none
Azure AD Connect sync errors

    Question

  • Hello,

    Recently we changed the public IP for our ADFS proxy server and replaced our firewall. I have updated DNS and am now able to reach the ADFS sign in page and reach my emails; however, I am unable to fix the Azure AD Connect sync.

    I believe I have unblocked the ports and URLs listed in most of the help guides to no avail.

    Here are the errors I receive when I run the usual delta sync manually. Thanks very much in advance -Ash

    PS C:\Users\admin\Desktop> Start-ADSyncSyncCycle -PolicyType Delta
    Start-ADSyncSyncCycle : System.Management.Automation.CmdletInvocationException:
    Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed --->
    System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResource)
       at
    Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionHelper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfiguration(B
    oolean includeLicenseInformation)
       at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
       at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
    syncSettingsSerialized, Char** errorString)
        ErrorCode: user_realm_discovery_failed
        StatusCode: 0 ---> System.InvalidOperationException: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
    user_realm_discovery_failed: User realm discovery failed ---> System.Net.WebException: The remote server returned an error: (503) Server
    Unavailable.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResource)
       at
    Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionHelper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfiguration(B
    oolean includeLicenseInformation)
       at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
       at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
    syncSettingsSerialized, Char** errorString)
        ErrorCode: user_realm_discovery_failed
        StatusCode: 0
       at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String& settingsDeserialized,
    String& errorString)
       at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
       --- End of inner exception stack trace ---
       at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
       at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output,
    PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output,
    PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings
    settings)
       at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState
    initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
       at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerPowerShellAdapter.GetCurrentSchedulerSettings()
       at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean interactiveMode)
       at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
    At line:1 char:1
    + Start-ADSyncSyncCycle -PolicyType Delta
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : WriteError: (Microsoft.Ident...ADSyncSyncCycle:StartADSyncSyncCycle) [Start-ADSyncSyncCycle], InvalidOperati
       onException
        + FullyQualifiedErrorId : System.Management.Automation.CmdletInvocationException: Microsoft.IdentityModel.Clients.ActiveDirectory.Adal
       ServiceException: user_realm_discovery_failed: User realm discovery failed ---> System.Net.WebException: The remote server returned an
       error: (503) Server Unavailable.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
           at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)

           at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResou
       rce)
           at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionH
       elper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
           at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfigurat
       ion(Boolean includeLicenseInformation)
       at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
       at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
           at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSer
       ialized, Char** errorString)
        ErrorCode: user_realm_discovery_failed
            StatusCode: 0 ---> System.InvalidOperationException: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
    user_realm    _discovery_failed: User realm discovery failed ---> System.Net.WebException: The remote server returned an error: (503)
    Server Unavail    able.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse.<CreateByDiscoveryAsync>d__0.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
           at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalServiceResource)

           at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance adalServiceResou
       rce)
           at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.InitializeProvisionH
       elper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initialize()
           at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCompanyConfigurat
       ion(Boolean includeLicenseInformation)
       at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
       at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
           at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSer
       ialized, Char** errorString)
        ErrorCode: user_realm_discovery_failed
        StatusCode: 0
           at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String& settingsDeserialized
       , String& errorString)
       at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
       --- End of inner exception stack trace ---
       at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
           at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PS
       InvocationSettings settings)
           at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvoca
       tionSettings settings)
           at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings s
       ettings)
       at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
           at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initial
       SessionState, IDictionary`2 commandParameters, Boolean isScript)
           at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerPowerShellAdapter.GetCurrentSchedulerSettings()

       at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean interactiveMode)
           at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString),Microsoft.IdentityM
       anagement.PowerShell.Cmdlet.StartADSyncSyncCycle

    Friday, March 31, 2017 7:11 PM

All replies