Quantcast
Channel: Azure Active Directory forum
Viewing all articles
Browse latest Browse all 16000

AD Connect health agent registration failed after installation

$
0
0

After this installation of Azure AD Connect on a Windows Server 2012 R2 machine, the AD Connect health agent doesn't register. The services on the machine stay disabled and not started. I've read that I need to run the Powershell command: 

Register-AzureADConnectHealthSyncAgent -AttributeFiltering:$false -StagingMode:$false

However, this doesn't work as it comes back with "Configuration failed"

2018-04-17 01:40:54.893 Aquiring Monitoring Service certificate using tenant.cert


Configuration Failed

To retry configuration, type:
Register-AzureADConnectHealthSyncAgent

Monitoring will not start until configuration is successful.

To review installation steps and requirements, please visit:
http://go.microsoft.com/fwlink/?LinkID=518643

Detailed log file created in temporary directory:
C:\Users\admin.inova\AppData\Local\Temp\AdHealthAadSyncAgentConfiguration.2018-04-16_19-40-21.log

Register-AzureADConnectHealthSyncAgent : Failed configuring Monitoring Service using command: C:\Program
Files\Microsoft Azure AD Connect Health Sync
Agent\Monitor\Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe sourcePath="C:\Program Files\Microsoft
Azure AD Connect Health Sync Agent\tenant.cert" version="1.1.751.0"
At line:1 char:1+ Register-AzureADConnectHealthSyncAgent -AttributeFiltering:$false -St ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [Register-AzureADConnectHealthSyncAgent], InvalidOperationException+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Identity.AadConnect.Health.AadSync.PowerShell
   .ConfigurationModule.RegisterAzureAdConnectHealthSyncAgent

There is no Proxy server used, which can be seen in the log files too:

2018-04-17 01:40:21.175 User Context outbound connections to https://management.azure.com/providers/Microsoft.ADHybridHealthService/ will use proxy address https://management.azure.com/providers/Microsoft.ADHybridHealthService/ (if equal, no proxy is used)
2018-04-17 01:40:21.175 Service Context: Outbound connections to https://management.azure.com/providers/Microsoft.ADHybridHealthService/ will use proxy address https://management.azure.com/providers/Microsoft.ADHybridHealthService/ (if equal, no proxy is used)

So, when I try to run the test-azureadconnecthealthconnectivity, I get the following:

PS C:\Windows\system32> Test-AzureADConnectHealthConnectivity -Role Sync
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...

Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://login.windows.net
Unhandled exception occurred: The operation has timed out
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/policymanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
Connectivity Test Step 1 of 3 - Failed to connect some service endpoints, please investigate.

Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
Unhandled exception occurred: System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionS
cope scope)
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.LoadI
dentityInfo()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestI
nsightServiceDataUploadProcedure()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.Proce
ssRecord()

I've used the same account with the registration command as I used with installation of the Azure AD Connect software, of which the sync is running without problems.

There is MFA enabled on that account, but I do not see an issue there.

Hope somebody can assist.


Viewing all articles
Browse latest Browse all 16000

Trending Articles