asked on

Azure AD Sync connect error (Sync scheduler)

After adding AD FS to Azure AD connect I have som trouble with the sync scheduler.

I got status : stopped-extension-dll-extension on export for my AAD connector.

Googled it and probably the issue was related to password. After an input I created a new user in portal.office.com as an Global Administrator and figured this could be used to authenticate. I suspect I missed something here :)

When using start-ADsyncsynccycle -policytype initial (or any other of the sync method) I get this error :

What i figure is relevant is :
multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements (e.g. UserId)

Entire error message.

Start-ADSyncSyncCycle : System.Management.Automation.CmdletInvocationException: Microsoft.IdentityModel.Clients.ActiveD
irectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requiremen
ts. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalS
erviceResource)
at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance a
dalServiceResource)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeD
ependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString userPassword
)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alizeProvisionHelper()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alize()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSerial
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_detected ---> System.InvalidOperationException: Microsoft.IdentityModel.Clie
nts.Ac
tiveDirectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying the requi
rements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance adalS
erviceResource)
at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance a
dalServiceResource)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeD
ependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString userPassword
)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alizeProvisionHelper()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alize()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsSerial
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_detected
at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String& setti
ngsDeserialized, String& errorString)
at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollecti
on`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 o
utput, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell
)
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessi
onState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerSettingsExecutor.GetCurrentSched
ulerSettings()
at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean interactiveMode
)
at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
At line:1 char:1
+ Start-ADSyncSyncCycle -PolicyType Delta
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Ident...ADSyncSyncCycle:StartADSyncSyncCycle) [Start-ADSyncSyncCy
cle], InvalidOperationException
+ FullyQualifiedErrorId : System.Management.Automation.CmdletInvocationException: Microsoft.IdentityModel.Clients.
ActiveDirectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying th
e requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
adalServiceResource)
at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInsta
nce adalServiceResource)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString us
erPassword)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
InitializeProvisionHelper()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
Initialize()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
GetCompanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_detected ---> System.InvalidOperationException: Microsoft.IdentityModel.Clie
n
ts.ActiveDirectory.AdalException: multiple_matching_tokens_detected: The cache contains multiple tokens satisfying
the requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
adalServiceResource)
at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInsta
nce adalServiceResource)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString us
erPassword)
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
InitializeProvisionHelper()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
Initialize()
at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
GetCompanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_detected
at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String&
settingsDeserialized, String& errorString)
at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncIn
voke)
at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isS
ync)
at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCol
lection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollectio
n`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell power
Shell)
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, Initial
SessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerSettingsExecutor.GetCurrent
SchedulerSettings()
at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean interactiv
eMode)
at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
,Microsoft.IdentityManagement.PowerShell.Cmdlet.StartADSyncSyncCycle

ASKER CERTIFIED SOLUTION

Vasil Michev (MVP)

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Abdul Jalil Abou Alzahab

Did you tried with the following:
[Troubleshooting] Connectors: Azure Active Directory Connector: stopped-extension-dll-exception
https://blogs.msdn.microsoft.com/ms-identity-support/2014/01/28/troubleshooting-connectors-azure-active-directory-connector-stopped-extension-dll-exception/

Azure AD Connect: Connect Service error “stopped-extension-dll-exception”
https://blog.kloud.com.au/2015/07/21/azure-ad-connect-connect-service-error-stopped-extension-dll-exception/

Mr Woober

ASKER

Stopped the service. Figured out the password for the log on was wrong. Corrected the errors and service started and back in business