Ensure that the health agents have outbound connectivity to the following service end points. It is possible
that your firewall rules are blocking this connectivity.
↧
Ensure that the health agents have outbound connectivity to the following service end points. It is possible that your firewall rules are blocking this connectivity.
↧
Azure Active Directory B2C
i just started using azure active directory b2c for Authentication in my asp.net core web app and protect my back-end web api but i can't find a proper working repo in github. recently i download azure-ad-b2c-asp-net-core repo from github and configure with my b2c settings. after successful login its redirecting to my localhost address and getting an error msg.
ArgumentNullException: Value cannot be null.
Parameter name: ticket
ArgumentNullException: Value cannot be null. Parameter name: ticket
System.ArgumentNullException: Value cannot be null. Parameter name: ticket at Microsoft.AspNetCore.Authentication.AuthenticateResult.Success(AuthenticationTicket ticket) at Microsoft.AspNetCore.Authentication.BaseControlContext.CheckEventResult(AuthenticateResult& result) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRemoteAuthenticateAsync>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRemoteCallbackAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.VisualStudio.Web.BrowserLink.Runtime.BrowserLinkMiddleware.<ExecuteWithFilter>d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__6.MoveNext()
please help me to fix this problem and if u have any other complete working example repo with this same architecture please send those links. Thank you
↧
↧
Adconnect and Synchronization Target
Hello ,
please could tell me what can be Synchronize from our on premise AD to Ad Azure !
i think the more important to Sychnronize its the Users . i dont see any value to Synchronize the whole domain controller.
what do you think ?
↧
Attempting to modify application manifest on Azure AD B2C results in "Updates to converged applications are not allowed in this version."
Hi,
we're currently evaluating whether B2C will suit our needs as an IDaaS platform, we were making good progress, got the basics working, and then we tried to add roles.
It seems that the only way to add a role is to modify the application manifest, but whenever we try to do this, we get an error stating: "Updates to converged applications are not allowed in this version.".
Now I don't know what a converged application is, or how to make it not converged, so at this point I need some help. What does this message actually mean, and how can we add the application roles we need to our application inside Azure?
Kind regards,
Patrik Husfloen
↧
Azure AD B2C
Hi ,
Just wondering is there any way to send email to all the Users in the "Azure AD Active directory" from the portal ?
If not can we get the "Authentication EmailID(s)' of all Users programatically using Graph Api?
Please Respond.
↧
↧
Use of Managed Service Accounts with Azure Active Directory
I'm curious, has anyone tried, or know if it's even supported, to use a Managed Service Account (MSA) for the Sync Account in AADSync?
↧
Got [3001000;reason="There has been an error authenticating the request.";category="invalid_client"] error when communicate to SPO using app-only token.
Hi,
I followed the Build service and daemon apps in Office 365 and Performing app-only operations on SharePoint Online through Azure AD document to create a windows console application to communicate to SPO using Azure AD App-only token approach and got the above error message. the following is my steps:
- Created a Azure AD application and specified the following settings:
- Name: sharepointappidtest
- Type: Web application and/or Web API
- Sign-On URL: https://xyz.sharepoint.com
- App ID URI: https://xyz.sharepoint.com
- Configure this Azure AD application’s “permission to other applications” as the following:
- Windows Azure Active Directory: “Read Directory data” [Application permission]
- Office 365 SharePoint Online: “Have Full control of all site collections” [Application permission] and “Read and write managed metadata” [Application permission].
- Created a self-signed certificate and run the PS from those two documents to get key, and thumbnail key
- Downloaded manigest.json, updated “keyCredentials” value and uploaded it back.
- Created a windows console application. Added Microsoft.IdentityModel.Clients.ActiveDirectory and Newtonsoft.Json libraries.
