Mr Woober
asked on
Azure AD Sync connect error (Sync scheduler)
After adding AD FS to Azure AD connect I have som trouble with the sync scheduler.
I got status : stopped-extension-dll-exte nsion on export for my AAD connector.
Googled it and probably the issue was related to password. After an input I created a new user in portal.office.com as an Global Administrator and figured this could be used to authenticate. I suspect I missed something here :)
When using start-ADsyncsynccycle -policytype initial (or any other of the sync method) I get this error :
What i figure is relevant is :
multiple_matching_tokens_d etected: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements (e.g. UserId)
Entire error message.
Start-ADSyncSyncCycle : System.Management.Automati on.CmdletI nvocationE xception: Microsoft.IdentityModel.Cl ients.Acti veD
irectory.AdalException: multiple_matching_tokens_d etected: The cache contains multiple tokens satisfying the requiremen
ts. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl ients.Acti veDirector y.Authenti cationCont ext.RunAsy ncTask[T]( Task`1 task)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etADALToke n(String userName, String userPassword, MSOInstance adalS
erviceResource)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etSecurity Token(Stri ng userName, String userPassword, MSOInstance a
dalServiceResource)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.TypeD
ependencies.ProvisionHelpe rGetSecuri tyToken(Pr ovisionHel per provisionHelper, String userName, SecureString userPassword
)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.Initi
alizeProvisionHelper()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.Initi
alize()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.AADConfi g.get_Clou dEnforcedS yncSchedul erInterval ()
at Microsoft.MetadirectorySer vices.Sche duler.Sche dulerSetti ngUtilitie s.get_Curr entSchedul erSettings ()
at SchedulerUtils.GetCurrentS chedulerSe ttings(_Co nfigAttrNo de* pcanList, UInt32 ccanItems, Char** syncSettingsSerial
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_d etected ---> System.InvalidOperationExc eption: Microsoft.IdentityModel.Cl ie
nts.Ac
tiveDirectory.AdalExceptio n: multiple_matching_tokens_d etected: The cache contains multiple tokens satisfying the requi
rements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl ients.Acti veDirector y.Authenti cationCont ext.RunAsy ncTask[T]( Task`1 task)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etADALToke n(String userName, String userPassword, MSOInstance adalS
erviceResource)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etSecurity Token(Stri ng userName, String userPassword, MSOInstance a
dalServiceResource)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.TypeD
ependencies.ProvisionHelpe rGetSecuri tyToken(Pr ovisionHel per provisionHelper, String userName, SecureString userPassword
)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.Initi
alizeProvisionHelper()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.Initi
alize()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.AADConfi g.get_Clou dEnforcedS yncSchedul erInterval ()
at Microsoft.MetadirectorySer vices.Sche duler.Sche dulerSetti ngUtilitie s.get_Curr entSchedul erSettings ()
at SchedulerUtils.GetCurrentS chedulerSe ttings(_Co nfigAttrNo de* pcanList, UInt32 ccanItems, Char** syncSettingsSerial
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_d etected
at Microsoft.DirectoryService s.Metadire ctoryServi ces.UI.Web Services.M MSWebServi ce.GetSche dulerSetti ngs(String & setti
ngsDeserialized, String& errorString)
at Microsoft.IdentityManageme nt.PowerSh ell.Cmdlet .GetADSync Scheduler. ProcessRec ord()
--- End of inner exception stack trace ---
at System.Management.Automati on.Runspac es.Pipelin eBase.Invo ke(IEnumer able input)
at System.Management.Automati on.PowerSh ell.Worker .Construct PipelineAn dDoWork(Ru nspace rs, Boolean performSyncInvoke)
