I have a proxy-server connected to the internet, as well as several DC's with the DCAgent running.
When I run Get-AzureADPasswordProtectionDCAgent, all my DC's report PasswordPolicyDateUTC : 01.01.0001 00.00.00.
Looking at logs, I've narrowed it down to Event ID 20001 in the Microsoft-AzureADPasswordProtection-ProxyService/Operational log.
<event>
The Azure AD Password Protection Proxy service attempted to forward a message to Azure on behalf of the calling domain controller but received an http failure.
Http failure code: 400
Elapsed time(msec): 1563
Endpoint: https://enterpriseregistration.windows.net/aadpasswordpolicy<snip>/sendreceive?api-version=1.0&traceid=<snip>
This error may be expected if network connectivity to Azure is unreliable. Please ensure that this machine has network connectivity to Azure.
Additional information may be available at https://aka.ms/AzureADPasswordProtection
</event>
The proxy server has internet access.
Running Invoke-WebRequest on the offending URL, I get the following
Invoke-WebRequest : {"Message":"The request failed with status
BadRequest (400). No API matching request was found, verify URL and
parameters are correct"<snip>}The only thing I can think may be the reason, is the fact that I accidentally ran Register-AzureADPasswordProtectionForest before Register-AzureADPasswordProtectionProxy, though I doubt that's the case.
Please advice. Next step for me is running the cleanup-procedure and attempt a reinstall.