- The following is my code:
static void Main(string[] args)
{
doStuffInOffice3651().Wait();
}
private async static Task doStuffInOffice3651()
{
string clientId = "[Azure AD application client id]";
string key = "xxxx"; //certificate password
//set the authentication context
//you can do multi-tenant app-only, but you cannot use /common for authority…must get tenant ID
//string authority = "https://login.microsoftonline.com/[tenant].onmicrosoft.com/oauth2/authorize";
string authority = "https://login.windows.net/[tenant].onmicrosoft.com";
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
//read the certificate private key from the executing location
//NOTE: This is a hack…Azure Key Vault is best approach
var certPath = System.Reflection.Assembly.GetExecutingAssembly().Location;
//certPath = certPath.Substring(0, certPath.LastIndexOf('\\')) + "\\O365AppOnly_private.pfx";
certPath = @"C:\OfficeDevPnP.PartnerPack.SiteProvisioning\Certs\OfficeDevPnPCert.pfx";
var certfile = System.IO.File.OpenRead(certPath);
var certificateBytes = new byte[certfile.Length];
certfile.Read(certificateBytes, 0, (int)certfile.Length);
X509Certificate2 cert = new X509Certificate2(certPath, key, X509KeyStorageFlags.MachineKeySet);
//var cert = new X509Certificate2(
// certificateBytes,
// key,
// X509KeyStorageFlags.Exportable |
// X509KeyStorageFlags.MachineKeySet |
// X509KeyStorageFlags.PersistKeySet); //switchest are important to work in webjob
ClientAssertionCertificate cac = new ClientAssertionCertificate(clientId, cert);
//get the access token to SharePoint using the ClientAssertionCertificate
Console.WriteLine("Getting app - only access token to SharePoint Online");
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://xyz.sharepoint.com/", cac);
var token = authenticationResult.AccessToken;
Console.WriteLine("App - only access token retreived");
//perform a post using the app-only access token to add SharePoint list item in Attendee list
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
client.DefaultRequestHeaders.Add("Accept", "application/json; odata = verbose");
string url = "https://xyz.sharepoint.com/_api/web/Lists/getbytitle('TestLog')";
using (HttpResponseMessage response = await client.GetAsync(url))
{
if (!response.IsSuccessStatusCode)
Console.WriteLine("ERROR: SharePoint ListItem Creation Failed!");
else
Console.WriteLine("SharePoint ListItem Created!");
}
Console.ReadLine();
}I was able to get token without any problems. But no matter how I did, I always got the following 401 error message for REST API call:
{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{x-ms-diagnostics: 3001000;reason="There has been an error authenticating the request.";category="invalid_client"
SPRequestGuid: 25eb839d-0020-3000-0b4e-92f6dca2b3aa
request-id: 25eb839d-0020-3000-0b4e-92f6dca2b3aa
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 212
SPIisLatency: 3
MicrosoftSharePointTeamServices: 16.0.0.5326
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Tue, 07 Jun 2016 20:19:53 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer realm="6f423eb7-7932-4e19-ae14-fa375038681b",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*,https://sts.windows.net/*/,00000003-0000-0ff1-ce00-000000000000@90140122-8516-11e1-8eff-49304924019b",authorization_uri="https://login.windows.net/common/oauth2/authorize"
X-Powered-By: ASP.NET
Content-Length: 453
}}
can anyone point me out what the problem is?↧
Can an admin auto-"verify" a user's phone number for Self Service Password Reset - Registration
With SSPR enabled for everyone, is there a way to skip SSPR registration for users without the use of an AAD Group?
For example, are there any additional attributes an Admin can set, so that a user can already be registered and verified for SSPR without having to set and verify their numbers themselves?
↧
Multi-tenant app accessible by other apps
The following image explains the situation quite well
I would like to allow applications B1 and B2 to access my application A and at the same time, all 3 applications are located in different Azure ADs (Company1 AD, My AD and Company2 AD).
Is it possible to set up Azure application so that apps in other Azure ADs can access it?
I'm aware of the "availableToOtherTenants" option in the manifest, but that just seems to allow access for users, not apps. Moreover, when I tried to update the manifest of application B1 or B2 with appId/clientId of application A, the manifest correctly saves, but when I try opening "Required permissions" for B1/B2, it shows the loading animation but never actually loads the resources that I have allowed it to access.
Is it possible to achieve this? If so, what steps do I need to take?
Thanks
↧
↧
Configure AAD Sync. An Error occurred executing Configure AAD Sync task: Failed to retrieve schema.failed-authentication2016-11-07 19:37:21.033xxxx.local:389
The onlychanges to this environment was a password change on the portal.office.com website for the Admin. Approximately 10 days or so. Why? The website indicated the password needed to be changed. As of 11/7/16 I changed the password back to the original prior to changing the password.
No problems yet or none noticed after the password change as of the date of the password change.
On to the problem the customer asked for a new user with email only. No Problem right? Added the user on the on-prem AD controller. Waited for the sync to occur to the portal and nothing synced.
Checked the health of the services and found this error on the Office Portal website: Last password sync Warning: last synced more than 3 days ago.
The directory did sync but no user updates. I am thinking both the password sync and dirsync must occur for on-prem AD updates to replicate to the Office Portal?
1.I have tried to reset the password back to the original password it was successful on the Portal.Office.Page. I still suspect an Admin or AAD password has not accepted the password change somewhere but really not sure.
2.Ran AAD Connect and I am receiving this error cut and paste from the log file:
Configure AAD Sync.
