"Failed to Disable staging mode."

Seth Edvalson 31 Reputation points
2022-02-09T00:52:47.867+00:00

We added a second AD Connect on a different server and configured it as a staging server. We used the process where we exported settings from the active AD Connect server and imported them during the configuration process. In running AAD Connect Config Documenter, everything looks to be as expected in the report. However, when we disable AD Connect synchonization on the active AD Connect server and place it in staging mode, and then disable AD Connect synchronization on the staging server and try place it in active mode, we get the following error: "An error occurred executing Configure AAD Sync task: Failed to Disable staging mode." Please see attached.![172441-capture.png][1] [1]: /api/attachments/172441-capture.png?platform=QnA What is causing this and how can we resolve it? Thanks, Seth

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,576 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olaseni Williams 20 Reputation points
    2023-09-29T09:19:37.85+00:00

    In case this helps someone else, I already had TLS1.2 enabled so running the PS scripts suggested in the other comments made no difference for me.

    I contacted Microsoft support and was offered the following solution which worked;

    1. On your new AADC server disable Password Writeback (Location of the setting - https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback#enable-password-writeback-in-microsoft-entra-connect).
    2. Then try disabling Staging Mode again (worked for me at this point).
    3. Re-enable Password Writeback.
    4 people found this answer helpful.
  2. Seth Edvalson 31 Reputation points
    2022-02-10T19:27:21.05+00:00

    In case it helps, our solution was this:

    1) Add Azure IP subnet range (just our subnet) as an IP range location in Named locations in Conditional Access

    2) in Conditional Access, under "enforce MFA for all cloud apps," excluded service accounts and the account used to enable the process in Azure directory sync from this conditional access policy.

    2a) the account used to enable the process was subsequently removed from the exclusion after the configuration successfully completed.

    I'm not sure what our problem was, but that was our solution and now it's working fine.

    Thanks again.

    Seth

    2 people found this answer helpful.
  3. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2022-02-09T06:56:31.777+00:00

    anonymous user Thanks for reaching out.

    It would be difficult to pin point to the root cause without looking at the log file which got generated for this.
    But here are most common causes for not being able to disable the Staging mode :

    1) IF TLS 1.2 is not enabled on the server. Follow this for more details and steps involved : https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement

    2) ** Have multiple objects error ** - you will need to fix this.

    For further assistance, we would need that log file to be shared with us.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

  4. Paris Wells 1 Reputation point
    2023-07-18T13:06:18.43+00:00