question

KrgerPhilipp-6883 avatar image
0 Votes"
KrgerPhilipp-6883 asked ZollnerD edited

AD Connect Agent inactiv

Hello All,

my Agents for the Azure AD Connect are inactiv, the Installation was succesfull but the Agent wont work.

I have some Error in the Trace on the AD Domain Controller:
AADConnectProvisioningAgent.exe Error: 0 : Unable to initialize metrics collector, exception: 'System.UnauthorizedAccessException: Der Zugriff auf den Registrierungsschlüssel "Global" wurde verweigert.
bei Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
bei Microsoft.Win32.RegistryKey.InternalGetValue(String name, Object defaultValue, Boolean doNotExpand, Boolean checkSecurity)
bei Microsoft.Win32.RegistryKey.GetValue(String name)
bei System.Diagnostics.PerformanceMonitor.GetData(String item)
bei System.Diagnostics.PerformanceCounterLib.GetPerformanceData(String item)
bei System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
bei System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
bei System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
bei System.Diagnostics.PerformanceCounter.InitializeImpl()
bei System.Diagnostics.PerformanceCounter.Initialize()
bei System.Diagnostics.PerformanceCounter.NextSample()
bei System.Diagnostics.PerformanceCounter.NextValue()
bei Microsoft.ApplicationProxy.Connector.Diagnostics.ConnectorMetricsCollector..ctor()'
ThreadId=9
DateTime=2021-06-01T11:32:49.0784318Z
AADConnectProvisioningAgent.exe Error: 0 : Unable to initialize performance counters, exception: 'System.InvalidOperationException: Der angeforderte Leistungsindikator muss als ReadOnly initialisiert werden, da er nicht benutzerdefiniert ist.
bei System.Diagnostics.PerformanceCounter.InitializeImpl()
bei System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
bei Microsoft.ApplicationProxy.Connector.Diagnostics.PerformanceCountersManager..ctor()'
ThreadId=9
DateTime=2021-06-01T11:32:49.4690495Z

Any Ideas???

Best regards,
Philipp Krüger

azure-ad-cloud-provisioning
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KrgerPhilipp-6883 the logs files located at C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace. will provide more information on this, can you help with that ?

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@KrgerPhilipp-6883 Thanks for reaching out and sharing the logs.

From the logs files it seems that the service is trying to make a IP bound connection to Microsoft IP : 51.137.23.232 and not getting any response.
You might be hardcoding this IP in your firewall to allow certain IPs only from MS.

As a troubleshooting step, you can involve your networking team to find a test machine where full internet access is allowed and then take a network trace of a working agent and see which all IP its communicates to, if there is a DNS name, I would suggest use the URL filtering rather than IP based.

Once you have the results you can then implement the correct rules on current server.
You can also open a support case with us - Microsoft Azure AD team to help find you same.


If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.