Hello @ll,

i have to combine MFA on premise with a checkpoint firewall / VPN gateway. Is there a whitepaper/walkthrough which can help?

We did:

1. combine checkpoint (radius-client) with an internal NPS (radius-server), build up a network policy and everything is working fine! also sniffed the traffic.

2. build up mfa-Server in LAN. combinded this one with TMG-VPN, UAG-Portal, RDS/RDG - everything is working fine, MFA is running.

3. configured the checkpoint as a radius-client of the MFA-Server and on the MFA-Server set a Radius-Target (NPS). Defined the MFA-Server as radius-client of NPS. Now login via checkpoint fails (timeout)! But sniffing the radius-traffic on checkpoint looks identically as in step 1.!

so now i am doomed, played a bit with vendor-classes and attributes, but no chance. :-(

Any ideas?

Greets, Jens Mander...

gruss, jens mander aka karsten hentrup - www.aixperts.de - www.forefront-tmg.de - www.hentrup.net |<-|

Now I have an azure active directory. What I want to do is giving each active directory user a database instance that other user can not access or manage what resource a user can access. Could anyone give me some idea.

Thanks for help.

When running Convert-MsolDomainToStandard it tells me "When converting domains, please sign in using the initial company administrator credentials (user name and password)"

Why is this as i am using a login from a seperate federated domain. 

Also just to check, if i run the above command against a specific domain, it will only convert users who have that specific UPN? We have 3 federated domains but i only want one to be convered to standard. 

Hello all,

We build an ADFS SSO environment with 2 ADFS3.0 servers, 2 WAP (Windows 2012 R2) servers and 1 AAD connect server.

We configure our tenant (e.g. contoso.com) in Office 365 and synchronize users from several AD (same forest) on premise to Azure AD, we create a group which contains the users account.

We used an attribute with the name and domain we want to use in Office 365 (e.g. extendedAttribute10 =logon@contoso.com)

We used a public certificate and we can connect to SharePoint online from internal or external.

When we tried to access to SharePoint Online with MS Word 2013, we receive a message "We are unable to sign you in to Office. Please access your documents through the browser." We not received a logon window.

While it works with MS Word 2010.

Can you help us to resolve this error ?

Thank you.

philgood031

We synchronize our on-prem AD (including passwords via Password Synchronization) to Azure AD, and have remote users who primarily login to Azure AD services (i.e. Office 365) and seldom login to our on-prem AD. As described in https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-implement-password-synchronization/#password-policy-considerations , we've noticed that these users do not receive notifications in Office 365 and other Azure AD services that their passwords are about to expire - or that their passwords have expired.

Is it at all possible to implement Password Expiration in Azure AD for users synchronized from an on-prem AD environment? Considering that we have Password Synchronization implemented, I would have liked to see this implemented by default.

Is this feature planned or on the roadmap for Azure AD synchronization?

I'm considering Azure AD B2B for a scenario where my company is providing a SaaS app to other businesses. AAD B2B seems ideal from the perspective of managing credentials. BUT, is there now or is there any publicly planned capability to deal with licensing? For example, Client X wants to license 20 seats of our SaaS application -- how can AAD B2B enforce the license limit?

Open to other ideas as well, but not excited about the prospect of leaving it wide open and trying to bill based on reported usage.

Cheers.

Tom Schulte | Plex Systems

Receiving numerous errors in the event viewer:

============================================================

(Source) ADSync | (Event ID) 6900

Hi,

We have an ADFS 2.0 server on premise which is configured to trust ACS. In ACS I have added our ADFS server as a Identity Provider, I have generated a rule group based on the ADFS offered claims. I have not made any changes to the individual claims and there are about 30 claims now in the rule group.

I have created a sample ASP.MVC app with WIF and have added this app as a relying party app on ACS. I have linked the rule group previously created.

The problem now is that ACS only provides me with the 2 default claims. When I connect my sample app directly to the ADFS server the FedUtil shows all claims offered. No matter what I change in my Web.config or FederationMetadata.xml. I keep getting only the basic claims.

It should just work correct? did I miss something on the ADFS Server?

Any suggestions are greatly appreciated.

Hi, 

I am referring MSDN article for Management Libraries for .NET to access my Azure AD account.

