locked
Azure AD Connect Health wont register with Server Core? Error on missing IEFRAME.DLL RRS feed

  • Question

  • Everytime I try to deploy the agent into a sever running Windows Server 2012 R2 Core with the ADFS role installed I get this error in the Powershell window:

    PS C:\adfs> Register-AzureADConnectHealthADFSAgent
    AssemblyName: Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule, Version=2.1.0.0, Culture=neutral
    , PublicKeyToken=null, FileVersion: 2.1.69.100, Current UTC Time: 2015-07-21 21:16:51Z
    
    
    Configuration Failed
    
    To retry configuration, type:
    Register-AzureADConnectHealthADFSAgent
    
    Monitoring will not start until configuration is successful.
    
    To review installation steps and requirements, please visit:
    http://go.microsoft.com/fwlink/?LinkID=518643
    
    Log file created in working directory:
    AdHealthAdfsAgentConfiguration.2015-07-21_15-16-51.log
    
    Register-AzureADConnectHealthADFSAgent : The type initializer for
    'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase' threw an exception.
    At line:1 char:1
    + Register-AzureADConnectHealthADFSAgent
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Register-AzureADConnectHealthADFSAgent], TypeInitializationException
        + FullyQualifiedErrorId : System.TypeInitializationException,Microsoft.Identity.Health.Adfs.PowerShell.Configurati
       onModule.RegisterADHealthAdfsAgent

    In the log files I see this:

    powershell.exe Error: 0 : 7/21/2015 9:16:51 PM: ab6ca4f4-085a-48c4-8b87-030af2a44fff - <RunAsync>d__0: System.TypeInitializationException: The type initializer for 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase' threw an exception. ---> System.DllNotFoundException: Unable to load DLL 'IEFRAME.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.NativeMethods.SetQueryNetSessionCount(SessionOp sessionOp)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase..cctor()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase..ctor(Object ownerWindow)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog..ctor(Object ownerWindow)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WebUI.Authenticate(Uri requestUri, Uri callbackUri)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.<AcquireAuthorization>b__0()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.AcquireAuthorization()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.PreTokenRequest()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__0.MoveNext()
    System.TypeInitializationException: The type initializer for 'Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase' threw an exception. ---> System.DllNotFoundException: Unable to load DLL 'IEFRAME.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.NativeMethods.SetQueryNetSessionCount(SessionOp sessionOp)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase..cctor()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.AdHealthAgentConfigurationUtility.ObtainAadAccessTokenByPromptingUserCredential()
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.RegisterADHealthAgent.GetAadToken()
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.RegisterADHealthAgent.ProcessRecord()
    This to me seems like the server needs IE installed in order to use this agent.   This the case?  I would rather not have to install the GUI to run this health agent.

    Tuesday, July 21, 2015 9:26 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.

    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,

    Sadiqh

    Wednesday, July 22, 2015 7:33 AM
  • Hi,

    You are right. The agent is using ADAL to authenticate the user during registration, which requires IE. We are investigating the issue.


    Thanks -Varun Karandikar

    Wednesday, July 22, 2015 2:36 PM
  • You can get the Azure AD Connect Health Agent for AD FS working on Server Core installations.

    However, you can’t configure it, when using a privileged Azure Active Directory account that has multi-factor authentication enforced.

    After installing and configuring, run the Register-AzureADConnectHealthADFSAgent Cmdlet with  -Credential to avoid the dependency on the Azure Active Directory Authentication Libraries (ADAL) and Internet Explorer's IEFRAME.dll. 

    More information can be found here.

    Friday, February 9, 2018 8:47 AM