DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2684395 - Last Review: July 9, 2014 - Revision: 23.0

On This Page

INTRODUCTION

This article describes how to troubleshoot Microsoft Azure Active Directory Sync tool installation and Azure Active Directory Sync tool Configuration Wizard error messages. It discusses general troubleshooting procedures, lists error messages that may occur when you install or set up the Directory Sync tool, and contains information about how to resolve the issue.

PROCEDURE

General troubleshooting for Directory Sync tool installation and for Configuration Wizard issues

System requirements

 The Azure Active Directory Sync tool can be installed on a computer if all the following conditions are true: 
  • Windows PowerShell 1.0 is installed on the computer.
  • You are logged on to the computer as a member of the local Administrators group.
  • The computer has a 64-bit processor.
  • The computer is running one of the following operating systems:
    • Windows Server 2003 x64 with Service Pack 2 (SP2) or a later version
    • An x64-based version of Windows Server 2008
  • The computer isn't a domain controller.
  • The computer is joined to an Active Directory domain and is located in the forest that you want to sync with Azure Active Directory (Azure AD). 
  • The Microsoft .NET Framework 3.5 or a later version is installed on the computer.

Permissions

To start the Directory Sync tool Configuration Wizard successfully, users who log on to the computer on which the Directory Sync tool is installed must be a member of the local Microsoft Identity Integration Server (MIIS) Admins group that was added during installation of the tool.

When you run the Directory Sync tool Configuration Wizard, you must provide the following information:
  • Enterprise admin credentials for the on-premises Active Directory schema
  • Global admin credentials for the Microsoft cloud service

How to troubleshoot the "The computer must be joined to a domain" error message

To troubleshoot this error message, check the domain membership of the computer. To do this, follow these steps:
  1. Log on to the computer.
  2. Right-click My Computer, and then click Properties.
  3. Click the Computer Name tab. If the computer is a domain member, the Full Computer Name resembles ComputerName>.<Domain>.<xxx>. The domain name appears next to Domain.
If the computer is a domain member and you still receive the error message, you should verify that the computer can communicate with the domain and can discover the domain controller. To do this, follow these steps:
  1. Use the ipconfig command-line tool to check the Domain Name System (DNS) settings on the server.
  2. Confirm that you can ping the DNS server that's listed in the network properties on the problem computer.
  3. Run the nslookup command-line tool. If the DNS server is unreachable, you receive an error message. For example, you receive an error message that resembles the following:
    DNS request timed out.
    timeout was 2 seconds.
    *** Can't find server name for address 157.56.149.72: Timed out
    Default Server: UnKnown
    Address: 157.56.149.72
Sometimes, joining the computer to a workgroup and then joining the computer back to the domain may resolve this error message. If the computer can't join the domain, this indicates that the computer is experiencing an issue in contacting the domain controllers or that the Active Directory domain is rejecting the request.

Use the nltest tool

  • Run the Nltest command-line tool. To do this, type the following at the command prompt:
    Nltest /dsgetdc:<FQDN of the domain>

    Note The Nltest tool requires installation of the Windows Server 2003 Support Tools.

    If the settings are correct, you receive output that resembles the following:
    DC: \\DC.contoso.com
    Address: \\157.56.149.72
    Dom Guid: a3bd534c-19e9-4330-81ad-a8ee34cd7298
    Dom Name: contoso.com
    Forest Name: contoso.com
    Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE
    The command completed successfully
  • Run the following command to check the computer's site membership:
    nltest /dsgetsite
    A successful result resembles the following:
    Default-First-Site-Name
    The command completed successfully

How to troubleshoot the "The Azure Active Directory Sync Tool is already installed" error message

In this case, the Directory Sync tool may not be installed because of a previous pending installation. During installation, the Setup package also installs software in the background. To resolve this issue, follow these steps:
  1. In Control Panel, check whether Microsoft Identity Integration Server is listed in Add or Remove Programs or in Programs and Features. If it is present, you must remove it.
  2. Verify that the Program Files folder contains a subfolder that's named "Microsoft Identity Integration Server." If the subfolder exists, you must rename the folder to "Microsoft Identity Integration Server_Old."
  3. Run Setup again.

