Unable to install the Synchronization Service. Unknown Error (0x80005000)

Geert 116 Reputation points
2020-04-15T20:34:07.977+00:00

See SyncEngine Error log below.

When installing ADConnect (Customize), the setup stops by declaring the message from this question title:
Unable to install the Synchronization Service. Unknown Error (0x80005000). Please see the Application and System event logs for additional details.

What i have tried so far:

  • Reinstalling ADConnect
  • Disabling AV (ESET File Security)
  • Because of some errors in the System log (Error 7041) regarding the AAD_ user not having the required user right "Log on as a service" i have added the AAD_xxx user by the Local Security Settings (Secpol.msc). After that the ADSync service is starting, but still i receive the error above.
  • After that i have altert the permissions on the Runtimebroker service in regedit because of a distributedCOM error 10016. After that, still no luck, the same error appears.
  • It looks like the issue is triggert by the warning 905 (see log below) GetPrincipal: Specified sync service account DUMMYDOMAIN\AAD_c8407d62849f could not be validated using the credentials of the current user. Attempting to perform the validation using DUMMYDOMAIN\AAD_c8407d62849f as credentials.
  • After that: GetPrincipalBySamAccountName: Failed to find the principal associated with DUMMYDOMAIN. Unexpected exception: Unknown error (0x80005000) occurs.

What am i missing here.
We have installed ADConnect on DC's often enough, without any issues.
The OS is: Windows Server 2016 Standard edition

Please advise.

AzureActiveDirectorySyncEngine Verbose: 903 : ==========================================================================
AzureActiveDirectorySyncEngine Verbose: 903 : Sync Engine install Starting: 04/15/2020 22:00:51
AzureActiveDirectorySyncEngine Verbose: 903 : ==========================================================================
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence, InstallationIdentifier, {NULL})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:c8407d62849f49b6abb8baa1f01ca095
AzureActiveDirectorySyncEngine Verbose: 903 : Initializing the installation task...
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence\CurrentVersion, InstallationIdentifier, c8407d62849f49b6abb8baa1f01ca095)
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetStringValue
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\MSOLCoExistence\CurrentVersion, InstallationPath, C:\Program Files\Microsoft Azure AD Sync)
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetStringValue
AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 1/4: Microsoft SQL Server Express LocalDB...
AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Express LocalDB......
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{72b030ed-b1e3-45e5-ba33-a1f5625f2b93})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{72b030ed-b1e3-45e5-ba33-a1f5625f2b93}, DisplayVersion, {NULL})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.4.7469.6
AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Express LocalDB is already installed. Target version = 11.4.7469.6, Installed version = 11.4.7469.6
AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Express LocalDB.... Duration: 0.177 sec.
AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 2/4: Microsoft SQL Server Native Client...
AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Native Client......
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{9d93d367-a2cc-4378-bd63-79ef3fe76c78})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{9d93d367-a2cc-4378-bd63-79ef3fe76c78}, DisplayVersion, {NULL})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.4.7462.6
AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Native Client is already installed. Target version = 11.4.7001.0, Installed version = 11.4.7462.6
AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Native Client.... Duration: 0.083 sec.
AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 3/4: Microsoft SQL Server Command Line Utilities...
AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Microsoft SQL Server Command Line Utilities......
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::DoesRegistrySubKeyExist(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{89ca7913-f891-4546-8f55-355338677fe6})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::DoesRegistrySubKeyExist:True
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::GetStringValue(HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{89ca7913-f891-4546-8f55-355338677fe6}, DisplayVersion, {NULL})
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::GetStringValue:11.4.7001.0
AzureActiveDirectorySyncEngine Information: 904 : An equal or higher version of Microsoft SQL Server Command Line Utilities is already installed. Target version = 11.4.7001.0, Installed version = 11.4.7001.0
AzureActiveDirectorySyncEngine Information: 904 : Finished: Installing the Microsoft SQL Server Command Line Utilities.... Duration: 0.041 sec.
AzureActiveDirectorySyncEngine Verbose: 903 : Starting the installation task 4/4: Synchronization Service...
AzureActiveDirectorySyncEngine Information: 904 : Starting: Installing the Synchronization Service......
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetBooleanValue(HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\services\ADSync\Parameters, LocalDBKeepAlive, True)
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetBooleanValue
AzureActiveDirectorySyncEngine Information: 904 : Starting: Creating a service account for the Synchronization Service to use...
AzureActiveDirectorySyncEngine Verbose: 903 : An object with samAccountName 'AAD_c8407d62849f' already exists.
AzureActiveDirectorySyncEngine Information: 904 : Starting: Setting password for the Synchronization Service's service account...
AzureActiveDirectorySyncEngine Information: 904 : Finished: Setting password for the Synchronization Service's service account. Duration: 2.539 sec.
AzureActiveDirectorySyncEngine Information: 904 : Finished: Creating a service account for the Synchronization Service to use. Duration: 3.185 sec.
AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount: Using auto-generated User Account AAD_c8407d62849f
AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService:
AzureActiveDirectorySyncEngine Verbose: 903 : TryStopAndDeleteBootstrapService.
AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService.
AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService completed successfully.
AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService: EventLog.CreateEventSource caught expected exception. Details System.ArgumentException: Source ADSyncBootstrap already exists on the local computer.
at System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData)
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.CreateBootstrapService(SyncServiceAccount syncServiceAccount)
AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService: completed successfully.
AzureActiveDirectorySyncEngine Verbose: 903 : GetPrincipal: MachineName = DC01 DomainName = DOMMYDOMAIN, isLocalMachineAccount=False, isDomainController=True, IsManagedServiceAccount=False.
AzureActiveDirectorySyncEngine Warning: 905 : GetPrincipal: Specified sync service account DOMMYDOMAIN\AAD_c8407d62849f could not be validated using the credentials of the current user. Attempting to perform the validation using DUMMYDOMAIN\AAD_c8407d62849f as credentials.
AzureActiveDirectorySyncEngine Error: 906 : GetPrincipalBySamAccountName: Failed to find the principal associated with DOMMYDOMAIN. Unexpected exception: Unknown error (0x80005000)
AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:InstallCore - Caught unexpected exception. Details System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.AccountManagementAdapter.TypeDependencies.GetPrincipalByIdentity(PrincipalContext principalContext, IdentityType identityType, String identityValue)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.AccountManagementAdapter.GetPrincipalBySamAccountName(String principalSamAccountName, Boolean throwOnException)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.GetPrincipal(Boolean isDomainController, AccountManagementAdapter localAccountManagementAdapter, AccountManagementAdapter& domainAccountManagementAdapter)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.ResolveSid(Boolean isDomainController)
at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
AzureActiveDirectorySyncEngine Error: 906 : SyncServiceAccount:RemoveAccountRights - no SidString available
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetBooleanValue(HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\services\ADSync\Parameters, LocalDBKeepAlive, False)
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetBooleanValue
AzureActiveDirectorySyncEngine Verbose: 903 : RestartBootstrapService:
AzureActiveDirectorySyncEngine Verbose: 903 : RestartBootstrapService: completed successfully.
AzureActiveDirectorySyncEngine Error: 906 : Unknown error (0x80005000)

