I was recently working with a customer and ran into an issue with their Azure AD Sync server failing to complete the configuration with the following error:

Unable to establish a connection to the authentication service. Contact Technical Support.

We checked out the Application log and found the following

Log Name: Application

Source: Directory Synchronization

Date: 6/1/2015 11:44:30 AM

Event ID: 0

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Server.contoso.local

Description:

Unable to establish a connection to the authentication service. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support. (0x80048862)

Event Xml:

<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>

<System>

<Provider Name=”Directory Synchronization” />

<EventID Qualifiers=”0″>0</EventID>

<Level>2</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime=”2015-06-01T18:44:30.000000000Z” />

<EventRecordID>1324</EventRecordID>

<Channel>Application</Channel>

<Computer>Server.contoso.local</Computer>

<Security />

</System>

<EventData>

<Data>Unable to establish a connection to the authentication service. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support. (0x80048862)</Data>

</EventData>

</Event>

 

Log Name: Application

Source: AzureActiveDirectoryDirectorySyncTool

Date: 6/1/2015 11:44:30 AM

Event ID: 906

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Server.contoso.local

Description:

System.Management.Automation.CmdletInvocationException: Unable to establish a connection to the authentication service. Contact Technical Support. —> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Unable to establish a connection to the authentication service. Contact Technical Support.

at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.ValidateConfigurationParameters(Connector connector)

at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateConnector(Connector connector, Boolean validate)

at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet.ProcessRecord()

— End of inner exception stack trace —

at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePipeline(Pipeline pipeline)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.AddConnector(Connector connector)

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnectorCore()

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.<>c__DisplayClass1.<CreateOrUpdateConnector>b__0()

at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnector(IEnumerable`1 objectClassInclusions, IEnumerable`1 attributeNameInclusions, Boolean createRunProfile)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.UpdateConnector(HybridContext context, SynchronizationRuleTemplateEngine srTemplateEngine, BackgroundWorker backgroundWorker, String wizardPageName, String progressMsg, ConnectorAdapterBase connector, Boolean isNewConnector, Boolean updateInclusions, List`1 attributeExclusions)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.ApplyConfigurationCore(BackgroundWorker backgroundWorker)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.Controls.Wizards.ProgressReportingTaskViewModel.ExecuteAction(Action action, Boolean isProgressIndeterminate)

Event Xml:

<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>

<System>

<Provider Name=”AzureActiveDirectoryDirectorySyncTool” />

<EventID Qualifiers=”0″>906</EventID>

<Level>2</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime=”2015-06-01T18:44:30.000000000Z” />

<EventRecordID>1325</EventRecordID>

<Channel>Application</Channel>

<Computer>Server.contoso.local</Computer>

<Security />

</System>

<EventData>

<Data>System.Management.Automation.CmdletInvocationException: Unable to establish a connection to the authentication service. Contact Technical Support. —&gt; Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Unable to establish a connection to the authentication service. Contact Technical Support.

at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.ValidateConfigurationParameters(Connector connector)

at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateConnector(Connector connector, Boolean validate)

at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet.ProcessRecord()

— End of inner exception stack trace —

at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePipeline(Pipeline pipeline)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)

at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.AddConnector(Connector connector)

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnectorCore()

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.&lt;&gt;c__DisplayClass1.&lt;CreateOrUpdateConnector&gt;b__0()

at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)

at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnector(IEnumerable`1 objectClassInclusions, IEnumerable`1 attributeNameInclusions, Boolean createRunProfile)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.UpdateConnector(HybridContext context, SynchronizationRuleTemplateEngine srTemplateEngine, BackgroundWorker backgroundWorker, String wizardPageName, String progressMsg, ConnectorAdapterBase connector, Boolean isNewConnector, Boolean updateInclusions, List`1 attributeExclusions)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.ApplyConfigurationCore(BackgroundWorker backgroundWorker)

at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.Controls.Wizards.ProgressReportingTaskViewModel.ExecuteAction(Action action, Boolean isProgressIndeterminate)</Data>

</EventData>

</Event>

 

After some testing and troubleshooting, we believe this may have to do with the proxy that the customer has configured.

The general expectation is that the Azure AD Sync server is allowed access to the internet directly without the interference of a Proxy server.

You can find the IP address and URL whitelist here, however if there’s any outbound inspection in place than it may still not work unless you bypass the proxy.

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity

Specifically for Azure AD Sync, you’ll want to confirm the following

 

In addition, there is also a proxy workaround via a configuration file as documented here:

https://support.microsoft.com/en-us/kb/3013032

Find the following file:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

Add the following text:

<system.net>
<defaultProxy>
<proxy
usesystemdefault=”true”
proxyaddress=http://<PROXYIP>:80″
bypassonlocal=”true”
/>
</defaultProxy>
</system.net>

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>