An Error occurred executing Configure AAD Sync task: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2016-11-07 19:37:21.033</date><server>xxx.local:389</server><cd-error><error-code>0x31</error-code>
3.I am not excessively knowledgeable about AAD and could use all the help I can get. Thanks in advance and I am looking forward to your help.
↧
Accidental Azure Choice. Can't get new login.
Hi. I have a new laptop and accidentally selected to use the Azure AD for my administration. Our company has not bought it yet, so I need to uninstall this as my AD. Problem is, I get to the login screen but it will not accept my Office
365 Login. Please help. Thanks.
↧
I want to update our password complexity requirements. How do I test before making the change? Where do I make the change?
When we are resetting our password in Office 365, it automatically asks for 8 characters with digits and special characters.
When we look in Group Policy Management, under Default Domain Policy, we see a minimum password of only 4 characters, and the complexity requirement is disabled. I can create an account with a password of "1234".
We have Azure AD Connect running, and it seems to work correctly; passwords in AD are updated for Office 365 and vice versa.
The questions now are these-
1) Do I set a new password policy in Group Policy, and it will be reflected in the requirements for when we reset passwords through Office 365?
2) Is there something we need to do in Azure AD Connect which controls password complexity requirements?
3) How can I test changing the complexity requirement before rolling it out? Do I just make the change, and hope that existing passwords are completely unaffected?
↧
Azure ADFS health monitoring errors - need resolution / guidance
ADFS actually appears to be working correctly, however I cannot seem to clear the following AD connect alerts appearing on ALL the ADFS services in the farm. ADFS sign in works from extranet and intranet. Having trouble with Office 365 Single-Sign on due to MFA being enabled - need to check if app password will work.
Regardless - can't seem to figure or find info on these errors:
Test Authentication Request (Synthetic Transaction) failed to obtain a token
The test authentication requests (Synthetic Transactions) initiated from this server has failed to obtain a token after 5 retries. This may be caused due to transient network issues, AD DS Domain Controller availability or a mis-configured AD FS server. As a result, authentication requests processed by the federation service may fail. Please note that the agent uses the Local Computer Account context to obtain a token from the Federation Service. |
Thanks for any guidance!
↧
↧
Does Azure AD support OAuth basic (a.k.a header) authentication for its token endpoint?
Does Azure AD support OAuth basic (a.k.a header) authentication for its token endpoint?
I've read https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#use-the-authorization-code-to-request-an-access-token and I've tried to use Microsoft's OpenID Connect OWIN middlewares for both ASP.NET MVC and ASP.NET
Core. My rudimentary experience with Azure AD and these middlewares is that Basic Authentication for the token endpoint is not supported. I also looked at the app manifest in Azure AD and it doesn't seem to offer a way to customize the authentication for the
token endpoint, which makes me wonder whether Azure AD even supports Basic Authentication for the token endpoint.
However,
section 2.3.1 of the OAuth 2.0 specification clearly states:
- "The authorization server MUST support the HTTP Basic authentication scheme for authenticating clients that were issued a client password."
Q: Is Azure AD compliant with this part of the OAuth spec? If so, how to enable Basic Authentication?
A bit later, the section mentions the following:
" Including the client credentials in the request-body using the two parameters is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme (or other password-based HTTP authentication schemes)."
whereas I tested that the default way the Microsoft OpenID Connect authentication middleware for ASP.NET MVC (https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect) and ASP.NET Core (https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect)
perform token endpoint authentication is by using the POST method, which is not recommended by the OAuth specification. Furthermore, that POST method seems to be hardcoded in the middlewares (https://github.com/aspnet/Security/blob/release/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs#L667
for ASP.NET Core version).
Q: Is this the right assumption that both Azure AD and its associated OWIN middlewares only support POST authentication at this stage?
In summary, my question is: Does Azure AD support OAuth 2.0 Basic authentication for its token endpoint and if not, does it plan to support it in a foreseeable future?
Thanks in advance for any feedback!
Raphael Londner
↧
Log out from a web app secured by Azure Ad
We have hosted an Web App as App Services on cloud. and used Azure Active Directory Authentication Provider (Advanced) to secure the web app. (Link)
For log out, I've used the link as "/.auth/logout?post_logout_redirect_uri=/logout.html". logout.html is the page within my web app only. and as the web app is secured logout.html page is also secured. so after logout when it tries to navigate to logout.html, it gets redirected to authentication and once authenticated it shows logout.html page.
I want to show a custom page once user sign out of the application but seems like with the above method, there is no way to exclude a single page from authentication. (may be not with location tag in web.config as well)
Please let me know if there is any better way.
