How can I build a SaaS app that allows a user to sign in with their Azure account & have the SaaS app talk to azure resources on the users behalf? Do the user need to create their own AD App in their own AD & give me the ClientID / ClientSecret?

e.g:

I have an app that that helps devs operate some azure resources, e.g. VM's. I'd like for the user to be able to sign into my app with their own azure account (OpenID, Microsoft account or Org. Account), give consent and be redirected back to the app which should then be able to query their resources in their own AAD.

is it possible without requiring the developer to set up their own "enterprise App" in their own AzureAD and give me the ClientID/ClientSecret?

Our university uses a common Office 365 tenant for students, faculty, and staff.

In our university policy, IT systems are required to prevent students from accessing other student's personal information.  This kind of policy is common in many universities.

In the default setting of Office 365 tenant, any user can retrieve all user information in Azure Active Directory by accessing with PowerShell.  To avoid this, we set UsersPermissionToReadOtherUsersEnabled to false in our Azure AD.  Under this setting, non-administrator users can access to Azure AD using PowerShell but can't read other user's information in Azure AD.

However, as described in Known issues for Microsoft Teams <https://docs.microsoft.com/en-us/microsoftteams/known-issues>, when UsersPermissionToReadOtherUsersEnabled is set to false, Teams can't be used practically.

Is there any way to prohibit access itself of non-administrator users to Azure AD using PowerShell?

I've just set up Azure Active Directory Domain Services and noticed that accounts get locked out after 5 failed attempts even though the default domain group policy lockout threshold is set to 0.  I'm also not able to unlock user accounts when logged in as a member of the AAD DC Administrators group.

Is there a way to modify the lockout threshold and to unlock accounts?

Hi,

I defined the email to our support email address when user click on contact the administrator while using SSPR for reset password, please see the image below.

However, it's not working as expected, when i click on contact administrator, i got email sent to the global administrators. Did I missing anything? I also set the support email account to the password administrator group and it doesn't help.

Thank you.

I am facing an issue when using the Authorize endpoint in Windows 10 with Google chrome.

When requesting the following:

GET /common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=...&nonce=...&prompt=none&domain_hint=organizations&login_hint=...

In any other environment than Windows 10 and Google Chrome (Firefox or Windows 7 for example) the authorization flow completes successfully and the redirection happens to the URL provided in the request, given the id token.

But on Windows 10 + Google Chrome combination, the response is instead some HTML containing the following javascript file:

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/oldbssointerrupt_core.min_ifovy4ltwgbno2mkumjmxg2.js

The script is executed and launches a new request to the authorize endpoint, with same parameters except that a new parameter is added: `sso_reload=true`

This new request just hangs in the browser with Pending state and never gives back any response. So the authorization flow cannot finish.

My current User Agent is `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`

If I relaunch the same request with another User Agent, it completes normally without any strange behavior.

So I have 2 questions:

1. Is there any reason about this specific behavior for Windows 10 and Chrome?
2. What is the purppose of the (undocumented) sso_reload parameter?

This sounds like a very specific issue, but I would appreciate any comment or lead. Thank you!

Another user identity question.. I have 2 UAI assigned to my VM. These UAI are assigned to "reader" roles on a storage container and a keyvault. When I query the metadata I get this:

root@danno1:/opt/bootstrap# curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net/' -H Metadata:true
{"error":"invalid_request","error_description":"Identity not found"}

The 2 UAI I've checked are linked properly to role assignments against the correct storage container and key vault. While debugging, I enabled a SystemAssigned identity on the box and suddenly I was receiving tokens. Is there any other steps I need to do in order to "enable" identity services on the VM? I launched the VM with Terraform using the identity={} section in the azurerm_virtual_machine resource.. but it seems like the machine isn't registered with identity services if I launch it with the UAIs only.

If I query the identity of the machine, I get this back:

$ az vm identity show --ids "/subscriptions/11111111111-111111111111/resourceGroups/THE-RG/providers/Microsoft.Compute/virtualMachines/danno1"
{
  "principalId": null,
  "tenantId": null,
  "type": "UserAssigned",
  "userAssignedIdentities": {
    "/subscriptions/11111111111-111111111111/resourceGroups/ManagedServiceIdentity-Wus-Rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/08329dcb-3-wus-uai": {
      "clientId": "11111111111-444444444444",
      "principalId": "11111111111-555555555555"
    },
    "/subscriptions11111111111-111111111111/resourceGroups/ManagedServiceIdentity-Wus-Rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/0afbc123-3-wus-uai": {
      "clientId": "11111111111-222222222222",
      "principalId": "11111111111-33333333333"
    }
  }
}

If anyone knows thanks!

