Hi ,
Welcome to the Support Portal. How can we help?
Follow

Errors & Solutions (Azure AD synctool)

Table of Contents

 

Introduction

While installing or running the synctool, you may run into some problems. This article points out some error messages and solutions. The synctool general/error logs can can be found at the same place where the synctool is running.

 

API Endpoint or resource ID was not found

018-08-16 16:42:00.689 ActiveDirectoryToWorkspaceSyncTool.ActiveDirectory.NotificationService - Error during W365 notification
 ActiveDirectoryToWorkspaceSyncTool.ActiveDirectory.NotificationService.A(:0) (null)
 NDAW.AdSyncApi.Client.Exceptions.NotFoundException: API Endpoint or resource id was not found

Explanation: some information that was put in, is invalid.

Solution: please check the following:

  • The Workspace site URL
  • API Token
  • Environment name

Back to top

 

Server refused to authenticate client, check if API is enabled and authentication token is correct

 NotificationService - Error during W365 notification
NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.CreateOrUpdateUserNotification(:0) (null)
NDAW.AdSyncApi.Client.Exceptions.AuthenticationException: Server refused to authenticate client, check if API is enabled and authentication token is correct

Explanation: there is no connection between the synctool and Workspace.

Solution: please check the following:

  • The Workspace site URL:
    • Just the site name without any attribute behind the "/".
      Example: "https://portal.workspace365.net". 
  • API Token & Enable sync from Active Directory:
    • Make sure the right API authentication token is set and Enable sync from Active Directory is turned on under the Active Directory settings in Workspace. 
  • Environment name:
    • The environment name has to be set, this can be found after the /.
      Example: "https://portal.workspace365.net/john"

Back to top

 

FirstName and LastName are required

NDAW.AdSyncApi.Client.Exceptions.ServerValidationException: Server
validation failed: FirstName:This field is required, LastName:This field is requiredTh

Explanation: first- and last names are prerequisites to sync users.

Solution: make sure all users have a first and last name assigned to them in Azure AD. 

Back to top

 

The remote server returned an error: (400) Bad Request

ActiveDirectoryToWorkspaceSyncTool.AzureAD.Exceptions.AzureAdParsedDataServiceException - Exception parsing failed
ActiveDirectoryToWorkspaceSyncTool.AzureAD.Exceptions.AzureAdParsedDataServiceException.Parse(:0) (null)
System.Net.WebException: The remote server returned an error: (400) Bad Request.
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadData(Uri address)
at ActiveDirectoryToWorkspaceSyncTool.AzureAD.GraphQuery.AzureAdGraphQuery.A()
2020-06-10 09:53:08.562 AzureAdParsedDataServiceException - Exception parsing failed 
 NDAW.AzureActiveDirectorySync.AzureAD.Exceptions.AzureAdParsedDataServiceException.Parse(:0) (null)
 System.Net.WebException: The remote server returned an error: (400) Bad Request.

Explanation: this happens when the Azure AD token that is stored in the sync database is not working (anymore). Probably because the sync token is expired or you have copied the sync folder from customer A (already configured) to customer B. 

Solution:

  • Always start a clean configuration for each customer. On the synctool VM/client, place a blank sync tool configuration from where you can start the configuration for each customer.
  • You can try to clear the cache (if its a new configuration).
  • Delete the database from the database folder.

Back to top

 

System.TimeoutException: Failed to make the request within '00:01:40'

 2020-07-03 07:00:10.020 NotificationService - Error during W365 notification 
NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.CreateOrUpdateUserNotification(:0) (null)
System.TimeoutException: Failed to make the request within '00:01:40'.
at NDAW.AzureActiveDirectorySync.AzureAD.AzureAdDataService.<MakeRequestWithTimeoutAsync>d__20`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NDAW.AzureActiveDirectorySync.AzureAD.AzureAdDataService.MakeRequestWithTimeout[TResult](Func`2 request)
at NDAW.AzureActiveDirectorySync.AzureAD.AzureAdDataService.GetUserProfilePhoto(String userId)
at NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.ProcessProfilePicture(String activeDirectoryUserId, String email)
at NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.CreateOrUpdateUserNotification(String userPrincipalName, CreateOrUpdateUserParameters createOrUpdateUserParameters)

Explanation: since the Azure AD synctool version 3.0 we make use of the Microsoft Graph instead of the Azure AD Graph. This error is happening when you did update the synctool application, but didn't update the permissions on the Azure AD App registration.