Thanks,
Himal
↧
updating Installing Azure AD Connect
Hi All,
I get a error message:
"An error occurred while analyzing your current settings. Unable to export DirSync Configuration"
any ideas what I need to do? I also ran it "as administrator".
Kind regards,
↧
Azure connect installation error
[03:07:25.350] [ 1] [INFO ]
[03:07:25.479] [ 1] [INFO ] ================================================================================
[03:07:25.479] [ 1] [INFO ] Application starting
[03:07:25.479] [ 1] [INFO ] ================================================================================
[03:07:25.479] [ 1] [INFO ] Start Time (Local): Tue, 08 Nov 2016 03:07:25 GMT
[03:07:25.479] [ 1] [INFO ] Start Time (UTC): Tue, 08 Nov 2016 09:07:25 GMT
[03:07:25.481] [ 1] [INFO ] Application Version: 1.1.281.0
[03:07:25.481] [ 1] [INFO ] Application Build Date: 2016-08-31 21:42:07Z
[03:07:25.522] [ 1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (ae7f34f)
[03:07:26.107] [ 1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[03:07:26.107] [ 1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[03:07:26.107] [ 1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[03:07:26.107] [ 1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[03:07:26.107] [ 1] [INFO ] Default Proxy [Enabled]: True
[03:07:26.107] [ 1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[03:07:26.134] [ 1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[03:07:26.170] [ 1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[03:07:26.180] [ 1] [INFO ] Checking if machine version is 6.1.7601 or higher
[03:07:26.216] [ 1] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[03:07:26.216] [ 1] [INFO ] Password Sync supported: 'True'
[03:07:26.252] [ 1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 80
[03:07:26.260] [ 1] [INFO ] DetectInstalledComponents stage: Checking install context.
[03:07:26.264] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[03:07:26.267] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.275] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[03:07:26.275] [ 1] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[03:07:26.277] [ 1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[03:07:26.277] [ 1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[03:07:26.278] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[03:07:26.278] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.278] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[03:07:26.280] [ 1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[03:07:26.307] [ 1] [INFO ] CheckInstallationState: Packaged version (1.1.281.0), Installed version (0.0.0).
[03:07:26.307] [ 1] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.281.0 > 0.0.0).
[03:07:26.308] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[03:07:26.308] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.308] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[03:07:26.309] [ 1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[03:07:26.309] [ 1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[03:07:26.309] [ 1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[03:07:26.309] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[03:07:26.310] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.310] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[03:07:26.310] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[03:07:26.310] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[03:07:26.315] [ 1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[03:07:26.315] [ 1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[03:07:26.315] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[03:07:26.315] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.315] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[03:07:26.315] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[03:07:26.316] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[03:07:26.318] [ 1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[03:07:26.368] [ 1] [INFO ] Product Azure AD Sync Engine is not installed.
[03:07:26.368] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[03:07:26.368] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.368] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[03:07:26.368] [ 1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[03:07:26.368] [ 1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[03:07:26.368] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[03:07:26.368] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.368] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[03:07:26.368] [ 1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[03:07:26.368] [ 1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[03:07:26.368] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect agent
[03:07:26.368] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.368] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {a8b03820-e701-44d7-b65e-6ffbb866a861}: no registered products found.
[03:07:26.368] [ 1] [INFO ] Determining installation action for Azure AD Connect agent (a8b03820-e701-44d7-b65e-6ffbb866a861)
[03:07:26.368] [ 1] [INFO ] Product Azure AD Connect agent is not installed.
[03:07:26.368] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[03:07:26.368] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.369] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[03:07:26.369] [ 1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[03:07:26.369] [ 1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[03:07:26.369] [ 1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[03:07:26.369] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[03:07:26.369] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.370] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
[03:07:26.370] [ 1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[03:07:26.370] [ 1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
[03:07:26.370] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[03:07:26.370] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.370] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {1385d3db-8e80-427b-91d2-b7535862b8e4}.
[03:07:26.371] [ 1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.3.6518.0, ProductCode=1385d3db-8e80-427b-91d2-b7535862b8e4, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[03:07:26.371] [ 1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[03:07:26.371] [ 1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.3.6518.0) is installed.
[03:07:26.371] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[03:07:26.371] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.371] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[03:07:26.371] [ 1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[03:07:26.371] [ 1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector is not installed.
[03:07:26.372] [ 1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[03:07:26.407] [ 1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[03:07:26.408] [ 1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[03:07:26.408] [ 1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[03:07:26.408] [ 1] [VERB ] Getting list of installed packages by upgrade code
[03:07:26.408] [ 1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {da95097a-3eaf-4145-a2c8-4b12381652dc}.
