Troubleshooting

Troubleshooting » Troubleshoot: Azure AD Connect install issues

Password sync: Troubleshoot Azure AD Connect install issues

 

Errors in the wizard

The following issues are the most common errors you encounter in the Azure AD Connect installation wizard:

  1. The installation wizard has not been correctly configured

    When the installation wizard hasn't been correctly configured and it cannot reach the proxy, this error appears. Follow these steps to check proxy connectivity.

  2. Unable to validate credentials. An unexpected error has occurred. Unable to connect to the remote server.

    • If this error appears, verify if the machine.config has been correctly configured.
    • If that looks correct, follow these steps to check if the issue is present outside the wizard as well.
  3. The MFA endpoint cannot be reached

    This error appears if the endpoint https://secure.aadcdn.microsoftonline-p.com cannot be reached and your Global Admin has enabled MFA. To prevent this error, verify if the endpoint has been added to the proxy.

  4. The password cannot be verified

    If the installation wizard is successful in connecting to Azure AD, but the password cannot be verified you see this error.

The username or password is incorrect. Verify your username, and then type your password again.

Setting up Azure AD Connect installation is a complex process. Its configuration and troubleshooting involves multiple steps and commands. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers the Password Synchronization feature to synchronize passwords between AD and Azure AD. Enabling this feature involves minimal steps as listed below.

Prerequisites

Before you configure password synchronization for Office 365 or Azure, you need to install the Windows Azure AD module for Windows PowerShell on the server in which ADSelfService Plus is deployed.

Important: Install the Password Sync Agent to synchronize native password changes and resets.

Important : Install the Password Sync Agent to synchronize native password changes and resets.

  • Log into ADSelfService Plus admin console.
  • Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add New Application.
  • Select the Office 365 / Azure accounts application.
  • Enter the Application Name and Description.
  • Enter the Domain name of your Office 365 / Azure account
  • In the Assign Policies field, select the policies for which password sync need to be enabled.

Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Only user accounts that come under these policies can have their passwords synchronized with Azure AD.

  • Select Enable Password Sync.
  • Enter the Username and Password of Office 365 / Azure account
  • Click Add Application.

Benefits of password synchronization using ADSelfService Plus:

  • Password synchronization with major enterprise applications including Azure AD/Office 365, AD LDS, Salesforce.
  • Synchronize custom password policies created using the Password Policy Enforcer feature.
  • Synchronize native password resets made from the the Active Directory Users and Computers console and password changes made in the Ctrl+Alt+Del screen.
  • Enable password synchronization for users belonging to specific OUs and groups.

Simplify password management with ADSelfService Plus.

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.