Hi,

A computer (end user workstation) in a hybrid environment (Azure + onprem) is not recognizing user logons as Azure logons.

Judging from what I see in Azure and on the computer, computer seems to be correctly joined to Azure AD. User account seems to be also fine in Azure AD.
I tried with 2 user accounts and a test account, which I know to be free of this problem - but on this particular machine, the problem still occurs (so I don't think the problem is related to user's account).
This is causing Windows to refuse to upgrade to Enterprise edition based on the user's license.
In event viewer I am getting the event 360 and it contains this line : "User has logged on with AAD credentials: No"
I wanted to paste screenshots of dsregcmd /status but I am unable to. Interesting bit seems to be :

Would anyone be able to share some wisdom with me on this?
I've read everything I could find on the internet and still failed to solve this.

Thanks!
Michał

Hello!

I'm trying to implement the following scenario within our cloud-only AzureAD:

I enjoy handling the users and groups via the azure portal in our cloud-only AzureAD. Within my environment, i need to have an on-premise Fileserver (NAS) for privacy reasons and filesize concerns.

• What are convenient ways to set this up?
• How can AzureAD-User-access be enabled and managed for my on-premise fileserver?

I have tried to use secure LDAP, but it doesn't work because it is read-only. 

Thanks in advance!

I am trying to enable user provisioning from Azure Active Directory to Google Cloud Identity / G Suite but cannot succeed.

- I followed guide in https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial to set up the integration.

- I have custom domain "nikovirtala.online" configured on Azure Active Directory that matches to domain configured to Google Cloud Identity.

- On Google Cloud side I have user my super admin credentials and have verified that all APIs are enabled.

On Provisioning configuration I succeed on "Authorize" and "Test Connection" steps:

but when I change the provisioning status "On" and save the configuration I see following error:

"Testing connection to G Suite

on Audit Log says this:

Activity

Hi,

I've got a compliant machine currently being blocked from accessing Sharepoint by conditional access. I've tested on another enrolled machine that's compliant and it's working correctly so the issue seems limited to this PC.

PC is joined to an on-premises Active Directory and is sync'd to Azure AD (Shows as Hybrid Azure AD joined) and under Devices in Intune shows as Compliant.

When trying to access the sharepoint site I get:

Things I've tried:
- Removing the PC and rejoining the domain using a new PC name to avoid object clash
- Multiple browsers, get the same issue on all
- Restarting the PC
- Tried from a different enrolled and compliant PC on the same managed account and don't get the issue there
- Confirmed device is managed by Intune and showing as compliant
- Conditional access policy requires that the device be compliant alone to access Sharepoint
- If I disable the conditional access policy the PC is able to access sharepoint without issues

Any advice would be appreciated, thanks!

Hitten

This one is a not yet described AADSTS50011 issue:

Getting the OAuth2.0 grant token via Azure AD from an SAP system requires registering an application in AAD and providing an OAuth2.0 Client profile on the SAP system. The SAP system can then trigger the flow to get the OAuth token. 

In the SAP system, the OAuth2.0 client configuration contains the Application ID from AAD, client secret, endpoints, grant type set to Authorization Code, target endpoint, and it allows maintaining the redirection URI server used to construct the redirection URI which then follows the pattern https://<SAP system>:<port>/sap/public/bc/sec/oauth2/client/redirect?sap-client=715.

I trigger the flow from SAP system using the corresponding OAuth grant app. Depending on how the redirection URI is maintained in Azure, I get two different error situations:

If the redirection URI is maintained the exactly same way in the app registration settings, I do not end up in the logon screen of the app homepage. Instead, I just get the URL enriched with error information so that it (after URL decoding) looks like this: 

Encoding the parameter sap-client does not change this behavior. It seems AAD does not accept the parameter sap-client (which I can't configure away).

Changing the Reply URL by dropping the parameter (as indicated in the error text) so that it looks like https://<SAP system>:<port>/sap/public/bc/sec/oauth2/client/redirect changes the behavior, but not to the better: I now get the error message pop-up "AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '<app ID'." in login.microsoftonline.com.