I followed all steps from article, but when my application execution starts it gives an error

"An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll

Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'."

c# block where I caught in error-- 

--------------------------------------------------------

 AuthenticationResult result = context.AcquireToken(
                      ConfigurationManager.AppSettings["apiEndpoint"],
                         ConfigurationManager.AppSettings["clientId"],
                        new Uri(ConfigurationManager.AppSettings["redirectUri"]));

---------------------------------------------------------

my context variable as below

-----------------------------------------------------------

var context = new AuthenticationContext(string.Format(
                  ConfigurationManager.AppSettings["login"],
                  ConfigurationManager.AppSettings["tenantId"]));

-------------------------------------------------------------

and when I am trying to add client_secrete key to code 

--------------------------------------------------------------

 AuthenticationResult  result = context.AcquireToken(
                      ConfigurationManager.AppSettings["apiEndpoint"],
                       new ClientCredential("*******", "******"),
                         new UserAssertion("*****", "client_credentials", "*****"));

--------------------------------------------------------------

throws an error

--------------------------------------------

An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll

Additional information: AADSTS50027: Invalid JWT token. AADSTS50027: Invalid JWT token. Token format not valid.

---------------------------------------------

please tell me proper solution where I making mistake and also help to find Assertion key value for application which are added on Azure AD portal.

thanks,

Yogesh

Hi security experts,

I am trying to validate the JWT token returned from ADAL (Experimental version) .acquireToken() after a successful login against a B2C tenant. I have obtained the runtime JWK token from ../discovery/v2.0/keys?p={myloginpolicy}.  I am then trying to extract the public key and validate the signature of the JWT token received earlier via:

WebClientwc =newWebClient();

varsigningTokenJwt = wc.DownloadString("https://login.microsoftonline.com/{myrealm}.onmicrosoft.com/discovery/v2.0/keys?p={myloginpolicy}");

dynamicdynObj =JsonConvert.DeserializeObject(signingTokenJwt);

RSAParametersRSAKeyInfo =newRSAParameters();

RSAKeyInfo.Modulus =Encoding.UTF8.GetBytes(n);

RSAKeyInfo.Exponent =Encoding.UTF8.GetBytes(exp);

RSACryptoServiceProvidercsp = newRSACryptoServiceProvider();

RSAPKCS1SignatureDeformatterRSADeformatter = newRSAPKCS1SignatureDeformatter(csp);

RSADeformatter.SetHashAlgorithm("SHA256");

// Bit hacky this bit for the time being to get the parts of the jwt token received that would have been signed.

byte[] data =Encoding.UTF8.GetBytes(jwtToken.Split('.')[0]+"."+ jwtToken.Split('.')[1]);

byte[] signature = Encoding.UTF8.GetBytes(jwtToken.Split('.')[2]);

byte[] hash = sha1.ComputeHash(data);

System.Diagnostics.Trace.WriteLine(csp.VerifyHash(hash,CryptoConfig.MapNameToOID("SHA256"), signature));

However, this is currently throwing an exception when I try to import the parameters into the CyptoProviderService.

You may ask why I am doing this. I have a set of SOAP web services that will be validating the bearer tokens (so cant use OWIN :-( but still have the need to confirm the token has come from a valid source and has not been tampered with).

Two question then:

1. Am I on the right track in terms of validating the signature?

2. If the above strategy is correct, what am I missing in terms of being able to successfully execute the validation?

Thanks in advance

From Ronnie Kessler

@RonnieKessler via Twitter

"Hi, I'm having major difficulty a) refreshing my oauth token with AzureAD (using ruby) and b) making requests to your API. Can someone please URGENTLY help me??

at the moment I am getting a token back but it's the same token i already had

but once it expires I can't get one

i get an 'invalid grant' message

the client_id is fine"

Over Direct Messaging

Thanks,

@AzureSupport

Hello there

I'm encoutering an issue with the Azure AD feature.

I cannot add my domain (sth like 'mydomain.com')as default directory.

After having added it,it cannot be validated.

However,the TXT entry (MS=ms53158453)has been added by my registrar Arsys.

When I try to check the added domain,I got a message saying thatthenDNSmy not be propagated yet.Then, after more than 24 hours,I get the message (original message in french):

"Unable to check (or validate) this domainbecause It has already been added for your client (or customer, I don't know the correct translation in this context) or another one."

