HybridSynchronizationActiveDirectoryCredentialValidationFailure

Michal Ziemba 221

Hi, I have used the SuccessFactors to Active Directory User Provisioning service and at first everything worked OK, but when the server with the agent has been restarted I cannot provision users anymore. When doing provision on demand, I got the following error: > Failed to connect to the application provisioning service > Error code > HybridSynchronizationActiveDirectoryCredentialValidationFailure > Error message > While attempting to validate our authorization to access your application, we received this unexpected response: An invalid response was received during an attempt to communicate with the on-premises directory. Please follow the documented troubleshooting steps to ensure that the on-premises agents are installed and healthy Please check the service. The provisioning agent status is green (active) when checking in Azure AD and the service is up and running on-prem without problems. Do ou know what could be wrong? ![199999-11.png][1] ![200042-222.png][2] [1]: /api/attachments/199999-11.png?platform=QnA [2]: /api/attachments/200042-222.png?platform=QnA

Givary-MSFT 28,406 Reputation points Microsoft Employee

2022-05-09T06:58:42.3+00:00

anonymous user

Thank you for reaching out to us. As I understand you are facing issues with the application provisioning service. From the question I see the error is generic "HybridSynchronizationActiveDirectoryCredentialValidationFailure" .

Wanted to check if we can review the provisioning logs, share any correlation id/activity id to understand the issue in detailed ?
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-provisioning-logs?context=azure%2Factive-directory%2Fmanage-apps%2Fcontext%2Fmanage-apps-context

Also wanted to check was this setup working before or new configuration ?

Let me know if you have any further questions.
Michal Ziemba 221 Reputation points

2022-05-09T08:22:54.137+00:00

Hi, The issue started after the initial synced had been done with success. There are no failures in the provisioning logs, only skips for accounts that are not in scope. But as I see no new accounts have been provisioned as I adjusted the scope. I am testing in the test environment, so I can start all from scratch, but I thought it would be a nice opportunity to catch the error and see the reason as I couldn't find it documented. /Mike ![200157-333.png][1] [1]: /api/attachments/200157-333.png?platform=QnA
Martin Berton 6 Reputation points

2022-05-09T09:23:17.483+00:00

I have exactly the same error. Started in the afternoon on friday (6 may 2022). Before that everything worked fine.
My setup is in production so I don't have the luxury to start from scratch.
As far as I know nothing in the configuration or the server changed when the problem started.
Travis Ross 11 Reputation points

2022-05-09T14:48:29.94+00:00

Same here. Same error and started at the same time.
nk 6 Reputation points

2022-05-09T15:08:52.92+00:00

I am also experiencing this issue, began also on 06 May.
AD Connect 1.6.16.0 on 2012 R2.

Wondering if this is only affecting the older client on 2012 R2 since it doesn't seem wide spread?
Givary-MSFT 28,406 Reputation points Microsoft Employee

2022-05-09T16:32:37.633+00:00

anonymous user @Martin Berton @Travis Ross

Apologies for the inconvenience, I have informed our engineering team, they are investigating on the same.
Will keep you posted if there is any update from them.
Chetan Desai 971 Reputation points Microsoft Employee

2022-05-09T21:12:49.563+00:00

anonymous user @Martin Berton @Travis Ross
Just got an update from engineering that the issue should be resolved now. Can you re-test and confirm is provisioning on demand is working as expected? If you still see an error, please share the provisioning job ID and we will take a look.
Travis Ross 11 Reputation points

2022-05-09T21:21:19.743+00:00

Mine is working again. Thank you!
nk 6 Reputation points

2022-05-09T22:44:21.933+00:00

Mine is working again.
Givary-MSFT 28,406 Reputation points Microsoft Employee

2022-05-10T02:48:24.353+00:00

anonymous user @Martin Berton

Just wanted to follow up to check whether issue related to provisioning has been resolved for you or not.

If you still see an error, please share the provisioning job ID and we will take a look.
Martin Berton 6 Reputation points

2022-05-10T06:29:06.573+00:00

Yes now it is working! Thank you for the fast fix.
Michal Ziemba 221 Reputation points

2022-05-11T08:46:17.157+00:00

It is working now. Thank you.
VIQAR HUSSAIN 1 Reputation point

2022-06-08T03:18:28.497+00:00

It would be good to understand what changes Microsoft will perform to prevent re-occurrence ? Is it possible for you to provide
me the preventive actions

Accepted answer

Givary-MSFT 28,406 Reputation points Microsoft Employee

2022-05-16T16:54:44.953+00:00

anonymous user

Issue summary/Resolution:

Issue details: Use provision on demand for AD inbound operations from Success factor, failing with the following error as mentioned in the query HybridSynchronizationActiveDirectoryCredentialValidationFailure. After you reporting this issue, multiple customers reported similar issue on this post, engaged engineering team to investigate further, the root cause was we did a code refactoring, causing HR to AD provisioning jobs cannot apply domain setting during job initialization and fail to connect to target system in on demand provisioning scenario. however immediately our team investigated the same and fixed the issue.

Soon after user provisioning on demand started working as expected, thank you for your patience and understanding throughout this issue.

Let me know if you have any further questions.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
Please sign in to rate this answer.
VIQAR HUSSAIN 1 Reputation point

2022-06-07T17:45:54.24+00:00

It would be good to understand what changes Microsoft will perform to prevent re-occurrence ?
Sign in to comment

HybridSynchronizationActiveDirectoryCredentialValidationFailure

0 additional answers