[03:07:26.409] [ 1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.281.0, ProductCode=da95097a-3eaf-4145-a2c8-4b12381652dc, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[03:07:26.409] [ 1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[03:07:26.409] [ 1] [INFO ] Product Azure Active Directory Connect (version 1.1.281.0) is installed.
[03:07:26.409] [ 1] [INFO ] Checking for DirSync conditions.
[03:07:26.409] [ 1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[03:07:26.409] [ 1] [INFO ] Sync engine is not present. Performing clean install.
[03:07:31.224] [ 1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[03:07:31.301] [ 1] [INFO ] App Properties/Metrics:
[03:07:31.302] [ 1] [INFO ] Runtime.Start=2016-11-08T03:07:25-06:00
[03:07:31.302] [ 1] [INFO ] Application.Version=1.1.0.0-1472679727
[03:07:31.302] [ 1] [INFO ] Application.IsDebugBuild=False
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.Platform=Win32NT
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.ServicePack=
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.ProductType=DomainController
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.Sku=80
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.Language=0409
[03:07:31.302] [ 1] [INFO ] Runtime.PerformConfiguration.Result=NotStarted
[03:07:31.302] [ 1] [INFO ] Environment.Computer.Make=dell inc.
[03:07:31.302] [ 1] [INFO ] Environment.Computer.Model=inspiron 660
[03:07:31.302] [ 1] [INFO ] Environment.OperatingSystem.IsDomainJoined=True
[03:07:31.302] [ 1] [INFO ] Runtime.SyncEngine.InstallState=InstallRequired
[03:07:31.302] [ 1] [INFO ] Runtime.SyncEngine.InstallResult=NotStarted
[03:07:31.302] [ 1] [INFO ] Runtime.InitialDetectionResult=InstallSyncEngine
[03:07:31.302] [ 1] [INFO ] Runtime.WizardPageFlow=NewScenario
[03:07:31.302] [ 1] [INFO ] Runtime.EncodedPageNavigationBytes=AQUA
[03:07:31.302] [ 1] [INFO ] Runtime.EncodedHelpLinkUsageBytes=
[03:07:31.303] [ 8] [INFO ] Starting Telemetry Send
[03:07:31.327] [ 1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 614.
[03:07:31.340] [ 9] [INFO ] Checking if machine version is 6.1.7601 or higher
[03:07:31.340] [ 9] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[03:07:31.340] [ 9] [INFO ] Password Sync supported: 'True'
[03:07:31.368] [ 1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[03:07:44.227] [ 1] [INFO ] Express Settings: Updating page flow for EXPRESS mode install.
[03:07:44.228] [ 1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[03:07:44.271] [ 1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 4129.
[03:07:44.310] [ 7] [INFO ] Starting a background thread in Install required components. Background Task Id: 4162.
[03:07:44.323] [ 6] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[03:07:44.328] [ 6] [INFO ] Starting Sync Engine installation
[03:07:44.330] [ 6] [INFO ] Starting Prerequisite installation
[03:07:44.331] [ 6] [VERB ] WorkflowEngine created
[03:07:44.333] [ 6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[03:07:44.334] [ 6] [VERB ] Getting list of installed packages by upgrade code
[03:07:44.334] [ 6] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[03:07:44.335] [ 6] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[03:07:44.335] [ 6] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[03:07:44.335] [ 6] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[03:07:44.335] [ 6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[03:07:44.335] [ 6] [VERB ] Getting list of installed packages by upgrade code
[03:07:44.335] [ 6] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[03:07:44.335] [ 6] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[03:07:44.358] [ 6] [INFO ] CheckInstallationState: Packaged version (1.1.281.0), Installed version (0.0.0).
[03:07:44.358] [ 6] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.281.0 > 0.0.0).
