question

GranvilleGayle-5493 avatar image
0 Votes"
GranvilleGayle-5493 asked GilbertoFerreiraBraga-8722 answered

Azure AD Connect Error - ArgumentOutOfRangeException: Index was out of range

I am trying to install Azure Ad Connect version 1.5.45.0 on a Windows 2016 Active Directory Server (upgraded windows 2000 domain). The domain is 'local' and am getting the following error: ![77822-image.png][1] [1]: /answers/storage/attachments/77822-image.png The error log shows the following: [07:51:38.084] [ 19] [INFO ] SyncDataProvider: Calling refresh schema on connector local [07:51:47.685] [ 19] [ERROR] ConfigSyncDirectoriesPage: Caught exception while creating the connector for directory: local. Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2021-03-15 12:51:47.338</date><server>local</server><cd-error><error-code>1355</error-code> <error-literal>The specified domain either does not exist or could not be contacted.</error-literal> </cd-error></incident></error></error> ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2021-03-15 12:51:47.338</date><server>local</server><cd-error><error-code>1355</error-code> <error-literal>The specified domain either does not exist or could not be contacted.</error-literal> </cd-error></incident></error></error> at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchemaFromDirectory(Connector connector, Boolean commit) and [07:51:47.697] [ 20] [INFO ] Page transition from "Connect Directories" [ConfigSyncDirectoriesPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel] [07:51:47.699] [ 20] [ERROR] RootWizardPageViewModel: An unhandled exception occurred during a page load. Exception Data (Raw): System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.

azure-ad-connect
image.png (47.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, we are investigating your issue and will update you shortly.

Best,
James

0 Votes 0 ·
GilbertoFerreiraBraga-8722 avatar image
0 Votes"
GilbertoFerreiraBraga-8722 answered

Hi, I faced the same problem for days. And in my case it only worked as follows: Microsoft requests the use of 3 accounts (1 Global Admin from office365, 1 Enterprise Admin or Domain Admin from AD and another Common AD account). In the attempts all gave the same error, so I decided to add the common account in the Schema Admins group and it worked correctly. Sorry for my english, I'm using translator.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JeremyTruman-4779 avatar image
0 Votes"
JeremyTruman-4779 answered

I had to use another account. I was using an account with Enterprise Admin, Domain Admin and Schema Admin permissions and I received the error. Then I tried to use the local Admin account and it worked perfectly. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered GranvilleGayle-5493 commented

Hi @GranvilleGayle-5493 , This means that the AD connect server is not able to reach the Active directory domain controllers. This could be because of incorrect routing or because you have ports blocked on the network. Make sure traffic is allowed on ports documented at https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports#table-1---azure-ad-connect-and-on-premises-ad. You can also use port query to check or look for retransmits in a network trace.

If this answer helped you, please mark it as "Verified" so other users may reference it.

Thank you,
James

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am actually installing the Azure AD Connect client on a domain controller and I get the same error irrespective of the domain controller I install the client on. I have also turned off the firewall and no difference.

When I run the various AD checks using dcdiag no issues are presented and all the right results come back.

I am thinking that it has to do with the AD being named 'LOCAL' and not another FQDN such as 'DOMAIN.COM'

The xml error shown is as shown below:

Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2021-03-17 03:26:24.044</date><server>LOCAL</server><cd-error><error-code>1355</error-code>
<error-literal>The specified domain either does not exist or could not be contacted.</error-literal>
</cd-error></incident></error></error>

0 Votes 0 ·