Home / Game / history of facebook

History of facebook

admin - 09/12/2022 73

Troubleshoot connectivity issues in the installation wizard

Azure AD Connect uses the MSAL library for authentication. The installation wizard & the sync engine proper require machine.config khổng lồ be properly configured since these two are .NET applications.

Note

Azure AD Connect v1.6.xx.x uses the ADAL library. The ADAL library is being deprecated and tư vấn will over in June 2022. fordassured.vn recommends that you upgrade khổng lồ the latest version of Azure AD Connect v2.

In this article, we show how Fabrikam connects lớn Azure AD through its proxy. The proxy vps is named fabrikamproxy và is using port 8080.

First we need khổng lồ make sure machine.config is correctly configured and fordassured.vn Azure AD Sync service has been restarted once after the machine.config tệp tin update.

Note

In some non-fordassured.vn blogs, it is documented that changes should be made to miiserver.exe.config instead. However, this tệp tin is overwritten on every nâng cấp so even if it works during initial install, the system stops working on first upgrade. For that reason, the recommendation is to lớn update machine.config instead.

The proxy vps must also have the required URLs opened. The official các mục is documented in Office 365 URLs và IP address ranges.

Of these URLs, the following table is the absolute bare minimum to lớn be able lớn connect to lớn Azure AD at all. This danh sách does not include any optional features, such as password writeback, or Azure AD Connect Health. It is documented here to lớn help in troubleshooting for the initial configuration.

URLPortDescription

mscrl.fordassured.vn.com	HTTP/80	Used to tải về CRL lists.
*.verisign.com	HTTP/80	Used to download CRL lists.
*.entrust.net	HTTP/80	Used to download CRL lists for MFA.
.management.core.windows.net (Azure Storage).graph.windows.net (Azure AD Graph)	HTTPS/443	Used for the various Azure services
secure.aadcdn.fordassured.vnonline-p.com	HTTPS/443	Used for MFA.
*.fordassured.vnonline.com	HTTPS/443	Used lớn configure your Azure AD directory & import/export data.
*.crl3.digicert.com	HTTP/80	Used khổng lồ verify certificates.
*.crl4.digicert.com	HTTP/80	Used khổng lồ verify certificates.
*.ocsp.digicert.com	HTTP/80	Used to verify certificates.
*.www.d-trust.net	HTTP/80	Used khổng lồ verify certificates.
*.root-c3-ca2-2009.ocsp.d-trust.net	HTTP/80	Used khổng lồ verify certificates.
*.crl.fordassured.vn.com	HTTP/80	Used lớn verify certificates.
*.oneocsp.fordassured.vn.com	HTTP/80	Used khổng lồ verify certificates.
*.ocsp.msocsp.com	HTTP/80	Used lớn verify certificates. Xem thêm: Bisacodyl Là Thuốc Bisacodyl, Công Dụng & Liều Dùng Hello Bacsi

Errors in the wizard

The installation wizard is using two different security contexts. On the page Connect to Azure AD, it is using the currently signed in user. On the page Configure, it is changing to the tài khoản running the service for the sync engine. If there is an issue, it appears most likely already at the Connect to lớn Azure AD page in the wizard since the proxy configuration is global.

The following issues are the most common errors you encounter in the installation wizard.

The installation wizard has not been correctly configured

This error appears when the wizard itself cannot reach the proxy.

A fordassured.vn trương mục is used

If you use a fordassured.vn account rather than a school or organization account, you see a generic error.

The MFA endpoint cannot be reached

This error appears if the endpoint https://secure.aadcdn.fordassured.vnonline-p.com cannot be reached và your Hybrid Identity Administrator has MFA enabled.

If you see this error, verify that the endpoint secure.aadcdn.fordassured.vnonline-p.com has been added to the proxy.

The password cannot be verified

If the installation wizard is successful in connecting to Azure AD, but the password itself cannot be verified you see this error:

Is the password a temporary password và must be changed? Is it actually the correct password? Try khổng lồ sign in to https://login.fordassured.vnonline.com (on another computer than the Azure AD Connect server) and verify the tài khoản is usable.

Verify proxy connectivity

To verify if the Azure AD Connect hệ thống has actual connectivity with the Proxy & Internet, use some PowerShell khổng lồ see if the proxy is allowing website requests or not. In a PowerShell prompt, run Invoke-WebRequest -Uri https://adminwebservice.fordassured.vnonline.com/ProvisioningService.svc. (Technically the first call is to https://login.fordassured.vnonline.com & this URI works as well, but the other URI is faster khổng lồ respond.)

PowerShell uses the configuration in machine.config to liên hệ the proxy. The settings in winhttp/netsh should not impact these cmdlets.

If the proxy is correctly configured, you should get a success status:

If you receive Unable lớn connect khổng lồ the remote server, then PowerShell is trying to make a direct call without using the proxy or DNS is not correctly configured. Make sure the machine.config file is correctly configured.

If the proxy is not correctly configured, you get an error:

ErrorError TextComment

403	Forbidden	The proxy has not been opened for the requested URL. Revisit the proxy configuration & make sure the URLs have been opened.
407	Proxy Authentication Required	The proxy vps required a sign-in and none was provided. If your proxy hệ thống requires authentication, make sure to lớn have this setting configured in the machine.config. Also make sure you are using domain accounts for the user running the wizard & for the service account.

Proxy idle timeout setting

When Azure AD Connect sends an export request to lớn Azure AD, Azure AD can take up lớn 5 minutes to lớn process the request before generating a response. This can happen especially if there are a number of group objects with large group memberships included in the same export request. Ensure the Proxy idle timeout is configured khổng lồ be greater than 5 minutes. Otherwise, intermittent connectivity issue with Azure AD may be observed on the Azure AD Connect server.

The communication pattern between Azure AD Connect và Azure AD

If you have followed all these preceding steps & still cannot connect, you might at this point start looking at network logs. This section is documenting a normal and successful connectivity pattern. It is also listing common red herrings that can be ignored when you are reading the network logs.

There are calls khổng lồ https://dc.services.visualstudio.com. It is not required khổng lồ have this URL mở cửa in the proxy for the installation to succeed và these calls can be ignored.You see that dns resolution lists the actual hosts to be in the DNS name space nsatc.net and other namespaces not under fordassured.vnonline.com. However, there are not any website service requests on the actual vps names and you vày not have to địa chỉ cửa hàng these URLs to lớn the proxy.The endpoints adminwebservice and provisioningapi are discovery endpoints & used to find the actual endpoint to lớn use. These endpoints are different depending on your region.

Reference proxy logs

Here is a dump from an actual proxy log và the installation wizard page from where it was taken (duplicate entries lớn the same endpoint have been removed). This section can be used as a reference for your own proxy và network logs. The actual endpoints might be different in your environment (in particular those URLs in italic).

Connect to lớn Azure AD

Configure

Initial Sync

Authentication errors

This section covers errors that can be returned from ADAL (the authentication library used by Azure AD Connect) và PowerShell. The error explained should help you in understand your next steps.