See images below.

Thanx for your help.

Searching... wondering...

When attempting to install Microsoft Azure Active Directory Connect using Express Settings on our Windows Server 2012 R2 Essentials server, it fails with the error "Unable to install the Synchronization Service". The log shows the error "System.NullReferenceException: Object reference not set to an instance of an object."

I have tried fully uninstalling and then reinstalling the aborted installation of  Microsoft Azure Active Directory Connect several times, as well as rebooting our server. The error is always the same.

How can I get Microsoft Azure Active Directory Connect installed and synchronizing?

Here's the full log:

[17:59:48.551] [  1] [INFO ]
[17:59:48.552] [  1] [INFO ] ================================================================================
[17:59:48.552] [  1] [INFO ] Application starting
[17:59:48.553] [  1] [INFO ] ================================================================================
[17:59:48.580] [  1] [INFO ] Application Version: 1.0.0.0-1446499270
[17:59:49.305] [  1] [INFO ] Acquired sync config changes mutex: True
[17:59:49.340] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[17:59:49.424] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[17:59:49.437] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[17:59:49.445] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.469] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[17:59:49.469] [  1] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[17:59:49.474] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[17:59:49.475] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[17:59:49.478] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[17:59:49.478] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.478] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: verified product code {43cc9c53-a217-4850-b5b2-8c347920e500}.
[17:59:49.478] [  1] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[17:59:49.478] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[17:59:49.478] [  1] [INFO ] Product Microsoft Azure Active Directory Module for Windows PowerShell (version 1.0.0) is installed.
[17:59:49.479] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:59:49.479] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.479] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:59:49.479] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:59:49.479] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:59:49.479] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:59:49.479] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[17:59:49.482] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.482] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:59:49.482] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:59:49.491] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[17:59:49.492] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[17:59:49.492] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[17:59:49.494] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.494] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:59:49.494] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:59:49.494] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:59:49.499] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[17:59:49.702] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[17:59:49.702] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine Health Agent
[17:59:49.702] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.702] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[17:59:49.702] [  1] [INFO ] Determining installation action for Azure AD Sync Engine Health Agent (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[17:59:49.702] [  1] [INFO ] Product Azure AD Sync Engine Health Agent is not installed.
[17:59:49.702] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect agent
[17:59:49.702] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.702] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {781f8332-277b-45bf-a5f4-af5a117ffa73}: no registered products found.
[17:59:49.702] [  1] [INFO ] Determining installation action for Azure AD Connect agent (781f8332-277b-45bf-a5f4-af5a117ffa73)
[17:59:49.702] [  1] [INFO ] Product Azure AD Connect agent is not installed.
[17:59:49.702] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[17:59:49.702] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.702] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[17:59:49.702] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[17:59:49.702] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[17:59:49.702] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[17:59:49.702] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[17:59:49.702] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.703] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {6c026a91-640f-4a23-8b68-05d589cc6f18}.
[17:59:49.703] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[17:59:49.703] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[17:59:49.703] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[17:59:49.703] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[17:59:49.703] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.703] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {49d665a2-4c2a-476e-9ab8-fcc425f526fc}.
[17:59:49.703] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.0.2100.60, ProductCode=49d665a2-4c2a-476e-9ab8-fcc425f526fc, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[17:59:49.703] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[17:59:49.704] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.0.2100.60) is installed.
[17:59:49.704] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[17:59:49.704] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.704] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[17:59:49.704] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[17:59:49.704] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector is not installed.
[17:59:49.707] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[17:59:49.843] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[17:59:49.843] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[17:59:49.843] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[17:59:49.843] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:59:49.843] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {b8c6506c-843a-4e91-9a91-975260716ac1}.
[17:59:49.844] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.0.9125.0, ProductCode=b8c6506c-843a-4e91-9a91-975260716ac1, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[17:59:49.844] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[17:59:49.844] [  1] [INFO ] Product Azure Active Directory Connect (version 1.0.9125.0) is installed.
[17:59:49.844] [  1] [INFO ] Checking for DirSync conditions.
[17:59:49.844] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[17:59:49.844] [  1] [INFO ] Sync engine is not present. Performing clean install.
[17:59:54.098] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[17:59:54.374] [  1] [INFO ] App Properties/Metrics:
[17:59:54.375] [  1] [INFO ]    Runtime.Start=2015-11-12T17:59:48-05:00
[17:59:54.375] [  1] [INFO ]    Application.Version=1.0.0.0-1446499270
