The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
Pass-through Authentication could not be enabled due to an unexpected error. RRS feed

  • Question

  • Hi, 

    I am trying to enable pass-through authentication but getting an error as -


    AzureADConnect.exe Error: 0 : Passthrough authentication enable - failed. Error Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.

    --------------------------------------------------

    Latest logs available at location - C:\ProgramData\Microsoft\Azure AD Connect Authentication Agent\Trace

    AzureADConnectAuthenticationAgentService.exe Error: 0 : UpgradeProxyTrustSettingsLocation: Cannot start connector service since the connector is not registered.
        ThreadId=1
        DateTime=2019-09-13T07:15:14.3509966Z
    AzureADConnectAuthenticationAgentService.exe Error: 0 : Unhandled exception was thrown in Main: 'System.Configuration.SettingsPropertyNotFoundException: ProxyTrustCertificateThumbprint
       at Microsoft.ApplicationProxy.Connector.Common.Runners.ServiceRunner`1.UpgradeProxyTrustSettingsLocation()
       at Microsoft.ApplicationProxy.Connector.Common.Runners.ServiceRunner`1.Run(String[] args, ITracingHelperLogger logger)'
        ThreadId=1
        DateTime=2019-09-13T07:15:14.3559969Z

    ------------------------------------------------

    Latest logs available at location - C:\ProgramData\AADConnect\Trace

    AzureADConnect.exe Information: 0 : 'IPassthroughAuthenticationService' channel recreated successfully. 
    AzureADConnect.exe Error: 0 : Passthrough authentication enable - failed. Error Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
    [12:59:39.474] [ 24] [ERROR] Unable to enable passthrough authentication. Error: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
    [12:59:39.474] [ 24] [ERROR] Failed to enable pass-through authentication. Error: Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
    [12:59:39.474] [ 24] [INFO ] Task 'Configure Passthrough Authentication' has finished execution
    [12:59:39.475] [ 16] [ERROR] Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry. ---> Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       --- End of inner exception stack trace ---
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
    Exception Data (Raw): Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskException: The task 'Configure Passthrough Authentication' has failed. ---> Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry. ---> Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       --- End of inner exception stack trace ---
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
       --- End of inner exception stack trace ---
       at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskGroup.CheckTaskCompletion(Int32 currentTaskIndex)
    [12:59:39.475] [ 16] [VERB ] Cleanup: Starting cleanup for task 'Configure Passthrough Authentication'
    [12:59:39.475] [ 16] [VERB ] Task 'Configure Passthrough Authentication': No cleanup defined
    [12:59:39.475] [ 16] [VERB ] Marking task 'Check Installed Components' as Skipped
    [12:59:39.475] [ 16] [VERB ] Marking task 'Deploy AAD Health Agent' as Skipped
    [12:59:39.475] [ 16] [VERB ] Marking task 'Deploy AAD Sync' as Skipped
    [12:59:39.475] [ 16] [VERB ] Rolling back task Deploy Microsoft Azure AD Connect Authentication Agent

    -------------------------------------------------------

    Thanks,

    Friday, September 13, 2019 7:32 AM

All replies

  • Suggest you to check the Azure AD Connect version and make sure you have the latest Azure AD Connect version 1.3.21.0 installed.

    To verify which version of Azure AD Connect is installed on your server, go to Control Panel and look up the installed version of Microsoft Azure AD Connect by selecting Programs > Programs and Features, as shown here:

    To learn how to upgrade to the latest version, see Azure AD Connect: Upgrade from a previous version to the latest.

    Also, make sure that you have the latest .NET Framework version installed on the system.

    -----------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, September 16, 2019 9:45 AM
    Moderator
  • I'm getting exactly the same error, with a previous version of AAD Connect (released in July) and the one I downloaded today.

    • Server 2016
    • Agent client version is : 'AADConnect/1.4.18.0 PassthroughAuthenticationConnector/1.5.644.0'
    • .NET version is 4.8 (528049)

    I'm accessing AAD via a proxy, but all the other tasks completed with no issues

    [11:41:58.008] [  1] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
    ...
    [12:02:55.936] [ 11] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=xxxxx-xxxx-xxxx-b9e2-xxxxxxxxx, ExpiresUTC=2019-10-01 02:56:31 +00:00, UserInfo=XXX@XXXX.onmicrosoft.com, IdentityProvider=https://sts.windows.net/xxxxx-xxxx-xxxx-b9e2-xxxxxxxxx/.
    AzureADConnect.exe Information: 0 : Changing the passthrough authentication feature enablement state to enable.
    AzureADConnect.exe Information: 0 : WcfClient::GetOrCreateChannelAsync: 'IPassthroughAuthenticationService' channel is not available for communication. Asking lock to recreate. 
    AzureADConnect.exe Information: 0 : WcfClient::GetOrCreateChannelAsync: 'IPassthroughAuthenticationService' channel is still not available. Recreating. 
    AzureADConnect.exe Information: 0 : 'ChannelFactory`1' is not available. Recreating factory. 
    AzureADConnect.exe Information: 0 : 'ChannelFactory`1' recreated successfully. 
    AzureADConnect.exe Information: 0 : Creating a new 'IPassthroughAuthenticationService' channel. 
    AzureADConnect.exe Information: 0 : Opening the new 'IPassthroughAuthenticationService' channel. 
    AzureADConnect.exe Information: 0 : 'IPassthroughAuthenticationService' channel recreated successfully. 
    AzureADConnect.exe Error: 0 : Passthrough authentication enable - failed. Error Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
    I had no problems installing the feature in the same environment (different domain) 2 months ago.
    • Edited by TrixM Tuesday, October 1, 2019 2:24 AM additional info
    Tuesday, October 1, 2019 2:22 AM
  • Thanks Neelesh for reply -

