On Azure AD connect server- DeltaSync - status , no-start connection. At the connection status tab, Status - failed connection

Seems to be dns issue

This is may be due to ip configuration issue
OR
Network connectivity issue from ad connect server

Please post as how to trouble shoot and resolve this issue.

Thanks

Hi there! :)

Please refer to the link below for an article with step by step instructions on how to fix problems with directory synchronization for Office 365.

Reference: https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization

Hi Lianne,

Can you check if the internet connectivity is there on AAD Connect Server?
and also check what proxy server you have configured in your Azure AD Connect Server

Hi Rohit

Internet is working fine on the AAD connect server  and also on our Domain controller that is allowed to sysc with the Azure AD connect server.

Also on the Azure AD connect server , there is no proxy setting.
We use transparent proxy on our DC

Is there a way to check the connectivity between Azure AD Connect server and our Domain controller ?

Thanks

Hi Lianne, Can we work over remote? Do let me know, i will send you skype invite

Hi Lienne,

Please follow below MS article as well
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity#the-communication-pattern-between-azure-ad-connect-and-azure-ad

I tried to ping from the aad connect server to the IP of our Domain controller  and it gives request time out  and also did a trace route on from the aad connect server to our domain controller IP .
Both results gives request time out .

Firewall team is hosted out side  our organisation and not sure what i need to ask them to check?

Hi Lianne,

Do you have Azure AD Connect Staging Server in place?

Thanks Rohit
I try to install a staging server and this means installing AAD connect on a member server and try syncing?
Please see the attached error ion the Synchronisation service manager.
synchronisation-service-manager-erro.png

This was a working setup and suddenly the sync stopped  and not sure where it could have gone wrong.

It looks something is getting block..

So for mitigating the issue at this moment, you can install Azure AD Connect Staging Server and then you need to Stop Azure AD Connect Service on the primary server and to make staging server as primary and run the sync
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server

Thanks so much!

Ok,

Firstly  After installing the Azure AD Connect Staging Server on a member server , if the sync is working , what could be the problem on the primary server ?

Secondly if the sync is still not working even on the staging server what could be the problem ?

I dont think, so it will not work.. As I said, we need to have multiple tracing needs to be done.. Not sure, if any recent changes has been implemented from your network or Security teams..

So, At this stage, Just try to build this staging server.. If it will not work, we need to rebuild primary AD COnnect Server

Hi

I didn’t install the staging server and was investigating this further and when I went to the AD connect server  and Synchronisation services manager and when I click the failed connection,

The connection Log opens and gives the errors as ADC-002.domain.local :389 is down.

I went to the AD connect server and opened the DNS server and please see the snap shot as shown.
On the Forward Look up Zones – Domain .Local
10.14.108.46  is unable to resolve  and this is the IP address of ADC-002.domain.local ( Secondary Domain controller)

Please suggest how to troubleshoot this issue as a where the problem is and resolve this issue.

Thanks
No-Start-connection-error.png
AD-Connect-DNS-server-SRV-records-er.png

I restarted the AD connect server  and no joy .

This looks that Azure AD Connect is not able to do LDAP query to DC...
https://docs.microsoft.com/en-in/azure/active-directory/hybrid/reference-connect-ports

Can you let me know the DC server version ... is it windows server 2008 r2

Can you check the below steps suggested in community post
https://social.technet.microsoft.com/Forums/office/en-US/d694dd43-41db-45d8-b84a-c823e450c146/server-did-not-respond-to-ldap-query-to-port-389-udp

Hi Lianne,

I will request you to do below connectivity test check from your Azure AD Connect Server
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-adconnectivitytools#adconnectivitytool-during-installation

Please follow the steps suggested in above docs

The server version is Windows 2012 R2 Standard

Firstly As per the link provided below.
https://docs.microsoft.com/en-in/azure/active-directory/hybrid/reference-connect-ports

Table 1 and Table 2  does these ports needs opened on our firewall for our Local Active directory server ADC-002.Domain.local
or the public facing IP?

Is there any commands or way to check from AD connect server if each these ports are opened or not .
By this i can ask the firewall team to open any specific ports if it is blocked.
This was a working setup from last 1 year and hope the Firewall rule for this setup much be present. But still we can double check the ports if opened or not.

Secondly i am not confident running the connectivity test from the AD connect server to ADC-002.domain.local .
Please can you post me step by step instructions as how to execute this command.
Thanks

Did you run this connectivity check as suggested in below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-adconnectivitytools#adconnectivitytool-during-installation

In the azure ad connect server, go to the below file path and run the tool
The tool is located in: C:\Program Files\Microsoft Azure Active Directory Connect\Tools\ ADConnectivityTool.psm1


This will let you know, if any port is blocked in between Azure AD Connect Server and your DC server

Thanks

So I assume that i open PowellShell on the AD connect server - Copy and paste the following command  and it must bring the results for the connectivity between the AAD connect server an dour local domain controller (ADC-002.domain.local)

C:\Program Files\Microsoft Azure Active Directory Connect\Tools\ADConnectivityTool.psm1

Before i run , do i need to change any values on the ADConnectivityTool.psm1 file?

Hey, you just need to provide the directory information which you was configured to sync using AZure AD Connect to test out..  refer the snapshot

As per the link provided below for Table 1 and Table 2  
I tried the connectivity test using the following powershell command from the AD connect server. Please see the attached results.

New-Object System.Net.Sockets.TcpClient("193.x.x.x", Port no)
New-Object System.Net.Sockets.TcpClient("10.x.x.x", Port no)

 Does these ports needs opened on our firewall for our Local Active directory server ADC-002.Domain.local
or the public facing IP address or Both ?
Also not sure which port no i should use for RPC ?
Please suggest.

https://docs.microsoft.com/en-in/azure/active-directory/hybrid/reference-connect-ports
0365-Ports-on-FW.xlsx

Sorry Lianne, I was not well.

Can you please share me snapshot for connectivity test result

It will show same as below
https://www.experts-exchange.com/questions/29152123/On-Azure-AD-connect-server-DeltaSync-status-no-start-connection-At-the-connection-status-tab-Status-failed-connection.html?anchorAnswerId=42909110#a42909110

Thanks for your help!
Sorry couldn't respond sooner.