[17:59:54.375] [  1] [INFO ]    Application.IsDebugBuild=False
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.ProductType=DomainController
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.Sku=50
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.Language=0409
[17:59:54.375] [  1] [INFO ]    Environment.Computer.Make=microsoft corporation
[17:59:54.375] [  1] [INFO ]    Environment.Computer.Model=virtual machine
[17:59:54.375] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[17:59:54.375] [  1] [INFO ]    Runtime.SyncEngine.NewInstall=False
[17:59:54.375] [  1] [INFO ]    Runtime.WizardPageFlow=NewScenario
[17:59:54.375] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=AQUA
[17:59:54.378] [  4] [INFO ] Starting Telemetry Send
[17:59:54.386] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 1.
[17:59:56.920] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[17:59:56.983] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 2.
[17:59:57.022] [ 14] [INFO ] Starting a background thread in Install required components. Background Task Id: 3.
[17:59:57.046] [  7] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[17:59:57.067] [  7] [INFO ] Starting Sync Engine installation
[17:59:57.072] [  7] [INFO ] Starting Prerequisite installation
[17:59:57.073] [  7] [VERB ] WorkflowEngine created
[17:59:57.079] [  7] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[17:59:57.079] [  7] [VERB ] Getting list of installed packages by upgrade code
[17:59:57.080] [  7] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[17:59:57.080] [  7] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[17:59:57.080] [  7] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[17:59:57.080] [  7] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[17:59:57.080] [  7] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[17:59:57.080] [  7] [VERB ] Getting list of installed packages by upgrade code
[17:59:57.080] [  7] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: verified product code {43cc9c53-a217-4850-b5b2-8c347920e500}.
[17:59:57.080] [  7] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[17:59:57.080] [  7] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[17:59:57.080] [  7] [INFO ] Product Microsoft Azure Active Directory Module for Windows PowerShell (version 1.0.0) is installed.
[17:59:57.080] [  7] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:59:57.081] [  7] [VERB ] Getting list of installed packages by upgrade code
[17:59:57.081] [  7] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:59:57.081] [  7] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:59:57.081] [  7] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:59:57.081] [  7] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:59:57.084] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[17:59:57.262] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[17:59:57.267] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[18:00:05.317] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[18:00:07.628] [  8] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
[18:00:07.693] [  8] [INFO ] DiscoverAdalEndpoints: authority=https://login.windows.net/trilon.com, awsServiceResource=https://graph.windows.net.
[18:00:07.858] [  8] [WARN ] Failed to read AdalEnabled registry key: An error occurred while executing the 'Get-ItemProperty' command. Property AdalEnabled does not exist at path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure AD Connect.
[18:00:07.858] [  8] [INFO ] Authenticate: SIA authentication is enabled.
[18:00:07.872] [  8] [INFO ] Authenticate-SIA: authenticating credentials and retrieving company configuration
[18:00:09.488] [  8] [INFO ] Authenticate: tenantId=(9b9b45bd-d082-40d7-aac9-52e2f9509b1f), IsDirSyncing=True, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=8192, AllowedFeatures=None.
[18:00:09.653] [  8] [WARN ] Failed to read AdalEnabled registry key: An error occurred while executing the 'Get-ItemProperty' command. Property AdalEnabled does not exist at path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure AD Connect.
[18:00:09.653] [  8] [INFO ] AzureTenantPage: connecting to AAD PowerShell using admin credentials.
[18:00:11.250] [  8] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[18:00:11.974] [  8] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 9b9b45bd-d082-40d7-aac9-52e2f9509b1f.
[18:00:11.979] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[18:00:11.983] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[18:00:11.989] [  8] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[18:00:12.236] [  8] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[18:00:12.273] [  8] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[18:00:12.276] [  8] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[18:00:12.280] [  8] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[18:00:17.326] [  1] [INFO ] Property Password failed validation with error A password is required.
[18:00:19.634] [ 10] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
[18:00:19.667] [ 10] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user TRILON\netadmin
[18:00:19.788] [ 10] [INFO ] Start GetEnterpiseAdminSid using rootdomain TRILON.local
[18:00:19.805] [ 10] [INFO ] EnterpiseAdminSid=S-1-5-21-3330898670-3413095202-1050576034-519
[18:00:19.862] [ 10] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'TRILON.local' was successfully matched.
[18:00:19.874] [ 10] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[18:00:19.879] [ 10] [INFO ] Validating forest with FQDN TRILON.local
[18:00:19.948] [ 10] [INFO ] Examining domain TRILON.local (:0% complete)
[18:00:19.954] [ 10] [INFO ] ValidateForest: using Server2012.TRILON.local to validate domain TRILON.local
[18:00:19.959] [ 10] [INFO ] Successfully examined domain TRILON.local GUID:319c0d7c-4178-4d6c-908d-03597a52d219  DN:DC=TRILON,DC=local
[18:00:19.999] [ 10] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[18:00:20.005] [ 10] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[18:00:20.009] [ 10] [INFO ] Starting a background thread in Ready to configure. Background Task Id: 4.
[18:00:21.074] [  1] [INFO ] Exchange schema is not detected for forest TRILON.local , so no exchange option displayed.
[18:00:23.389] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 5.
[18:00:23.391] [ 15] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[18:00:23.394] [ 15] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[18:00:23.400] [ 15] [INFO ] Starting Sync Engine installation
[18:00:26.229] [  4] [INFO ] Starting Telemetry Send
[18:00:26.239] [ 15] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Providers.EngineSetupProvider.SetupSyncEngine(String setupFilesPath, String installationPath, String sqlServerName, String sqlInstanceName, String serviceAccountName, String serviceAccountDomain, String serviceAccountPassword, String groupAdmins, String groupBrowse, String groupOperators, String groupPasswordSet, Int32 numberOfServiceInstances, ProgressChangedEventHandler progressChanged, NetworkCredential& serviceAccountCredential, SecurityIdentifier& serviceAccountSid)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[18:00:41.066] [  1] [INFO ] Opened log file at path C:\Users\netadmin\AppData\Local\AADConnect\trace-20151112-175948.log

