Hi there,
we synchronize our users in our domain to Microsoft 365.
The synchronization of the users works perfectly. However, the majority of users cannot log into M365 with their password.
After a bit of research, I found out that the following error occurs with password hash synchronization:
Password Hash Synchronization agent is continuously getting failures for domain "my.bkrnet.de"
Please check 611 error events in the application event logs for details
The latest 611 error event for the domain "my.bkrnet.de" is generated at: 08/24/2021 08:44:45 UTC
Password Hash Synchronization agent is continuously getting RPC errors from domain "my.bkrnet.de"
Please setup reliable preferred domain controllers. Please see "Connectivity problems" section at https://go.microsoft.com/fwlink/?linkid=847231
Please check 611 error events in the application event logs for details
The latest RPC error event for the domain "my.bkrnet.de" is generated at: 08/24/2021 08:44:45 UTC
After checking the Event Viewer, it reveals that the error message 611 contains the following error:
Password hash synchronization failed for domain: my.bkrnet.de, domain controller hostname: bkr-idm1.my.bkrnet.de, domain controller IP address: 10.11.21.70. Details:
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8420 : The naming context was not found. There was an error calling IDL_DRSGetNCChanges.
bei Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnReplicateSingleObject(DsName directoryName)
bei Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.ReplicateSingleObject(Guid objectGuid, String distinguishedName)
bei Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.<>cDisplayClass55_0.<BuildPasswordBatch>b_1(IDrsConnection c)
bei Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
bei Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IEnumerable`1 changeObjects, IList`1& passwordChanges, IList`1& retryObjects)
bei Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IList`1 changeSetObjects)
bei Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()
bei Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
bei Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
bei Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.
<forest-info>
<partition-name>my.bkrnet.de</partition-name>
<connector-id>4192dfb8-5c6f-4201-8b3b-99974a11614a</connector-id>
</forest-info>
The settings from Azure AD Connect for user authentication is PTA with password hash synchronization.
The domain user for the settings has the necessary authorizations on the domain controller.
Unfortunately I can get with the error "RPC Error 8420: The naming context could not be found." do not start much. There are no other real reports on this error.
Regards
Simon