What is my error? Is there any guidance how to deal with URL parameters here?

Thanks in advance, Vytas

Hi,

Our administrator registered Dynamic 365 instance in Azure Active Directory.

In microsoft flow HTTP action, I am doing HTTP Post to https://login.microsoftonline.com/tenantID/oauth2/token

The body in the POST is:

client_id=CRMClientID&resource=https://CRMURI&username=MyCRMUserName&password=MyCRMPassword&grant_type=password

The exception I am getting in Flow is "Unauthorized".

Is this becuase the credentials I used is mine which only has access the Dynamic 365 CRM.

Do I have to use the credentials that my adminstrator used to register the Dyanmic 365 in Azure AD. That credentials is Admin to both Azure and Office 365.

Thanks

Hello,

We have Azure AD setup with Pass through authentication with Seamless SSO setup. When users run Office 365 Pro plus (Click to run), it prompts the end user for account info. End user skips the steps and places the office app as unlicensed. If they close the app then re open it, it activates it correctly. I know the SSO is working as they can access the portal without any problems.

We are running Office365ProPlus (deployment) with a shared license setup and auto activation within our xml file.  I've followed the setup and added the required zones as per the setup document.

I'm wondering if there is a fix for the double prompt before it activates the app correctly? Basically trying to eliminate them from entering their info and utilize the SSO for auto activation.

Are there any registry or addition settings required? 

I have a web app and a web API which are register into Azure AD.

I'm invoking web API method from the web app using below code:

AuthenticationResult result =null;string userObjectID =ClaimsPrincipal.Current.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;AuthenticationContext authContext =newAuthenticationContext(Startup.Authority,newADALTokenCache(userObjectID));ClientCredential credential =newClientCredential(clientIdSimulator, clientSecretSimulator);
result = authContext.AcquireTokenAsync("my webapi app uri from azure ad", credential).Result;HttpClient client =newHttpClient();HttpRequestMessage request =newHttpRequestMessage(HttpMethod.Get,"https://demoapi.azurewebsites.net/api/getdata");
request.Headers.Authorization=newAuthenticationHeaderValue("Bearer", result.AccessToken);HttpResponseMessage response = await client.SendAsync(request);// Return the user's profile in the view.if(response.IsSuccessStatusCode){string responseString = await response.Content.ReadAsStringAsync();var test =JsonConvert.DeserializeObject(responseString);}

After execution I get the result as an HTML page into responseString. Output:

<!DOCTYPE html><htmldir="ltr"class=""lang="en"><head><title>Sign in to your account</title><noscript><metahttp-equiv="Refresh"content="0; URL=https://login.microsoftonline.com/jsdisabled"/></noscript><linkrel="shortcut icon"href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8233.17/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico"/>

I expect to get the API method output. How can I get the API method output?

Both the web app and the web API are in the same Azure AD tenant.

Do I need to use authContext.AcquireTokenSilentAsync? When I use this method, I get teh exception failed_to_acquire_token_silently, even if the ID used matches.

SE

Trying to update AD Connect due to the "high CPU utilization bug with .NET" met with UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Steps taken:

1.) Verified AD Connect readiness requirements

2.) Checked that authorization users has AD Global Admin privileges

Trace:

