I have a customer (University) Who has an issue with DirSync. They have 3 million users on Local AD they want to synchronize with Office 365 to enable these users for Exchange online.
Now they have users "Students" enabled for Exchange online and management and staff are enabled on the On-premises Exchange servers.
Dirsync during the day synchronize 2 times fine without any error and again 2 times doesn't synchronize and gives error with no details. the error is "Stopped Extension-dll exception"
More errors shown as below
An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support. SetCredential() failed. Contact Technical Support. (0x8009000B)
I am attaching other errors as well
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte syncCookie, Boolean isFullImport)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep)
Forefront Identity Manager 4.1.3465.0"
The management agent "Windows Azure Active Directory Connector" failed on run profile "Delta Import Delta Sync" because the server encountered errors.
The management agent "Windows Azure Active Directory Connector" step execution completed on run profile "Delta Import Delta Sync" but the watermark was not saved.
Discovery Errors : "0"
Synchronization Errors : "0"
Metaverse Retry Errors : "0"
Export Errors : "0"
Warnings : "0"
View the management agent run history for details.
The Management Agent Windows Azure Active Directory Connector failed on execution. Error returned is 'stopped-extension-dll-exception'. If the problem persists, contact Technical Support.
Customer have tried to involve Microsoft with them through a third party technical support company but microsoft was not able to apply anything since they have tried to apply some scripts but those scripts would take 3 days without finishing.
The first time the Dirsync was applied it took 1 week without finishing until now they were not able to apply a full import and export sync.
What have really got me interested is that Microsoft did not suggest to the customer to upgrade his FIM (ForeFront Identity Manager)'s old version to the latest one.
Customer is using Full SQL deployment on a dedicated server and DirSync (FID) on a separate server too. The deployed servers are virtual and have 32 GB ram and 200 GB HDD size and 4 cores.
I have recommended to this customer that we do not touch this current deployment since Microsoft themselves couldn't do anything in regard, but what we could do is take a virtual snapshot and then apply the upgrade and see if this resolves the issue or not?
Microsoft talked to them about a limited number of synchronized items to their Azure site per week! I am not sure about this but what the customer said is that they change approximately about 25,000 user object per day.
Could this issue happens because of this limit?