at System.Management.Automati on.PowerSh ell.Worker .CreateRun spaceIfNee dedAndDoWo rk(Runspac e rsToUse, Boolean isSync)
at System.Management.Automati on.PowerSh ell.CoreIn vokeHelper [TInput,TO utput](PSD ataCollect ion`1 input, PSDataCollecti
on`1 output, PSInvocationSettings settings)
at System.Management.Automati on.PowerSh ell.CoreIn voke[TInpu t,TOutput] (PSDataCol lection`1 input, PSDataCollection`1 o
utput, PSInvocationSettings settings)
at System.Management.Automati on.PowerSh ell.Invoke (IEnumerab le input, PSInvocationSettings settings)
at Microsoft.Online.Deploymen t.PowerShe ll.LocalPo werShell.I nvoke()
at Microsoft.Online.Deploymen t.PowerShe ll.PowerSh ellAdapter .TypeDepen dencies.In vokePowerS hell(IPowe rShell powerShell
)
at Microsoft.Online.Deploymen t.PowerShe ll.PowerSh ellAdapter .InvokePow erShellCom mand(Strin g commandName, InitialSessi
onState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.PowerShe llConfigAd apter.Sche dulerSetti ngsExecuto r.GetCurre ntSched
ulerSettings()
at Microsoft.MetadirectorySer vices.Sche duler.Sche duler.Star tSyncCycle (String overridePolicy, Boolean interactiveMode
)
at SchedulerUtils.StartSyncCy cle(Schedu lerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
At line:1 char:1
+ Start-ADSyncSyncCycle -PolicyType Delta
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~
+ CategoryInfo : WriteError: (Microsoft.Ident...ADSyncS yncCycle:S tartADSync SyncCycle) [Start-ADSyncSyncCy
cle], InvalidOperationException
+ FullyQualifiedErrorId : System.Management.Automati on.CmdletI nvocationE xception: Microsoft.IdentityModel.Cl ients.
ActiveDirectory.AdalExcept ion: multiple_matching_tokens_d etected: The cache contains multiple tokens satisfying th
e requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl ients.Acti veDirector y.Authenti cationCont ext.RunAsy ncTask[T]( Task`1 task)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etADALToke n(String userName, String userPassword, MSOInstance
adalServiceResource)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etSecurity Token(Stri ng userName, String userPassword, MSOInsta
nce adalServiceResource)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
TypeDependencies.Provision HelperGetS ecurityTok en(Provisi onHelper provisionHelper, String userName, SecureString us
erPassword)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
InitializeProvisionHelper( )
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
Initialize()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
GetCompanyConfiguration(Bo olean includeLicenseInformation)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.AADConfi g.get_Clou dEnforcedS yncSchedul erInterval ()
at Microsoft.MetadirectorySer vices.Sche duler.Sche dulerSetti ngUtilitie s.get_Curr entSchedul erSettings ()
at SchedulerUtils.GetCurrentS chedulerSe ttings(_Co nfigAttrNo de* pcanList, UInt32 ccanItems, Char** syncSettingsS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_d etected ---> System.InvalidOperationExc eption: Microsoft.IdentityModel.Cl ie
n
ts.ActiveDirectory.AdalExc eption: multiple_matching_tokens_d etected: The cache contains multiple tokens satisfying
the requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl ients.Acti veDirector y.Authenti cationCont ext.RunAsy ncTask[T]( Task`1 task)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etADALToke n(String userName, String userPassword, MSOInstance
adalServiceResource)
at Microsoft.Online.Coexisten ce.Provisi onHelper.G etSecurity Token(Stri ng userName, String userPassword, MSOInsta
nce adalServiceResource)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
TypeDependencies.Provision HelperGetS ecurityTok en(Provisi onHelper provisionHelper, String userName, SecureString us
erPassword)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
InitializeProvisionHelper( )
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
Initialize()
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.Provisio ningWebSer viceAdapte r.Provisio ningWebSer viceAdapte r.
