다음을 통해 공유

Deploying Azure Active Directory Sync Behind a Proxy

  • 아티클

Hi All!

If you have faced with the issue where the Azure AD Sync tool cannot be installed behind a proxy server and got an error that resembles the following:

Event ID 906 
Source: AzureActiveDirectoryDirectorySyncTool

System.Management.Automation.CmdletInvocationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 2ee6eab5-b192-44b4-8f06-cc68618e3c01 See the event log for more details.. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 2ee6eab5-b192-44b4-8f06-cc68618e3c01 See the event log for more details..

   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.ValidateConfigurationParameters(Connector connector)

   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateConnector(Connector connector, Boolean validate)

   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet.ProcessRecord() 

then you may find the following information helpful, as this the the way I solved it.

In order to make Azure AD work with a proxy (without having to bypass adminwebservice.microsoftonline.com and login.microsoftonline.com) you have to edit ​the following two configuration files: 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

and

C:\Program Files\Microsoft Azure AD Sync\Bin\miiserver.exe.config

*NOTE: Before doing any kind of editing please make sure that you have backed up copies of the files! *

Try adding the following right before the closing </configuration> tag at the end of the files:

<system.net>

    <defaultProxy>

      <proxy

        usesystemdefault="true"

        proxyaddress="http://proxy:port"

        bypassonlocal="true"

      />

    </defaultProxy>

  </system.net>

(Here you can find some additional info about the proxy element: https://msdn.microsoft.com/en-us/library/sa91de1e.aspx?f=255&MSPPError=-2147217396) 

Do not forget to add the proxy via cmd too. The following will import the proxy that was set up in Internet Explorer:

netsh winhhtp import proxy ie

Then try to run the configuration wizard again.

I really hope you will find this helpful!