Answer 1

Seth Edvalson 6

In case it helps, our solution was this:

1) Add Azure IP subnet range (just our subnet) as an IP range location in Named locations in Conditional Access

2) in Conditional Access, under "enforce MFA for all cloud apps," excluded service accounts and the account used to enable the process in Azure directory sync from this conditional access policy.

2a) the account used to enable the process was subsequently removed from the exclusion after the configuration successfully completed.

I'm not sure what our problem was, but that was our solution and now it's working fine.

Thanks again.

Seth

JamesTran-MSFT 28,021 Reputation points Microsoft Employee

2022-02-10T22:58:24.883+00:00

anonymous user
Thank you for following up with this!

I'm glad that you were able to resolve the issue and thank you for posting your solution so others experiencing this can easily reference your post!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

VipulSparsh-MSFT 15,986

anonymous user Thanks for reaching out.

It would be difficult to pin point to the root cause without looking at the log file which got generated for this.
But here are most common causes for not being able to disable the Staging mode :

1) IF TLS 1.2 is not enabled on the server. Follow this for more details and steps involved : https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement

2) ** Have multiple objects error ** - you will need to fix this.

For further assistance, we would need that log file to be shared with us.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Seth Edvalson 6 Reputation points

2022-02-09T12:59:58.587+00:00

Here's the log file. It doesn't reference a TLS problem that I can see, but I will look into this document. Any other ideas? Thanks much. [172579-logfile.txt][1] [1]: /api/attachments/172579-logfile.txt?platform=QnA
Seth Edvalson 6 Reputation points

2022-02-09T13:35:38.13+00:00

After reviewing the provided doc and executing those commands, the problem persists. Here is the most recent log file. [172594-trace-20220209-051049.log][1] Thanks much for your help. Seth [1]: /api/attachments/172594-trace-20220209-051049.log?platform=QnA
VipulSparsh-MSFT 15,986 Reputation points

2022-02-10T05:32:14.037+00:00

anonymous user Thanks for sharing the logs. You are running Azure AD connect with version : 2.0.91.0 which now talks to Azure AD only on TLS 1.2
With many customer reporting us the same error message, we find TLS 1.2 enablement to be the issue.

So please confirm if it is already in place, if not you can follow https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement to enable this.

@Jasen Crisp Can you also confirm about the TLS 1.2 status. AAD connect version after 1.2.65.0 and later now fully support using only TLS 1.2 for communications with Azure.
Richard Warburton 1 Reputation point

2022-07-06T11:06:04.933+00:00

Nice this resolved it for me, I just ran the script in the doc, restarted, ran the GUI again and the server move out of staging mode within a few minutes and configuration moved on. Just make sure you restart and check use the checking script before and afterwards to check it's enabled, cheers!

"Failed to Disable staging mode."

2 answers

Activity