[03:07:44.359] [ 6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[03:07:44.359] [ 6] [VERB ] Getting list of installed packages by upgrade code
[03:07:44.359] [ 6] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[03:07:44.360] [ 6] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[03:07:44.360] [ 6] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[03:07:44.360] [ 6] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[03:07:44.367] [ 6] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
[03:07:44.388] [ 6] [VERB ] Created task 91b870cb-fedb-43a2-a367-e7fdd0e03125 with name Uninstall Microsoft Online Sign-In Assistant
[03:07:44.389] [ 6] [VERB ] Created task 53ff587b-bbaa-4e03-adf0-18bfa3d06d3f with name Install Microsoft Online Sign-In Assistant
[03:07:44.389] [ 6] [VERB ] Created task e8598c10-c9f7-4cb8-82e8-47fe1330a460 with name Uninstall Microsoft Online PowerShell Module
[03:07:44.390] [ 6] [VERB ] Created task c2f7d2d2-c5a2-4f4f-ae21-13d0b5c9ab6b with name Install Microsoft Online PowerShell Module
[03:07:44.390] [ 6] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
[03:07:44.394] [ 6] [VERB ] Executing task Install Prerequisites
[03:07:44.395] [ 6] [VERB ] Waiting for task to complete: Install Prerequisites
[03:07:44.403] [ 18] [VERB ] Executing task Uninstall Microsoft Online Sign-In Assistant
[03:07:44.407] [ 19] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' has finished execution
[03:07:44.408] [ 18] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' finished successfully
[03:07:44.408] [ 18] [VERB ] Executing task Install Microsoft Online Sign-In Assistant
[03:07:44.410] [ 20] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' has finished execution
[03:07:44.410] [ 18] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' finished successfully
[03:07:44.410] [ 18] [VERB ] Executing task Uninstall Microsoft Online PowerShell Module
[03:07:44.411] [ 21] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' has finished execution
[03:07:44.411] [ 18] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' finished successfully
[03:07:44.411] [ 18] [VERB ] Executing task Install Microsoft Online PowerShell Module
[03:07:45.572] [ 22] [INFO ] Task 'Install Microsoft Online PowerShell Module' has finished execution
[03:07:45.572] [ 18] [INFO ] Task 'Install Microsoft Online PowerShell Module' finished successfully
[03:07:45.572] [ 18] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
[03:07:45.573] [ 24] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
[03:07:45.573] [ 18] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
[03:07:45.573] [ 18] [INFO ] Task 'Install Prerequisites' has finished execution
[03:07:45.573] [ 6] [VERB ] Waited 0:00:01.1780007 for task to complete: Install Prerequisites
[03:07:45.575] [ 1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[03:07:45.599] [ 1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[03:07:45.602] [ 1] [INFO ] Property Username failed validation with error Username must be in the format name@domain.com or name@domain.onmicrosoft.com
[03:07:56.979] [ 1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[03:08:01.807] [ 9] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
[03:08:01.837] [ 9] [INFO ] DiscoverAzureInstance [Default]: authority=https://login.windows.net/optiononline.live, awsServiceResource=https://graph.windows.net.
[03:08:01.862] [ 9] [INFO ] Authenticate: ADAL authentication is enabled.
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: - AuthenticationContext: ADAL .NET with assembly version '2.26.0.0', file version '2.26.30510.2204' and informational version 'a7d6e508b4f87979eed7a45414e6149daeccce4f' is running...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: - TokenCache: Clearing Cache :- 0 items to be removed
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: - TokenCache: Successfully Cleared Cache
[03:08:01.887] [ 9] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: b5422956-7056-4bda-abba-623773f8149d - AcquireTokenHandlerBase: === Token Acquisition started:
Authority: https://login.windows.net/optiononline.live/
Resource: https://graph.windows.net
ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
Authentication Target: User
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: b5422956-7056-4bda-abba-623773f8149d - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: b5422956-7056-4bda-abba-623773f8149d - TokenCache: No matching token was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:01: b5422956-7056-4bda-abba-623773f8149d - <CreateByDiscoveryAsync>d__0: Sending user realm discovery request to 'https://login.windows.net/common/UserRealm/admin@optiononline.live?api-version=1.0'
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: b5422956-7056-4bda-abba-623773f8149d - <PreTokenRequest>d__4: User with hash 'Oq0CtwZHvg0NYHexK3ZVWa3KaXIz/nS/0nmMduUezlY=' detected as 'Managed'
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: b5422956-7056-4bda-abba-623773f8149d - TokenCache: Storing token in the cache...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: b5422956-7056-4bda-abba-623773f8149d - TokenCache: An item was stored in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: b5422956-7056-4bda-abba-623773f8149d - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
Access Token Hash: 38PwyZBP36N4orA88FCanzMD02eFILqp9MbqnvJaBuU=
Refresh Token Hash: lyXwgvH7jtd6CkRpHfhOub1QtbeuAEDLaRx4NelDmKo=
Expiration Time: 11/08/2016 10:08:01 +00:00
User Hash: Bh6suxt2UUvKXlVI2wciiJbaaj0046l4rQ31fuyl8Fs=
[03:08:02.763] [ 9] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=8ff0a1cf-f8d0-41f2-a46a-fb873b3b42b6.