[10:03:33.517] [  1] [INFO ]
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Application starting
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Start Time (Local): Fri, 12 Oct 2018 10:03:33 GMT
[10:03:33.533] [  1] [INFO ] Start Time (UTC): Fri, 12 Oct 2018 14:03:33 GMT
[10:03:33.549] [  1] [INFO ] Application Version: 1.1.882.0
[10:03:33.549] [  1] [INFO ] Application Build Date: 2018-08-31 22:50:05Z
[10:03:36.142] [  1] [INFO ] Telemetry session identifier: {aa4d10f5-8549-49ab-bbeb-f44a85a3e40a}
[10:03:36.142] [  1] [INFO ] Telemetry device identifier: ihlWC1zb0KcA8AsoJLSJDXFzE2OCStb4QFh0nTO/zAw=
[10:03:36.142] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (0eb4240d4)
[10:03:36.502] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[10:03:36.502] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[10:03:36.502] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [Enabled]: True
[10:03:36.502] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[10:03:36.517] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[10:03:36.517] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[10:03:36.564] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[10:03:36.580] [  1] [INFO ] Loading the persisted settings .
[10:03:36.627] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[10:03:36.830] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[10:03:36.830] [  1] [INFO ] Password Hash Sync supported: 'True'
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[10:03:37.049] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:37.064] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:37.064] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:37.064] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.080] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[10:03:37.080] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[10:03:37.236] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[10:03:37.236] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.236] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.236] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[10:03:37.830] [  1] [VERB ] Check product code installed: {4e67cad2-d71b-4f06-a7ae-bb49c566bb93}
[10:03:37.830] [  1] [INFO ] GetProductInfoProperty({4e67cad2-d71b-4f06-a7ae-bb49c566bb93}, VersionString): unknown product
[10:03:37.924] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Product Azure AD Sync Engine (version 1.1.882.0) is installed.
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Configuration is still pending completion.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: verified product code {eca633f0-02e9-466d-91e2-1c56b79b8f01}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft Azure AD Connect Health agent for sync, Version=3.0.103.0, ProductCode=eca633f0-02e9-466d-91e2-1c56b79b8f01, UpgradeCode=114fb294-8aa6-43db-9e5c-4ede5e32886f
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Health agent for sync (version 3.0.103.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[10:03:38.033] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[10:03:38.033] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[10:03:38.033] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[10:03:38.033] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:38.033] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {786f1270-e605-4b12-80a1-6dde0de09323}.
[10:03:38.033] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.882.0, ProductCode=786f1270-e605-4b12-80a1-6dde0de09323, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[10:03:38.033] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[10:03:38.033] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.882.0) is installed.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:39.533] [  1] [INFO ] DetectInstalledComponents stage: Sync engine upgrade required.
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Backup: backing up the persisted state file
[10:03:39.533] [  1] [INFO ]      - Current: C:\ProgramData\AADConnect\PersistedState.xml
[10:03:39.533] [  1] [INFO ]      - New backup: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml, isAddProtection: True
[10:03:39.674] [  1] [INFO ] CallExportSyncConfig: launching ExportSyncConfig.exe.
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: open existing persisted state file to check if GA/QFE version
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: No ScenarioIds were found
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: IsConfigurationComplete=False, userSignInMethodType=PasswordHashSync
[10:03:43.205] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:43.205] [  1] [INFO ] Called SetWizardMode(UpgradeFromAADConnect, True)
[10:03:43.205] [  1] [INFO ] DetectInstalledComponents stage: Wizard mode is now set to UpgradeFromAADConnect.
[10:03:43.205] [  1] [INFO ] Persist: Setting upgrade marker (UpgradeFromAADConnect,1.1.647.0).
[10:03:43.299] [  1] [INFO ] ExistingUserSignInMethodType=PasswordHashSync
[10:03:43.299] [  1] [INFO ] Checking for DirSync conditions.
[10:03:43.299] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[10:03:43.299] [  1] [INFO ] AADSync/AADConnect is present. App.WizardMode=UpgradeFromAADConnect
[10:03:45.080] [  1] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsEligibleForEaCredentials.
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials [True]: received exit code: 97
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials: Express Mode re-provisioning is NOT required.
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:03:45.095] [  1] [ERROR] PerformConfigurationPageViewModel: Caught exception when connecting to persisted state store.
Exception Data (Raw): System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.SavePersistedState()
[10:03:45.111] [  1] [INFO ] UpgradeSyncEngine: verifying current user has db_owner permissions ((localdb)\.\ADSync).
[10:03:45.142] [  1] [INFO ] CheckCurrentUserIsDbOwner: executing query (SELECT IS_MEMBER('db_owner')).
[10:03:45.283] [  1] [INFO ] CheckCurrentUserIsDbOwner: current user is db_owner for the AADSync database. (result=1)