GetCompanyConfiguration(Bo olean includeLicenseInformation)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.AADConfi g.get_Clou dEnforcedS yncSchedul erInterval ()
at Microsoft.MetadirectorySer vices.Sche duler.Sche dulerSetti ngUtilitie s.get_Curr entSchedul erSettings ()
at SchedulerUtils.GetCurrentS chedulerSe ttings(_Co nfigAttrNo de* pcanList, UInt32 ccanItems, Char** syncSettingsS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_d etected
at Microsoft.DirectoryService s.Metadire ctoryServi ces.UI.Web Services.M MSWebServi ce.GetSche dulerSetti ngs(String &
settingsDeserialized, String& errorString)
at Microsoft.IdentityManageme nt.PowerSh ell.Cmdlet .GetADSync Scheduler. ProcessRec ord()
--- End of inner exception stack trace ---
at System.Management.Automati on.Runspac es.Pipelin eBase.Invo ke(IEnumer able input)
at System.Management.Automati on.PowerSh ell.Worker .Construct PipelineAn dDoWork(Ru nspace rs, Boolean performSyncIn
voke)
at System.Management.Automati on.PowerSh ell.Worker .CreateRun spaceIfNee dedAndDoWo rk(Runspac e rsToUse, Boolean isS
ync)
at System.Management.Automati on.PowerSh ell.CoreIn vokeHelper [TInput,TO utput](PSD ataCollect ion`1 input, PSDataCol
lection`1 output, PSInvocationSettings settings)
at System.Management.Automati on.PowerSh ell.CoreIn voke[TInpu t,TOutput] (PSDataCol lection`1 input, PSDataCollectio
n`1 output, PSInvocationSettings settings)
at System.Management.Automati on.PowerSh ell.Invoke (IEnumerab le input, PSInvocationSettings settings)
at Microsoft.Online.Deploymen t.PowerShe ll.LocalPo werShell.I nvoke()
at Microsoft.Online.Deploymen t.PowerShe ll.PowerSh ellAdapter .TypeDepen dencies.In vokePowerS hell(IPowe rShell power
Shell)
at Microsoft.Online.Deploymen t.PowerShe ll.PowerSh ellAdapter .InvokePow erShellCom mand(Strin g commandName, Initial
SessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDire ctory.Sync hronizatio n.PowerShe llConfigAd apter.Sche dulerSetti ngsExecuto r.GetCurre nt
SchedulerSettings()
at Microsoft.MetadirectorySer vices.Sche duler.Sche duler.Star tSyncCycle (String overridePolicy, Boolean interactiv
eMode)
at SchedulerUtils.StartSyncCy cle(Schedu lerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
,Microsoft.IdentityManagem ent.PowerS hell.Cmdle t.StartADS yncSyncCyc le
I got status : stopped-extension-dll-exte
Googled it and probably the issue was related to password. After an input I created a new user in portal.office.com as an Global Administrator and figured this could be used to authenticate. I suspect I missed something here :)
When using start-ADsyncsynccycle -policytype initial (or any other of the sync method) I get this error :
What i figure is relevant is :
multiple_matching_tokens_d
Entire error message.