How to troubleshoot additional error messages

All directory synchronization logging is viewable in Event Viewer. To view all events that are related to directory synchronization, follow these steps:
  1. Open Event Viewer.
  2. Expand Windows Logs, and then expand Application.
  3. In the Actions pane, click Filter Current Log.
  4. In the Event sources box, click to select the Directory Synchronization check box.
  5. Click OK.
The following table lists the error name, the error details, the error source, and the steps to help resolve the error.
Collapse this tableExpand this table
Error nameDetailsSourceResolution
AdminRequiredLocal administrator permissions are required to install Directory SynchronizationEvent Viewer/ Error prompt
DirSyncAlreadyInstalledThe Directory Sync tool is already installed. Version {0}Event ViewerUninstall all earlier versions of the Directory Sync tool before you try to install the latest version.
DirSyncInstallKeyNotRemovedWindows Installer could not remove the uninstall registry key from the Azure Active Directory Sync MSI. Retry uninstall or contact Microsoft Online Support. Event ViewerManually remove the registry keys to complete the installation.
DirSyncNotInstalledErrorA complete installation of the Azure Active Directory Sync tool was not detected on this machine. Please uninstall any versions of this tool and then reinstall the most recent version. Event ViewerUninstall all earlier versions of the Directory Sync tool before you try to install the latest version.
ErrorReRunConfigWizardUnable to start synchronization due to configuration issues. To fix the issues, try running the Configuration Wizard. If you continue to see this error please contact Microsoft Online Support.Event ViewerRun the Directory Sync tool Configuration Wizard.
WindowsInstaller45RequiredMicrosoft Windows Installer 4.5 is required for installation. Please install Microsoft Windows Installer 4.5 and try again.Event ViewerMake sure that the server on which the Directory Sync tool is being installed meets the minimum requirements.
ErrorClearRunHistoryCould not clear the run history on the MIIS Server. Error returned is '{0}'. Contact Microsoft Online support.Event Viewer
ErrorNoStartConnectionSynchronization failed to start because of connection issues or domain controllers could not be contacted by the server. Verify that you are connected to the server and all the configured domain controllers are connected to the network. If you have recently deleted domain or naming context, please rerun the Configuration Wizard.Event ViewerConfirm that the local Active Directory domain controllers can be accessed from the server that's running the Directory Sync tool.
ErrorNoStartCredentialsSynchronization failed to start because of credential problems. Rerun Configuration Wizard to update credentials for Synchronization.Event ViewerRun the Directory Sync tool Configuration Wizard, and re-enter credentials. Also, confirm that the credentials have Administrator access to the portal.
ErrorNoStartNoDomainControllerSynchronization failed to start because the domain controller could not be contacted by the server. Verify that the domain controller is connected to the network.Event ViewerConfirm that the local Active Directory domain controllers can be accessed from the server that's running the Directory Sync tool.
ErrorStoppedConnectivitySynchronization stopped because of connectivity loss. Restore connectivity to the server.Confirm that the local computer can access the Internet. Have the user try to ping provisioning.microsoftonline.com to verify that the computer can reach the Azure Active Directory authentication system.
ErrorStoppedDatabaseDiskFullSynchronization stopped because the SQL Server database used by the Synchronization server is full. Create some space in the SQL Server database.Event ViewerFree up space on the storage used to hold the directory synchronization SQL database. If the issue isn't resolved, the Directory Sync tool will be unable to run successfully, and the SQL database may be permanently damaged.
InstallNotAllowedOnDomainControllerMicrosoft Online Services Coexistence cannot be installed on a domain controller.Event ViewerThe Directory Sync tool can be installed only on domain-joined computers that are not domain controllers.
InstallPathLengthTooLongThe installation path is too long. Provide a path of 116 characters or fewer and then try again.Event ViewerIf you use a custom path for the installation of the Directory Sync tool, the total path must contain fewer than 116 characters.
InsufficentDiskSpaceInsufficent Disk SpaceEvent ViewerThere is insufficient space to install the Directory Sync tool on the local workstation.
InvalidPlatformThe Azure Active Directory Sync tool must be installed on a computer running Windows Server 2003 Service Pack 2 or later.Event ViewerMake sure that the server on which the Directory Sync tool is being installed meets the minimum requirements.
