Share via

Azure AD Connect Sync Service is not running

michal 191 Reputation points
2022-07-28T12:04:22.76+00:00

Hello all,

I've been receiving the error below for several weeks now... It seems to be quite random - sometimes it is once a week, sometimes it is twice a day, etc... I receive that alert, do nothing... and after few hours I receive another info that it has been "RESOLVED". In addition, I receive also alert "Password Hash Synchronization heartbeat was skipped in last 120 minutes." 1-2 hour later as well. This one gets "RESLOVED" automatically once the 1st one is RESOLVED.

There is one VM DC running in Azure that also has AAD Connect installed and running to sync his AD with AAD

anyone could help me how to fix it? I've checked that the service is set to start automatically ... but not sure why it stops running from time to time.

225769-image.png

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2022-08-03T03:41:06.967+00:00

    @michal

    Yes, you can upgrade your AD connect to latest version. In-place upgrade would be a good option.
    However, I would recommend you try swing migration. This will help you in completing the upgrade process without any downtime.

    You already have an AD connect which is in production currently. You can install another latest version of AD connect server in staging mode in your environment. You can use the export/import option to get the same configuration from current production server.
    For more information on AD connect import/export you can refer below article,
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-config

    Once you have new staging server ready and once you confirm everything got updated as you expected, you can get the old production server in staging and new staging server to production.
    This will not put any downtime in your production environment.

    Once you complete the above step you can perform in-place upgrade on old production server.

    Once you have both server in latest version you can have disable the staging mode on old production server and can enable staging mode.on new server.

    Below is the article that explains how swing migration works,
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-upgrade-previous-version#swing-migration

    Also, you can download latest version of AD connect from here

    Since you are using Windows 2016 server, you can upgrade AD connect to latest version. This is the primary requirement to install AD connect.

    Azure AD Connect (version 1.1.614.0 and after) by default uses TLS 1.2 for encrypting communication between the sync engine and Azure AD. If TLS 1.2 isn't available on the underlying operating system, Azure AD Connect incrementally falls back to older protocols (TLS 1.1 and TLS 1.0). From Azure AD Connect version 2.0 onwards. TLS 1.0 and 1.1 are no longer supported and installation will fail if TLS 1.2 is not enabled.
    This is mentioned in AD connect connectivity requirements in below article,
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites

    Do let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.