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - AcquireTokenHandlerBase: === Token Acquisition started:
Authority: https://login.windows.net/optiononline.live/
Resource: https://graph.windows.net
ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
Authentication Target: User
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - TokenCache: 59.982733305 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:02: 79f69461-686b-4468-9c3c-bee427daf98c - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
Access Token Hash: 38PwyZBP36N4orA88FCanzMD02eFILqp9MbqnvJaBuU=
Refresh Token Hash: lyXwgvH7jtd6CkRpHfhOub1QtbeuAEDLaRx4NelDmKo=
Expiration Time: 11/08/2016 10:08:01 +00:00
User Hash: Bh6suxt2UUvKXlVI2wciiJbaaj0046l4rQ31fuyl8Fs=
[03:08:04.146] [ 9] [INFO ] Authenticate: tenantId=(8ff0a1cf-f8d0-41f2-a46a-fb873b3b42b6), IsDirSyncing=True, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=8224, AllowedFeatures=ObjectWriteback, PasswordWriteback.
[03:08:04.175] [ 9] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/optiononline.live, AdalResource=https://graph.windows.net.
[03:08:04.175] [ 9] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - AcquireTokenHandlerBase: === Token Acquisition started:
Authority: https://login.windows.net/optiononline.live/
Resource: https://graph.windows.net
ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
Authentication Target: User
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - TokenCache: 59.9594833266667 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:04: f560bc3f-51c0-4013-bc9c-c52789628818 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
Access Token Hash: 38PwyZBP36N4orA88FCanzMD02eFILqp9MbqnvJaBuU=
Refresh Token Hash: lyXwgvH7jtd6CkRpHfhOub1QtbeuAEDLaRx4NelDmKo=
Expiration Time: 11/08/2016 10:08:01 +00:00
User Hash: Bh6suxt2UUvKXlVI2wciiJbaaj0046l4rQ31fuyl8Fs=
[03:08:04.177] [ 9] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[03:08:04.178] [ 9] [INFO ] ConnectMsolService: connecting using an AccessToken.
[03:08:04.263] [ 9] [WARN ] Failed to import module MSOnline for PowerShell Command Connect-MsolService
AzureADConnect.exe Information: 0 : 11/8/2016 9:08:04 AM: - AuthenticationContext: ADAL .NET with assembly version '2.23.0.0', file version '2.23.30226.1847' and informational version '0b5f258db72d0632d3693d262acbf77b634e9136' is running...
[03:08:04.900] [ 9] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[03:08:05.128] [ 9] [WARN ] Failed to import module MSOnline for PowerShell Command Get-MsolCompanyInformation
[03:08:05.406] [ 9] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 8ff0a1cf-f8d0-41f2-a46a-fb873b3b42b6.
[03:08:05.408] [ 9] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[03:08:05.410] [ 9] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[03:08:05.411] [ 9] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[03:08:05.429] [ 9] [WARN ] Failed to import module MSOnline for PowerShell Command Get-MsolDomain
[03:08:05.626] [ 9] [INFO ] AzureTenantPage: Successfully retrieved 4 domains from the tenant.
[03:08:05.643] [ 9] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[03:08:05.644] [ 9] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[03:08:05.647] [ 9] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[03:08:20.954] [ 1] [INFO ] Property Password failed validation with error A password is required.
[03:08:25.434] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
[03:08:25.462] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user OPTIONONLINE\DEON
[03:08:25.526] [ 14] [INFO ] Start GetEnterpiseAdminSid using rootdomain optiononline.live
[03:08:25.536] [ 14] [INFO ] EnterpiseAdminSid=S-1-5-21-592907670-1703850096-2820173330-519
[03:08:25.579] [ 14] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'optiononline.live' was successfully matched.
[03:08:25.583] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[03:08:25.585] [ 14] [INFO ] Validating forest with FQDN optiononline.live
[03:08:25.622] [ 14] [INFO ] Examining domain optiononline.live (:0% complete)
[03:08:25.625] [ 14] [INFO ] ValidateForest: using DDHOST.optiononline.live to validate domain optiononline.live
[03:08:25.627] [ 14] [INFO ] Successfully examined domain optiononline.live GUID:f6e1a589-dff0-46fa-a784-25acc00dc4d0 DN:DC=optiononline,DC=live
[03:08:25.645] [ 14] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[03:08:25.721] [ 14] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/optiononline.live, AdalResource=https://graph.windows.net.
