Score:0

Quarantine status in Azure Active Directory sync

in flag

In January I installed AAD Cloud Sync Agent and it worked till the end of July. Checking Azure AD in the cloud the domain is in quarantine status and the installed agents list reports none. First question: was my agent, which worked for months, automatically removed from the list ?

Executing AAD Cloud Sync Agent Wizard again it reports the following error:

PowerShell: System.Net.WebException: Remote server error: (401) Unauthorized. in System.Net.HttpWebRequest.GetResponse() in Microsoft.ApplicationProxy.Connector.PSModule.OnpremisesPublishingOperations.ProcessRequestWithoutPayload(HttpWebRequest request) in Microsoft.ApplicationProxy.Connector.PSModule.GetPublishedResourceCommand.ProcessRecord() in System.Management.Automation.CommandProcessor.ProcessRecord()

The agent log is full of the following errors:

AADConnectProvisioningAgent.exe Error: 0 : Service bootstrap request failed with exception. Request Id: 'fa4d8a82-150a-4326-a556-ccf43b1a9f45', Error: 'System.ServiceModel.Security.MessageSecurityException: La richiesta HTTP non è autorizzata con lo schema di autenticazione client 'Anonymous'. Intestazione di autenticazione ricevuta dal server: ''. ---> System.Net.WebException: Errore del server remoto: (401) Non autorizzato. in System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) in System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)

It is not a TLS 1.2 problem because it is not mandatory yet. Admin AAD login has been verified. The public ip of AAD agent on premise may have changed, is it possible the requests fail because the ip is filtered ?

joeqwerty avatar
cv flag
Open a support case in your Office 365 tenant. It's completely free. They'll help you resolve the problem and you'll learn something in the process.
Score:0
br flag

"quarantine status" happens when usually there's a sync problem, which you need to manually address: https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-troubleshoot#provisioning-quarantined-problems

Not sure why the agent was removed from the list, it could be removed manually by someone else? check the tenant Audit Logs and hope you see something in the past 30 days.

Translating your error message to English:

'System.ServiceModel.Security.MessageSecurityException: The richest HTTP is not authorized with the schema of the 'Anonymous' client authentication. Intestazione di authenticazione ricevuta dal server: ''. ---> System.Net.WebException: Errore del remote server: (401) Non autorizzato.

Looks like the account you're using is not working or you're passing a proxy, check the user sign-in logs in Azure AD for more details and fix accordingly if it's an auth problem. If you see no data in the logs then then double check if you a have a proxy and configure that in your sync agent settings: https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-troubleshoot#agent-times-out-or-certificate-is-invalid

The Azure AD Cloud Sync agent doesn't store any configs locally, so if issue persists, uninstall it completely, review the prerequisites, and then perform a new deployment accordingly: https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-prerequisites

in flag
I removed the agent and installed its latest version, but I still had the connection errors. Then I followed Microsoft Support advice to update the server and finally I could see it in the agent list. Despite I have no more connection errors in tre log, the status is **Provisioning quarantined**, but it is another problem.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.