Solution: update the synctool accordingly. Please read this article once more.

Back to top

 

Synctool old version, new application

Explanation: do you have a old version of the synctool, versions below 3.0? And the new way of creating the applications? The synctool won't work.

Solution: you need to update the synctool to the newest version. To check the synctool version go to:

  • Open de synctool files
  • Right click on the Configuration tool
  • Click on Properties
  • Click on Details
  • File Version ...

mceclip0.png

Back to top


API server failed with internal error

Explanation: this happens when "Your workspace site url" contains illegal characters, such as spaces.

Solution: please make sure to remove these illegal characters. The workspace site url is the root url from the workspace (environment name excluded). 

2020-08-27 11:47:42.886 NotificationService - Error during W365 notification 
NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.CreateOrUpdateUserNotification(:0) (null)
NDAW.AdSyncApi.Client.Exceptions.ServerException: API server failed with internal error
at NDAW.AdSyncApi.Client.Implementation.ActiveDirectorySyncApiClient.HandleErrors(HttpResponseMessage response)
at NDAW.AdSyncApi.Client.Implementation.ActiveDirectorySyncApiClient.CreateOrUpdateUser(CreateOrUpdateUserParameters parameters)
at NDAW.AzureActiveDirectorySync.ActiveDirectory.NotificationService.CreateOrUpdateUserNotification(String userPrincipalName, CreateOrUpdateUserParameters createOrUpdateUserParameters)

  Back to top


Invalid URI: The hostname could not be parsed

2022-02-16 08:50:31.472 AzureAdToWorkspaceSyncTool - Invalid URI: The hostname could not be parsed. 
NDAW.AzureActiveDirectorySync.AzureAD.AzureAdToWorkspaceSyncTool+<StartDifferentialSyncAsync>d__15.MoveNext(:0) (null) 
System.UriFormatException: Invalid URI: The hostname could not be parsed. 

Explanation: this happens when "Your workspace site url" contains illegal characters, such as spaces.

Solution: remove spaces, (just plain text). 

 

Test connection failed! Please check AAD configuration settings!

test_connection_failed.PNG

Explanation: information put is, is invalid.

Solution: make sure the app registration information (tenant ID, object ID, etc.) is filled in correctly. If the same error remains, please delete and re-create the client app registration, explained in step 1.

Back to top

 

Error getting photo for user

2021-02-16 14:35:26.465 AzureAdDataService - Error getting photo for user ... in AzureAD
NDAW.AzureActiveDirectorySync.AzureAD.AzureAdDataService.GetUserProfilePhoto(:0) (null)
Status Code: Forbidden
Microsoft.Graph.ServiceException: Code: ErrorAccessDenied
Message: Access is denied. Check credentials and try again.

Bare in mind, there are some photo restrictions: https://docs.microsoft.com/en-us/graph/known-issues.

Solution:

  • Make sure you run the latest version of our synctool.
  • Make sure the correct API permissions are set for the Microsoft Graph in Azure AD. 
  • Make sure the correct values are present in AAD for the user using the Graph Explorer from Microsoft: https://developer.microsoft.com/en-us/graph/graph-explorer
    If the photo is not present, try uploaden another photo in the Microsoft profile. 
    If the photo is present, check the sync tool error logs for more information.

Back to top

DeltaLink older than 30 days is not supported

Solution:

Back to top