[03:08:25.722] [ 14] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - AcquireTokenHandlerBase: === Token Acquisition started:
Authority: https://login.windows.net/optiononline.live/
Resource: https://graph.windows.net
ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
Authentication Target: User
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - TokenCache: 59.60038107 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 11/08/2016 09:08:25: d28565e6-1497-4a63-a85a-86e9ca8efa69 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
Access Token Hash: 38PwyZBP36N4orA88FCanzMD02eFILqp9MbqnvJaBuU=
Refresh Token Hash: lyXwgvH7jtd6CkRpHfhOub1QtbeuAEDLaRx4NelDmKo=
Expiration Time: 11/08/2016 10:08:01 +00:00
User Hash: Bh6suxt2UUvKXlVI2wciiJbaaj0046l4rQ31fuyl8Fs=
[03:08:25.723] [ 14] [VERB ] MsolDomainExtensions.GetAllConfiguredDomains: Connecting to MSOL service.
[03:08:25.723] [ 14] [INFO ] ConnectMsolService: connecting using an AccessToken.
[03:08:25.777] [ 14] [WARN ] Failed to import module MSOnline for PowerShell Command Connect-MsolService
[03:08:26.090] [ 14] [WARN ] Failed to import module MSOnline for PowerShell Command Get-MsolDomain
[03:08:26.251] [ 14] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[03:08:26.253] [ 14] [INFO ] Starting a background thread in Ready to configure. Background Task Id: 11149.
[03:08:27.258] [ 14] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=https://s1.adhybridhealth.azure.com, AdalAuthority=https://login.windows.net/optiononline.live, AdalResource=https://management.core.windows.net/.
[03:08:27.288] [ 1] [INFO ] Exchange schema is not detected for forest optiononline.live , so no exchange option displayed.
[03:08:29.844] [ 1] [INFO ] Starting a background thread in Configuring. Background Task Id: 12377.
[03:08:29.845] [ 9] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[03:08:29.846] [ 9] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[03:08:29.849] [ 9] [INFO ] Starting Sync Engine installation
[03:08:47.223] [ 8] [INFO ] Starting Telemetry Send
[03:08:47.226] [ 9] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service. Please see the event log for additional details. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
--- End of inner exception stack trace ---
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
at Microsoft.Online.Deployment.OneADWizard.Providers.EngineSetupProvider.SetupSyncEngine(String setupFilesPath, String installationPath, String sqlServerName, String sqlInstanceName, String serviceAccountName, String serviceAccountDomain, String serviceAccountPassword, String groupAdmins, String groupBrowse, String groupOperators, String groupPasswordSet, Int32 numberOfServiceInstances, ProgressChangedEventHandler progressChanged, NetworkCredential& serviceAccountCredential, SecurityIdentifier& serviceAccountSid)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[03:09:30.880] [ 1] [INFO ] Opened log file at path C:\Users\Administrator\AppData\Local\AADConnect\trace-20161108-030725.log
↧
↧
Allowing a REST service to act on behalf of a user
I'm trying to set up an authorization flow. We have a Sharepoint setup that we want users to access through a REST API we implement. We basically want the user to log in from client-side code, send the JWT token they get to our REST endpoint, and for our REST service to be able to act on behalf of the user in Sharepoint.
This post is more complete, but the spam filter keeps rejecting new threads. Will post the rest in follow ups.
↧
Error with AAD Connect
Hi, could you help me with this error? When I try to sync local domain with Azure, I got error.
Log information:
[12:14:20.076] [ 24] [ERROR] An error occurred while executing the 'New-MsolFederatedDomain' command. Microsoft.Online.Administration.Automation.DomainTakeoverFederatedRootDomainNotSupportedException
Exception Data (Raw): Microsoft.Online.Deployment.PowerShell.PowerShellInvocationException: An error occurred while executing the 'New-MsolFederatedDomain' command. Microsoft.Online.Administration.Automation.DomainTakeoverFederatedRootDomainNotSupportedException
---> Microsoft.Online.Identity.Federation.Powershell.FederationException: Microsoft.Online.Administration.Automation.DomainTakeoverFederatedRootDomainNotSupportedException
--- End of inner exception stack trace ---
at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
at Microsoft.Online.Deployment.Types.Utility.MsolDomainExtensions.NewMsolFederatedDomain(IPowerShell powerShell, String domainName, Boolean enableSupportMultipleDomain)
at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.ConfigureMsolDomain(IPowerShell powerShell, MsolDomain domain, Boolean enableSupportMultipleDomain)
at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.ConfigureSelectedDomain(IPowerShell powerShell, String domainName, String primaryAdfsHostName)
at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.Execute()
at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
↧
Adconnect and TLS 1.2
Hello ,
we have an ADFS Farm (Adfs server + Wap server ).the wap server is in DMZ zone .
i plan to install ADconnect in Adfs server and i want to know is there an impact if i enbale TLS1.2 in ADFS server because by default it is TLS 1.0 .
is there no impact , must also enable TLS 1.2 in WAP server ?
regards
↧