[10:03:45.283] [  1] [INFO ] UpgradeSyncEngine: db_owner permission verified.
[10:03:45.345] [  1] [INFO ] VerifySecurityGroupsExists: verifying if the Security Groups are present
[10:03:45.361] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncAdmins is present in Machine context .
[10:03:47.689] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncBrowse is present in Machine context .
[10:03:47.705] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncOperators is present in Machine context .
[10:03:47.720] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncPasswordSet is present in Machine context .
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartAADSyncUpgrade in Page:"Upgrade Azure Active Directory Connect"
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:121
[10:03:50.439] [ 15] [INFO ] Starting Prerequisite installation
[10:03:50.439] [ 15] [VERB ] WorkflowEngine created
[10:03:50.439] [ 15] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:50.439] [ 15] [VERB ] Getting list of installed packages by upgrade code
[10:03:50.439] [ 15] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:50.439] [ 15] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:50.439] [ 15] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:50.439] [ 15] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:50.439] [ 15] [INFO ] VerifyAzureAdConnectorPresent: Check if the Azure AD connector with ID b891884f-051e-4a83-95af-2544101c9083 is present.
[10:03:51.871] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsAzureAdConnectorPresent.
[10:03:51.871] [ 15] [INFO ] VerifyAzureAdConnectorPresent: The default Azure AD connector is present.
[10:03:51.871] [ 15] [INFO ] Starting Sync Engine upgrade
[10:03:51.873] [ 15] [INFO ] UpgradeSyncEngineStage: Starting Sync Engine upgrade (WizardMode=UpgradeFromAADConnect)
[10:03:54.526] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" SetGlobalParameterValue Microsoft.Synchronize.SchedulerSuspended True.
[10:03:54.539] [ 15] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[10:03:54.548] [ 15] [INFO ] SyncDataProvider:LoadSettings - loading context with persisted global settings.
[10:03:55.023] [ 15] [VERB ] SynchronizationRuleTemplateEngine: Setting multi forest user join criteria AlwaysProvision:
[10:03:56.234] [  1] [INFO ] Page transition from "Upgrade AAD Connect" [InstallSyncEnginePageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[10:03:56.359] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[10:03:56.361] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[10:04:34.885] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[10:04:43.335] [ 15] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - (omitted)
[10:04:43.835] [ 15] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/montoursvillepa.onmicrosoft.com, awsServiceResource=https://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[10:04:43.850] [ 15] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: Sending request to userrealm endpoint.
[10:04:44.585] [ 18] [INFO ] ADAL: 2018-10-12T14:04:44.5850476Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:44.585] [ 15] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=fd61afb6-3929-4834-aedc-ca5e889e0bf1.
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: 59.9929687866667 minutes left until token in cache expires
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.210] [ 15] [INFO ] Authenticate: tenantId=(fd61afb6-3929-4834-aedc-ca5e889e0bf1), IsDirSyncing=True, IsPasswordSyncing=True, DomainName=, DirSyncFeatures=57, AllowedFeatures=ObjectWriteback, PasswordWriteback.
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: AzureTenantSourceAnchorAttribute is objectGUID
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[10:04:46.225] [ 15] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/montoursvillepa.onmicrosoft.com, AdalResource=https://graph.windows.net.
[10:04:46.225] [ 15] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: 59.9721353566667 minutes left until token in cache expires
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.225] [ 15] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[10:04:47.178] [ 15] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant fd61afb6-3929-4834-aedc-ca5e889e0bf1.  Initial domain (MontoursvillePA.onmicrosoft.com).
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[10:04:48.038] [ 15] [INFO ] PowershellHelper: lastDirectorySyncTime=10/11/2018 12:35:00 PM
[10:04:48.241] [ 15] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[10:04:48.241] [ 15] [INFO ] Calling to get the last dir sync time for the current user
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:04:48.475] [ 15] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()<---

[10:04:48.491] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Error" [ErrorPageViewModel]
[10:04:52.506] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20181012-100333.log

Any ideas greatly appreciated.

-Fess

As per Azure AD guideline, Only "Default" and "Long" Application time out value can be assigned to Azure application. Default = 85 seconds and Long = 180 Minutes. But i have few application which takes more than 3 minutes to respond on few UI actions. I am wondering, if there is a way to override the proxy connector application time out settings.

Can we make any change in Proxy Connector window service installed on server to increase Backend application timeout.

Hi all,

I am trying to call Azure Graph API  using Post man by calling following GET request

https://graph.windows.net/edcstest1.onmicrosoft.com/users?api-version=1.6

to access following api, I need access token,

to get access token , i am calling following post api.

https://login.microsoftonline.com/edcstest1.onmicrosoft.com/oauth2/token

by setting all required paramater, like , client_id, client_secret, grant_type, code and redirect_url

It is working fine for me in Post man,

I need help to call it in Java, using Httpclient, 

there it throw following error,