InvalidUPNFormatUser Principal Name (UPN) is your logon name. This error is displayed when the user enters credentials for Microsoft Online that do not contain an "@" character.Event ViewerEnter valid credentials.
ADCredsNotValidThe Enterprise Administrator credentials that you supplied are not valid. Supply valid credentials and try again.Event ViewerThe installation wizard could not verify that the user account that's being used to install the tool is an enterprise administrator.
MachineIsDomainJoinedUserIsNotThe computer is joined to a domain, but the current user credentials do not have access permissions on the domain.Event ViewerLog on as a domain user by using an account that meets the minimum requirements before you try to install the Directory Sync tool.
MachineIsNotDomainJoinedThe computer is not joined to any domain.Event ViewerMake sure that the server on which the Directory Sync tool is installed meets the minimum requirements.
MachineNotDomainJoinedThe computer must be joined to a domain.Event ViewerMake sure that the server on which the Directory Sync tool is installed meets the minimum requirements.
MIISSyncIsInProgressErrorThe synchronization engine is busy. Retry this operation after this synchronization session is complete.Event ViewerThere is an existing operation that's being completed by MIIS, and any new operation can be completed only after the current operation is complete.
MIISUserAddRight_AccountNotFoundAccount name:'{0}' could not be found. Error Code:{1}Event ViewerThe Directory Sync tool could not add the local account that's being used to complete the installation to the MIIS Admin Group. Manually add the user to the group to continue with the installation.
MIISUserAddRight_AddFailed'{0}' could not be added to the account rights for '{1}'. Error code:{2}Event ViewerThe Directory Sync tool could not add the local account that's being used to complete the installation to the MIIS Admin Group. Manually add the user to the group to continue with the installation.
MIISUserAddRight_PolicyHandleNotFoundFailed to obtain the policy handle. Error Code:{0}Event ViewerThe Directory Sync tool could not add the local account that's being used to complete the installation to the MIIS Admin Group. Manually add the user to the group to continue with the installation.
PowerShellRequiredPowerShell must be installed.Event ViewerMake sure that the server on which the Directory Sync tool is installed meets the minimum requirements.
UnsupportedNameFormatThe name format is not supported. Two examples of the supported user name formats are: someone@example.com or example\someone.Event ViewerEnter valid credentials.
UserNotAMemberOfMIISAdminsThe current user is not a member of the Microsoft Identity Integration Server (MIIS) Admin group. If you have recently installed the Azure Active Directory Sync tool , you may need to log off and then log on.Event ViewerManually add the local Active Directory user account that's used to run the Directory Sync tool to the MIIS Admin Group.
UserNotAnEnterpriseAdminUser '{0}' is not a member of the Enterprise Admins group.Event ViewerManually add the local Active Directory user account that's used to run the Directory Sync tool to the Active Directory Enterprise Admin Group.
UnsupportedClientVersionThis version of the Directory Sync tool is no longer supported. Remove this version and then install the latest version from the Directory Synchronization page of the Migration tab in the Microsoft Online Services Administration Center.Event ViewerDownload the latest version of the Directory Sync tool. To do this, go to Install or upgrade the Directory Sync tool (http://technet.microsoft.com/en-us/library/jj151800.aspx) .
InternetQueryOptionErrorInternet Explorer proxy settings were not read. Initial configuration using setup wizard may not be able to access online help. WinInet Error {0}Event ViewerThe installation wizard could not read or change proxy settings in Internet Explorer. Verify that the proxy settings that are set in Internet Explorer are formatted correctly.
InternetSetOptionErrorInternet Explorer proxy settings were not set. Initial configuration using setup wizard may not be able to access online help. WinInet Error {0}Event ViewerThe installation wizard could not read or change proxy settings in Internet Explorer. Verify that the proxy settings that are set in Internet Explorer are formatted correctly.
RichCoexistenceNotAllowedCurrent local directory does not have Exchange 2010 installed. Rich coexistence is not allowed.Event ViewerInstall all the prerequisites for a hybrid deployment before you try to install the Directory Sync tool.

MORE INFORMATION

Still need help? Go to the Office 365 Community (http://community.office365.com/) website or the Azure Active Directory Forums (http://social.technet.microsoft.com/Forums/windowsazure/en-US/home?forum=windowsazureaditpro) website.

Applies to
  • Microsoft Azure
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365a o365022013 o365e o365m KB2684395
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support