question

HeErchuang-4202 avatar image
0 Votes"
HeErchuang-4202 asked HeErchuang-4202 commented

Microsoft Azure AD Connect installation problem

Excuse me, there is a problem about Microsoft Azure AD Connect installation.
The installation process is as follows:
1.Sign in as a local administrator to the server where install Azure AD Connect.
2.Find AzureADConnect.msi and double-click it.
3.On the Welcome screen, select the check box to accept the terms of the license and click Continue .
4.On the Easy Settings screen, click Use Easy Settings .
5.On the Connect to Azure AD screen, enter Azure AD global administrator username and password. Click Next .
6.On the Connect to AD DS screen, enter the user name and password for administrator account. Click Next .
7.Configuration of the Azure AD Sign In page.Custom field not validated.Select the check box at the bottom of the screen. Click Next .
8.On the Ready to configure screen, Click Install.

During the installation in step 8, an exception occurred. According to the prompt information on the installation screen,
System.Net.WebException had an exception and failed to parse 'login.microsoftonline.com',Azure AD Connect installation stopped.

Install environment:
Install OS environment:Windows 2019 GUI Server (Standard x64bit)
Microsoft Azure AD Connect Version:2.0.28.0
Internet:Normal access to other Internet servers
Install OS DNS:Finished with the correct settings
In addition, the attachment adds the installation log:[163792-trace-20211223-090323.log]


[1]: /answers/storage/attachments/163792-trace-20211223-090323.log

azure-ad-connect-health
trace-20211223-090323.log (184.0 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

sikumars avatar image
0 Votes"
sikumars answered HeErchuang-4202 commented

@HeErchuang-4202 ,

Looking at the attached logs file, it appears that Azure AD connect failed to establish outbound internet connectivity via device context for Authentication and the AdminWebService endpoint, as shown in the screenshot below:

163769-image.png

Are using any using an outbound proxy to connect to the internet? the above success response (200) may have come from the user context rather than device context, therefore request you to the following setting in the C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config file to update your outbound proxy details in case of outbound proxy using.

   <system.net>
         <defaultProxy>
             <proxy
             usesystemdefault="true"
             proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
             bypassonlocal="true"
             />
         </defaultProxy>
     </system.net>


In case if your proxy server requires authentication, the service account must be located in the domain. Use the customized settings installation path to specify a custom service account also the machine.config section should look like this:

 <system.net>
         <defaultProxy enabled="true" useDefaultCredentials="true">
             <proxy
             usesystemdefault="true"
             proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
             bypassonlocal="true"
             />
         </defaultProxy>
     </system.net>


Hope this helps.



image.png (111.5 KiB)
image.png (112.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HeErchuang-4202 avatar image HeErchuang-4202 ·

Thank you very much for your answer. I have modified the machine.config file and tried the above settings respectively, but the installation problem is still not solved.
Attached is the latest installation log.163807-trace-20211223-090323.log


0 Votes 0 ·
trace-20211223-090323.log (280.9 KiB)
ManuPhilip avatar image
1 Vote"
ManuPhilip answered HeErchuang-4202 commented

Check, if there is a firewall is blocking required connectivity/ports. Make sure that all the required ports are opened. Following reference will guide on opening the required ports:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports

· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars avatar image sikumars ·

Appreciate your contribution on Microsoft Q7A forum :)

0 Votes 0 ·
HeErchuang-4202 avatar image HeErchuang-4202 ·

Thank you very much for your answer. According to the URL "https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports" you suggested, I checked the port number problem. According to the actual environment test results, some port numbers are owned by other services. Since I installed AADC for the first time, could you please tell me which ports must be available during the installation process?

0 Votes 0 ·
ManuPhilip avatar image ManuPhilip HeErchuang-4202 ·

Coming back to the first comment. Have you checked, if the basic port requirements are met - 80, 443? Also see if you are able to establish connection to the urls mentioned in ID 56 here: urls-and-ip-address-ranges


0 Votes 0 ·
HeErchuang-4202 avatar image HeErchuang-4202 ManuPhilip ·

Thank you very much for your reply. I checked the usage of port numbers 80 and 443. From the results, it seems that ports 80 and 443 can be used, but the installation still fails.
The port number check result is uploaded to the attachment in the form of a picture.164203-portcheck.png


0 Votes 0 ·
portcheck.png (15.0 KiB)
sikumars avatar image
0 Votes"
sikumars answered HeErchuang-4202 commented

Thanks for reaching out.

As @ManuPhilip stated, this appears to be a connectivity issue; please confirm that the Azure AD Connect server has actual connectivity with the Proxy and Internet, and use PowerShell to determine if the proxy is accepting web requests or not. Run the following command in a PowerShell prompt:

Invoke-WebRequest -Uri https://login.microsoftonline.com/
Invoke-WebRequest -Uri https://adminwebservice.microsoftonline.com/ProvisioningService.svc

if the proxy is correctly configured, you should get a success status:

163835-image.png

Hope this helps.

Refer to the following link to lean more : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity#verify-proxy-connectivity

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (58.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HeErchuang-4202 avatar image HeErchuang-4202 ·

Thank you very much for your answer, access "https://login.microsoftonline.com/" and "https://adminwebservice.microsoftonline.com/ProvisioningService.svc" through powershell, the StatusCode are returned as 200

0 Votes 0 ·
ManuPhilip avatar image
0 Votes"
ManuPhilip answered HeErchuang-4202 commented

I suggest you to check if the requirements are met using the PowerShell Script found here
https://www.powershellgallery.com/packages/AADConnect-CommunicationsTest/4.2.1

As you are trying to install in a stand alone server, domain controller parameter (-DCs parameter) should be specified while running the script

If the Answer is helpful, please click "Accept Answer" and upvote it

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HeErchuang-4202 avatar image HeErchuang-4202 ·

Thank you very much for your answer. According to the prompts, I executed the operation of the installation script "AADConnect-CommunicationsTest.ps1" on powershell. After the installation was completed, the ".\AADConnect-CommunicationsTest.ps1 -AzureCredentialCheck -Network -DCs dc1" command was executed. Please refer to the attached log for the command execution result.163865-2022-01-11-aadconnectconnectivity.txt


0 Votes 0 ·
2022-01-11-aadconnectconnectivity.txt (1.8 KiB)
ManuPhilip avatar image ManuPhilip HeErchuang-4202 ·

As indicated in the logs shared, try installing MSOnline module and try once again
Install-Module MSOnline
Make sure that you are running the latest version of the script - 4.2.1

0 Votes 0 ·
HeErchuang-4202 avatar image HeErchuang-4202 ManuPhilip ·

Thank you very much for your answer, I installed the MSOnline module and executed the ".\AADConnect-CommunicationsTest.ps1 -AzureCredentialCheck -Network -DCs dc1" command again, the attachment is the command execution result log164080-2022-01-12-aadconnectconnectivity.txt


0 Votes 0 ·
2022-01-12-aadconnectconnectivity.txt (4.2 KiB)