Start-ADSyncSyncCycle : System.Management.Automati
irectory.AdalException: multiple_matching_tokens_d
ts. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl
at Microsoft.Online.Coexisten
erviceResource)
at Microsoft.Online.Coexisten
dalServiceResource)
at Microsoft.Azure.ActiveDire
ependencies.ProvisionHelpe
)
at Microsoft.Azure.ActiveDire
alizeProvisionHelper()
at Microsoft.Azure.ActiveDire
alize()
at Microsoft.Azure.ActiveDire
mpanyConfiguration(Boolean
at Microsoft.Azure.ActiveDire
at Microsoft.MetadirectorySer
at SchedulerUtils.GetCurrentS
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_d
nts.Ac
tiveDirectory.AdalExceptio
rements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl
at Microsoft.Online.Coexisten
erviceResource)
at Microsoft.Online.Coexisten
dalServiceResource)
at Microsoft.Azure.ActiveDire
ependencies.ProvisionHelpe
)
at Microsoft.Azure.ActiveDire
alizeProvisionHelper()
at Microsoft.Azure.ActiveDire
alize()
at Microsoft.Azure.ActiveDire
mpanyConfiguration(Boolean
at Microsoft.Azure.ActiveDire
at Microsoft.MetadirectorySer
at SchedulerUtils.GetCurrentS
ized, Char** errorString)
ErrorCode: multiple_matching_tokens_d
at Microsoft.DirectoryService
ngsDeserialized, String& errorString)
at Microsoft.IdentityManageme
--- End of inner exception stack trace ---
at System.Management.Automati
at System.Management.Automati
at System.Management.Automati
at System.Management.Automati
on`1 output, PSInvocationSettings settings)
at System.Management.Automati
utput, PSInvocationSettings settings)
at System.Management.Automati
at Microsoft.Online.Deploymen
at Microsoft.Online.Deploymen
)
at Microsoft.Online.Deploymen
onState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDire
ulerSettings()
at Microsoft.MetadirectorySer
)
at SchedulerUtils.StartSyncCy
At line:1 char:1
+ Start-ADSyncSyncCycle -PolicyType Delta
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Ident...ADSyncS
cle], InvalidOperationException
+ FullyQualifiedErrorId : System.Management.Automati
ActiveDirectory.AdalExcept
e requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl
at Microsoft.Online.Coexisten
adalServiceResource)
at Microsoft.Online.Coexisten
nce adalServiceResource)
at Microsoft.Azure.ActiveDire
TypeDependencies.Provision
erPassword)
at Microsoft.Azure.ActiveDire
InitializeProvisionHelper(
at Microsoft.Azure.ActiveDire
Initialize()
at Microsoft.Azure.ActiveDire
GetCompanyConfiguration(Bo
at Microsoft.Azure.ActiveDire
at Microsoft.MetadirectorySer
at SchedulerUtils.GetCurrentS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_d
n
ts.ActiveDirectory.AdalExc
the requirements. Call AcquireToken again providing more requirements (e.g. UserId)
at Microsoft.IdentityModel.Cl
at Microsoft.Online.Coexisten
adalServiceResource)
at Microsoft.Online.Coexisten
nce adalServiceResource)
at Microsoft.Azure.ActiveDire
TypeDependencies.Provision
erPassword)
at Microsoft.Azure.ActiveDire
InitializeProvisionHelper(
at Microsoft.Azure.ActiveDire
Initialize()
at Microsoft.Azure.ActiveDire
GetCompanyConfiguration(Bo
at Microsoft.Azure.ActiveDire
at Microsoft.MetadirectorySer
at SchedulerUtils.GetCurrentS
erialized, Char** errorString)
ErrorCode: multiple_matching_tokens_d
at Microsoft.DirectoryService
settingsDeserialized, String& errorString)
at Microsoft.IdentityManageme
--- End of inner exception stack trace ---
at System.Management.Automati
at System.Management.Automati
voke)
at System.Management.Automati
ync)
at System.Management.Automati
lection`1 output, PSInvocationSettings settings)
at System.Management.Automati
n`1 output, PSInvocationSettings settings)
at System.Management.Automati
at Microsoft.Online.Deploymen
at Microsoft.Online.Deploymen
Shell)
at Microsoft.Online.Deploymen
SessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
at Microsoft.Azure.ActiveDire
SchedulerSettings()
at Microsoft.MetadirectorySer
eMode)
at SchedulerUtils.StartSyncCy
,Microsoft.IdentityManagem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Stopped the service. Figured out the password for the log on was wrong. Corrected the errors and service started and back in business
[Troubleshooting] Connectors: Azure Active Directory Connector: stopped-extension-dll-exce
https://blogs.msdn.microsoft.com/ms-identity-support/2014/01/28/troubleshooting-connectors-azure-active-directory-connector-stopped-extension-dll-exception/
Azure AD Connect: Connect Service error “stopped-extension-dll-exc
https://blog.kloud.com.au/2015/07/21/azure-ad-connect-connect-service-error-stopped-extension-dll-exception/