"Exception has been thrown by the target of an invocation" with Directory Sync Configuration Wizard
You run the Azure Active Directory Sync tool Configuration Wizard after you install the Azure Active Directory Sync tool on a Windows Server 2012 Essentials server or a Windows Server 2012 R2 Essentials server. In this situation, you receive the following error message:
Exception has been thrown by the target of an invocation
Additionally, an event ID 0 that contains the following description is logged to the Application log in Event Viewer:
Resetting password for SERVERNAME\MSO_<nnnnnnnnnnn>
This issue occurs if Office 365 is integrated with a Windows Server 2012 Essentials server or with Windows Server 2012 R2 Essentials. In this scenario, a password filter is attached to the Local Security Authentication server (Lsass.exe) that enforces the following domain password policy:
- Passwords must contain 8–16 characters.
- Passwords cannot contain a space or a Microsoft Online Services account name.
Because of the password policy restrictions, the Azure Active Directory Sync tool Configuration Wizard cannot reset the password for the MSO_<nnnnnnnnnnn> service account.
The Azure Active Directory Sync tool is not supported in Windows Server Essentials.
Use the Windows Server Essentials Dashboard to manage Office 365. We also recommend that you uninstall the Azure Active Directory Sync tool from the server.
If, for any reason, you can't remove the Azure Active Directory Sync tool from the computer, disable Office 365 integration on the Windows Server Essentials Dashboard, and then restart the server. Doing this removes the password policy restrictions.
For more info about Windows Server Essentials and Office 365, see the following resources:
- Manage Office 365 in Windows Server Essentials
- How to create a service integration add-in for Windows Server Essentials Experience
- Manage online accounts for Windows Server Essentials users