    Azure AD connect version I am using is 1.4.18.0.

    But still getting the same error. Could you please share the link for AAD connection Version 1.3.21.0 ? As the link you shared is for 1.4.18.0.

    Thanks,

    Tuesday, October 1, 2019 7:21 AM
  • I'm having the same issue also. Same as TrixM. This was working as expected in the previous build that was available less than 2 weeks ago. 

    Current version is 1.4.18.0

    18:52:24.666] [ 37] [INFO ] Task 'Pass through authentication Root Task' has finished execution
    [18:52:24.716] [ 18] [ERROR] Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
    Exception Data (Raw): Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry. ---> Microsoft.Online.Deployment.PSModule.Utility.PassthroughAuthConfigurationException: Your Azure AD Connect Authentication agent wasn't registered properly. Please upgrade to the latest version of Azure AD Connect or Azure AD Connect Authentication agent and retry.
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       --- End of inner exception stack trace ---
       at Microsoft.Online.Deployment.PSModule.Tasks.PassthroughAuth.ConfigurePassthroughAuth`1.Execute()
       at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
    [18:52:24.722] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
    [18:52:24.722] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
    [18:52:24.727] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
    [18:52:24.729] [ 18] [INFO ] PerformConfigurationPageViewModel.PerformWorkflowInstallationAndUpdateState: result of installation operations - Failed
    [18:52:24.800] [ 18] [ERROR] PerformConfigurationPageViewModel: We encountered a problem and couldn’t complete the integration.
    [18:52:24.800] [ 18] [ERROR] PerformConfigurationPageViewModel: Pass-through Authentication could not be enabled due to an unexpected error. Please consult the installation logs for additional information. Learn more
    [18:52:33.213] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20191001-184925.log
    [18:57:15.913] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20191001-184925.log

    Tuesday, October 1, 2019 11:56 PM
  • I previously tried version 1.3.21.0 that was working in our Test environment before downloading 1.4.18.0.

    This is the error that is popping up in the Event log.

    Log Name:      Application
    Source:        Azure AD Connect Authentication Agent
    Date:          2019-10-01 12:02:50
    Event ID:      0
    Task Category: None
    Level:         Error
    Description:
    Connector registration failed: Make sure your computer is able to connect to the Azure Active Directory Application Proxy service. For more information see: http://go.microsoft.com/fwlink/?LinkId=512316. Error: 'An error occurred while making the HTTP request to https://<tenantguid>.registration.msappproxy.net/register/RegisterConnector. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.'

    Initially it seemed it wasn't going via the proxy despite the machine.config, but I did netsh winhttp set proxy and it seems ok now.

    However, I wonder if something is going on with ciphers. I'm on Server 2016 with July updates installed (KB4507459). The endpoint that is being connected is cwap-registration-aus1.msappproxy.net and it's negotiating TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 over TLS 1.2. This cipher is in the "weak" list these days.

    Anyway, after that, a packet goes each way and then the endpoint terminates the session with a final 827 byte message (haven't been able to decrypt them).

    • Edited by TrixM Wednesday, October 2, 2019 8:08 AM updated info
    Wednesday, October 2, 2019 5:22 AM
  • Hello guys,

    we have the same problem here;


    Connector registration failed: Make sure your computer is able to connect to the Azure Active Directory Application Proxy service. For more information see: http://go.microsoft.com/fwlink/?LinkId=512316. Error: 'Fehler beim Erstellen der HTTP-Anforderung für https://<tenantguid>.registration.msappproxy.net/register/RegisterConnector. Dies ist möglicherweise darauf zurückzuführen, dass das Serverzertifikat im Fall von HTTPS nicht ordnungsgemäß mit HTTP.SYS konfiguriert wurde. Eine andere mögliche Ursache kann eine fehlende Übereinstimmung bei der Sicherheitsbindung zwischen Client und Server sein.'

    I also tried the Version 1.3.21.0 with the same result.

    Wednesday, October 2, 2019 1:11 PM
  • Well, I don't know what's happened in the last day, but I ran the installer again to do a packet capture before logging a premier support call, and it just worked.

    I made one difference as I ran through the installer - I left the "Start the synchronisation process" option enabled rather than only selecting "Enable staging mode". I also unselected "Enable staging mode" so it just went ahead and synched.

    Friday, October 4, 2019 1:22 AM