none
Azure AD Connect Health - ADFS Agent Communication issues

    Question

  • Hello,

    Curious if anyone else is experiencing an issue similar to mine. I have 1 of 2 federation servers generating the following alert to AD Connect Health: 


    "The Health Agent(s) running on one or more servers is not connected to the Health Service and the Health Service is not receiving the latest data from this server. The last data processed by the Health Service is older than 2 Hours."

    These are Azure guests and are not proxied/restricted in their outbound communication, nor are they being NAT'd via Azure LoadBalancer. When I run Test-AzureADConnectHealthConnectivity -Role ADFS -ShowResult it receives a timeout against these endpoints: https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc and https://policykeyservice.dc.ad.msft.net/policymanager.svc.  Randomly, it will succeed once and fail again repeatedly (These two tests run back-to-back):

    Test-AzureADConnectHealthConnectivity -Role adfs -ShowResult
    Test-AzureADConnectHealthConnectivity completed successfully...
    
    Test-AzureADConnectHealthConnectivity's execution in details are as follows:
    Debug Trace: Starting Test-AzureADConnectHealthConnectivity ...
    
    Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
    Endpoint validation for https://login.microsoftonline.com is Successful.
    Endpoint validation for https://login.windows.net is Successful.
    Endpoint validation for https://secure.aadcdn.microsoftonline-p.com is Successful.
    Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
    Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
    Connectivity Test Step 1 of 3 - Testing dependent service endpoints completed successfully.
    
    Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
    Connectivity Test Step 2 of 3 - Blob data upload procedure completed successfully.
    
    Connectivity Test Step 3 of 3 - EventHub data upload procedure begins ...
    Connectivity Test Step 3 of 3 - EventHub data upload procedure completed successfully.
    
    Debug Trace: Test-AzureADConnectHealthConnectivity completed successfully...



    Test-AzureADConnectHealthConnectivity -Role adfs -ShowResult
    Test-AzureADConnectHealthConnectivity's execution in details are as follows:
    Debug Trace: Starting Test-AzureADConnectHealthConnectivity ...
    
    Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
    Endpoint validation for https://login.microsoftonline.com is Successful.
    Endpoint validation for https://login.windows.net is Successful.
    Endpoint validation for https://secure.aadcdn.microsoftonline-p.com is Successful.
    Unhandled exception occurred: System.Net.WebException: The operation has timed out
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestD
    ependentServiceEndpoints()
    Unhandled exception occurred: System.Net.WebException: The operation has timed out
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestD
    ependentServiceEndpoints()
       at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.Proce
    ssRecord()

    Re-registering does not resolve the issue, although the logs say it registered fine. Everything else aside, I believe the agent is actually working as expected, but this is not how I want to leave the deployment.

    Thanks all

    The Health Agent(s) running on one or more servers is not connected to the Health Service and the Health Service is not receiving the latest data from this server. The last data processed by the Health Service is older than 2 Hours.

    The Health Agent(s) running on one or more servers is not connected to the Health Service and the Health Service is not receiving the latest data from this server. The last data processed by the Health Service is older than 2 Hours.

    The Health Agent(s) running on one or more servers is not connected to the Health Service and the Health Service is not receiving the latest data from this server. The last data processed by the Health Service is older than 2 Hours.

    The Health Agent(s) running on one or more servers is not connected to the Health Service and the Health Service is not receiving the latest data from this server. The last data processed by the Health Service is older than 2 Hours.


    Joseph A Scaravilli

    Monday, March 27, 2017 5:29 PM

All replies

  • Hi Joseph, 

    Can you send as an email to askaadconnecthealth@microsoft.com, to better assist you with this. In the email, can you please include your tenant name.

    Thanks,

    -Arturo

    Tuesday, April 11, 2017 3:18 PM
  • Hi Joseph,

    Did you ever get this resolved? I am experiencing the exact same behaviour in our Azure AD Connect (Sync) health agent.

    Kind regards,

    Patrick

    Friday, April 6, 2018 9:12 AM
  • @Patrick - I would suggest you to create a separate forum thread along with the AzureADConnectHealthConnectivity logs and elaborate your scenario.  

    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.

    Sunday, April 8, 2018 8:12 PM
    Moderator