none
Azure Active Directory Connect - ADFS 2016, this cmdlet cannot be executed from a secondary server

    Question

  • We are trying to upgrade Microsoft Azure Active Directory Connect, but we've got stuck at the "Create Federated AAD Trust" step.

    AD Connect is reporting:

    [12:39:56.822] [  8] [ERROR] PS0033: This cmdlet cannot be executed from a secondary server in a local database farm.  The primary server is presently: primaryadfs.domain.com. To execute management cmdlets, either log onto the primary server or connect using PowerShell remoting.  For more information see http://go.microsoft.com/fwlink/?LinkId=294129.
    Exception Data (Raw): System.Management.Automation.RemoteException: PS0033: This cmdlet cannot be executed from a secondary server in a local database farm.  The primary server is presently: primaryadfs.domain.com. To execute management cmdlets, either log onto the primary server or connect using PowerShell remoting.  For more information see http://go.microsoft.com/fwlink/?LinkId=294129.
       at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
       at System.Management.Automation.PowerShell.CoreInvokeRemoteHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
       at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
       at Microsoft.Online.Deployment.Types.Utility.MsolDomainExtensions.GetMicrosoftOnlineRelyingPartingTrust(IPowerShell powerShell)
       at Microsoft.Online.Deployment.Types.Utility.MsolDomainExtensions.IsSupportMultipleDomainEnabled(String hostname, String usernameAdfs, SecureString passwordAdfs)
       at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.IsSupportMultipleDomain(String primaryAdfsHostName)
       at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.ConfigureSelectedDomain(IPowerShell powerShell, String domainName, String primaryAdfsHostName)
       at Microsoft.Online.Deployment.PSModule.Tasks.AAD.CreateFederatedAADTrustTask`1.Execute()
       at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()

    I know what this error is - you can only run ADFS PS commands on the primary ADFS server, and we aren't installing AD Connect on our primary ADFS server.  But i have no idea how to get the upgrade to finish as I can't get to the commands its trying to run and make them use remote sessions, or run the commands manually.

    Presumably this is a bug in AD Connect with Server 2016/ADFS 2016, as i haven't had this issue before.

    Does anyone have any ideas on a workaround?

    Thanks!

    Friday, March 3, 2017 1:31 PM

Answers

  • Hi Sjoukje,

    We ended up reinstalling Windows/installing AD Connect.  We just couldn't get the upgrade to work.

    Thanks for checking

    • Marked as answer by DJL Thursday, March 16, 2017 9:19 PM
    Thursday, March 16, 2017 9:19 PM

All replies

  • Hi DJL,

    is this still an issue for you?


    Regards, Sjoukje

    Please remember to click 'Mark as Answer' on the post that helps you.

    Thursday, March 16, 2017 12:08 PM
    Moderator
  • Hi Sjoukje,

    We ended up reinstalling Windows/installing AD Connect.  We just couldn't get the upgrade to work.

    Thanks for checking

    • Marked as answer by DJL Thursday, March 16, 2017 9:19 PM
    Thursday, March 16, 2017 9:19 PM
  • Great to hear your problem was solved! Thanks for the update.

    Regards, Sjoukje

    Please remember to click 'Mark as Answer' on the post that helps you.

    Friday, March 17, 2017 11:03 AM
    Moderator