Trilon, Inc.

Hi,

I'm working through the MSDN documentation (bad) located here:

https://msdn.microsoft.com/en-us/library/partnercenter/mt427350.aspx

I did a pull of all the meter items from the API and have the returned dataset. I'm now looking at how to pull this into our financial system. There are a couple in here that are messy, they don't looks like a "unit" and now means I have to have another manual process of mapping this data to real data. I'm talking about "1,000s" type units, in that case the Unit is transactions yet it's badly defined in Azure's ratecard. Any chance on getting this cleaned up?

Here's the list:

GB
Hours
Connections
1M Queries
Days
Azure Endpoints
Units
Users
Agents
VM
1,000,000s
Devices
Named Users
Activities
Authentications
Key Use
10,000s
Unit Hours
100 Licenses
Sites
Seats
Virtual User Minutes
1000s
Instances
DNS Zones
Apps
1 Unit
Content Hours
100 Keys
100 Users
Minutes
Authentications (10s)
External Endpoints
5 GB
100s
Messaging Unit
1M Data Points
1 GB
128 MB
1,000s
Pipelines
Remaps
Annual Domains

Hi,

We are planning to use the Azure Active Directory user authentication for our organization's Line of Business Applications and to use the B2B collaboration feature for authenticating customers from other organizations.

I need the details about the following

- Customization of login screen and error messages display on the screen. 

When an unauthorized organizational user tries to login into the application then it goes through the authentication but returns an error since this user is not configured to access the application, then a bad request message is displayed and message with GUID & Application ID is displayed in the Sign-In Page text area on the page. This doesn't make sense to a business user, Can we customize this Sign In text section to display more meaningful message or give access to a link to request for access for the user?

- B2B Collaboration for customers without Azure AD

We explored the B2B Collaboration for customers without Azure active directory and found that internally Microsoft is assigning an AD for the user to sign in and the rest of the users with the same domain are being added to this Active Directory. But how will the users perform actions like Password reset or revoking access to already assigned user without getting access to the Microsoft Azure active directory. This also puts an overhead to the customers to manage the Active Directory for them to access our application. Please let us know whether there is any other way to on-board customers without Active Directory in B2B Collaboration.

Thanks in Advance,

Deeps

Thanks & Regards, Deep