Lather, rinse, repeat…Azure AD Connect Installation Stalls At Service Account Screen

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

 

Albert Einstein was famously quoted for saying that the definition of insanity is doing the same thing over and over again and expecting a different result.  I was reminded of that during a recent Azure AD Connect installation that ran into a brick wall during the installation wizard.  We kept trying over and over, knowing we were being thorough in our preparations for the installation. May thanks to Russ Tarr, a Principal Consultant at Microsoft with many years of experience troubleshooting everything Microsoft.  He was instrumental in tracing this down to root cause for us in our troubleshooting session.  There's no substitute for experience and I am sharing our experience with you.  We hope this helps anyone experiencing the same issue.

 

The Problem

The Azure AD Connect installation would get to the ADFS Service Account screen (shown below) but would not allow the installation to proceed.  After restarting the installation process and walking through the steps several times, the process appeared to be in an infinite loop (see paragraph above). The screen below was the brick wall in the installation process.  The account information was auto populated from the existing ADFS farm.  The accounts specified throughout  the installation wizard are all done in DOMAIN\User format.  So what's going on here?
 
AADConnect1.jpg

 

Digging Through the Logs

During the installation of Azure AD Connect, logs are created in the C:\ProgramData\AADConnect  folder on the local machine and give a clue on the issue being experienced.
 
AADConnect2.jpg
 

The Moment of Clarity

So, where is this coming from?  In our case, the service account on the Active Directory Federation Services service was configured with the Log On account configured in UPN format.  While this is perfectly valid for a service account as far as Windows is concerned, the Azure AD Connect installation has a problem with it.
 
AADConnect3.jpg

 

The Solution

The solution is easy,  just change the service log on information to DOMAIN\UserName format in the service and the installation will proceed past the ADFS Service Account screen.
 
AADConnect4.jpg

Pay Dirt!

Now that we have the Log On information in the service account for ADFS corrected, the installation continues on.
 
AADConnect5.jpg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.