locked
Azure AD Connect Health AD FS Agent, FileVersion: 2.6.232.0 registration fails RRS feed

  • Question

  • I am unable to register and install the services for Azure AD Connect Health (AD FS Agent). 

    The following error is received during the install. It seems to be related to the new version 2.6.232.0.
    I have successfully installted version 2.6.224.0 on other machines but I do not have access to the installation file for that version anymore.

    2016-06-10 10:52:36.461 ProductName: Azure AD Connect Health AD FS Agent, FileVersion: 2.6.232.0, Current UTC Time: 2016-06-10 10:52:36Z


    2016-06-10 10:52:36.477 AHealthServiceUri (ARM): https://management.azure.com/providers/Microsoft.ADHybridHealthService
    /

    2016-06-10 10:52:36.477 AdHybridHealthServiceUri: https://s1.adhybridhealth.azure.com/

    2016-06-10 10:52:37.899 AHealthServiceApiVersion: 2014-01-01

    2016-06-10 10:52:50.152 Detecting AdFederationService roles...

    2016-06-10 10:52:50.215 Detected the following role(s) for adfs.domain.com:

    2016-06-10 10:52:50.215         AD FS 2012 R2 Federation Service Proxy

    2016-06-10 10:52:52.356 Aquiring Monitoring Service certificate using tenant.cert


    Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.Identity.Health.Common.ETWTraceListener.Write(Object entry)
       at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogEvent(Int32 eventId, EventLogEntryType eventType, String
    keyword, String messageFormat, Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogError(Int32 eventId, String keyword, String messageFormat
    , Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.Startup.Program.Main(String[] args)

    Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.Identity.Health.Common.ETWTraceListener.Write(Object entry)
       at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogEvent(Int32 eventId, EventLogEntryType eventType, String
    keyword, String messageFormat, Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogError(Int32 eventId, String keyword, String messageFormat
    , Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.Startup.Program.Main(String[] args)

    Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.Identity.Health.Common.ETWTraceListener.Write(Object entry)
       at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String message)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogEvent(Int32 eventId, EventLogEntryType eventType, String
    keyword, String messageFormat, Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.AgentTrace.LogError(Int32 eventId, String keyword, String messageFormat
    , Object[] arguments)
       at Microsoft.Online.Reporting.MonitoringAgent.Startup.Program.Main(String[] args)

    Configuration Failed

    To retry configuration, type:
    Register-AzureADConnectHealthADFSAgent

    Monitoring will not start until configuration is successful.

    To review installation steps and requirements, please visit:
    http://go.microsoft.com/fwlink/?LinkID=518643

    Detailed log file created in temporary directory:
    C:\Users\AppData\Local\Temp\AdHealthAdfsAgentConfiguration.2016-06-10_12-52-36.log

    Register-AzureADConnectHealthADFSAgent : Failed configuring Monitoring Service using command: C:\Program Files\Azure Ad
     Connect Health Adfs Agent\Monitor\Microsoft.Identity.Health.Adfs.MonitoringAgent.Startup.exe sourcePath="C:\Program Fi
    les\Azure Ad Connect Health Adfs Agent\tenant.cert" version="2.6.232.0"
    At line:1 char:1
    + Register-AzureADConnectHealthADFSAgent
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Register-AzureADConnectHealthADFSAgent], InvalidOperationException
        + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Identity.Health.Adfs.PowerShell.Configuration
       Module.RegisterADHealthAdfsAgent
    Friday, June 10, 2016 11:23 AM

All replies

  • Hi,

    If the Azure AD Connect Health for Sync agent registration fails after successfully installing Azure AD Connect, you can use the following PowerShell command to manually register the agent:
    Register-AzureADConnectHealthSyncAgent -AttributeFiltering $false -StagingMode $false

    You could refer the following link for details:
    https://azure.microsoft.com/en-in/documentation/articles/active-directory-aadconnect-health-agent-install/#manual-azure-ad-connect-health-for-sync-registration

    Regards,
    Malar.


    Saturday, June 11, 2016 6:39 AM
  • Hi.

    Thank you for the reply but this issue is not related to the sync agent. It's the AD FS Agent.
    There is no AttributeFiltering or StagingMode available for the AD FS Agent.

    PS C:\Windows\system32> get-help Register-AzureADConnectHealthADFSAgent

    NAME
        Register-AzureADConnectHealthADFSAgent

    SYNTAX
        Register-AzureADConnectHealthADFSAgent [-Prompt]  [<CommonParameters>]

        Register-AzureADConnectHealthADFSAgent [-AadToken <securestring>]  [<CommonParameters>]

        Register-AzureADConnectHealthADFSAgent [-Credential <pscredential>]  [<CommonParameters>]


    ALIASES
        None


    REMARKS
        None

    Monday, June 13, 2016 5:23 AM
  • Hi,

    I´m having the same issue, did you find a resolution? Tried to build a complete new environment and get the same error.

    I can see the ADFS server is added to the AD health connect, but keeps staying on unhealthy state.

    Sunday, June 26, 2016 9:00 PM
  • In my case, I was getting this error due to a wider ADFS issue where I had a specific IP:port certificate binding on the ADFS IP address.

    This was causing my WAP servers to error as well. 

    This technet blog explains the issue as well as provides a powershell script that can be run on each ADFS server to determine if the error exists.

    If you only have a single ADFS server "netsh http show sslcert" can be run to determine if you have an incorrect binding. If the binding is there you can run "netsh http delete sslcert ipport=IP Address:port" to fix the issue.

    The binding would look something like:

    C:\Users\administrator.CONTOSO>netsh http show sslcert

    SSL Certificate bindings:
        IP:port                      : 1.2.3.4:443
        Certificate Hash             : 3638de9b03a488341dfe32fc3ae5c480ee687793
        Application ID               : { 4dc3e181-e14b-4a21-b022-59fc669b0914}
        Certificate Store Name       : (null)
        Verify Client Certificate Revocation : Enabled
        Verify Revocation Using Cached Client Certificate Only : Disabled
        Usage Check                  : Enabled
        Revocation Freshness Time    : 0
        URL Retrieval Timeout        : 0
        Ctl Identifier               : (null)
        Ctl Store Name               : (null)
        DS Mapper Usage              : Disabled
        Negotiate Client Certificate : Disabled


    Wednesday, August 3, 2016 8:54 AM