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,570 questions
0 comments
Accepted answer
  1. Geert 116 Reputation points
    2021-01-13T21:08:09.327+00:00

    I have found te problem and resolved the issue.
    There was a OU in Active Directory witch was called; Computers/Laptops.
    The forward slash (/) is allso used in the LDAP Query when querying the AAD user credentials, and this makes the Query broken.
    For some reason i did not realize that an faulty OU allso could be the problem.
    marileeturscak mentioned a "invalid character" and i did looked for it in groups, and users, but not in OU's.

    So now the problem is finally fixed.

    I hope this spares you a lot of work, when you run into the same error.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Geert 116 Reputation points
    2020-12-01T15:28:36.35+00:00

    I've had contact with Microsoft. They are examining the issue. I will update to this post, when things have been changing.

    1 person found this answer helpful.
    0 comments
  2. Marilee Turscak-MSFT 34,121 Reputation points Microsoft Employee
    2020-05-04T19:10:14.827+00:00

    Hi @Geert ,

    I'm sorry to hear that you are having this problem!

    Usually this error means that the Azure Active Directory Sync Tool Configuration Wizard cannot configure the domain.

    From the troubleshooting guide:

    To resolve this problem, make sure that all domain controllers are running in a healthy state. To determine which domain or domain controller is causing the problem, follow these steps:

    On the server on which the Azure Active Directory Sync Tool is installed, start Windows PowerShell.

    Run the following commands: 

    $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().domains   
$Forest   
Examine the information in the output.

    In the following example, the dev.contoso.com domain is unreachable. You can determine this because information about the domain is missing in the output, as in the following example. 

    Forest                  : contoso.com  
DomainControllers       : {ContosoDC01.contoso.com}  
Children                : {dev.contoso.com}  
DomainMode              : Windows2008R2Domain  
Parent                  :  
PdcRoleOwner            : ContosoDC01.contoso.com  
RidRoleOwner            : ContosoDC01.contoso.com  
InfrastructureRoleOwner : ContosoDC01.contoso.com   
Name                    : contoso.com  
   
Forest                  :  
DomainControllers       :  
Children                :  
DomainMode              :  
Parent                  :  
PdcRoleOwner            :  
RidRoleOwner            :  
InfrastructureRoleOwner :  
Name                    : dev.contoso.com

    Most likely, the domain controller that's hosting the domain is not running or is not in the network.

    This error can also happen if there is an invalid character in an attribute on premises. This can be anything from an unsupported character to an extra space in a UPN name. If that is the case, this will be a more difficult fix and we may need to troubleshoot further. If the problem persists, you can send my an email at AzCommunity@microsoft.com and we can troubleshoot further.

    0 comments
  3. Geert 116 Reputation points
    2020-05-07T07:47:47.267+00:00

    Hi Marilee,

    Thank you for your time.
    This we have allready checked. The domain is behaving as expected.

    We allso tried:

    • Install on a App Server, but than it states that a connection to the domain controller is not possible (see attached screenshot).
    • New server in the domain (not DC) to install ADSync on, but than it also states that a connection to the domain controller is not possible (see attached screenshot).

    Now we are trying, promoting a second DC, to check if install on that machine is possible.