Sign up for Office 365
Learn more about Office 365
I have been unable to get DirSync to sync for the last 3 days now. At each scheduled sync I get the following errors:
The management agent "TargetWebService" completed run profile "Delta Confirming Import" with a delta import or delta synchronization step type. The rules configuration has changed since the last full import or full synchronization.
To ensure the updated rules are applied to all objects, a run with step type of full import and full synchronization should be completed.
An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support. (0x80048823)
An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support.
The management agent "TargetWebService" failed on run profile "Delta Confirming Import" because the server encountered errors.
The management agent "TargetWebService" step execution completed on run profile "Delta Confirming Import" but the watermark was not saved.
Discovery Errors : "0"
Synchronization Errors : "0"
Metaverse Retry Errors : "0"
Export Errors : "0"
Warnings : "0"
View the management agent run history for details.
The last successful sync was at 12:06 on 30/04/2012 then the next sync 15:13 on the same day failed and hasn't worled since. This seems to coincide with trying to run a migration batch, which failed, sometime around midday on the 30th. Could this be linked?
The event log doesn't seem to shed toomuch light on the issue so I am a bit stuck..
Also the migrated user cannot log into their email at present, when the migration batch failed I removed the users email address, which removed the user from AD I then had to recreate the user which left me with 2 email addresses listed in exchange for this user (it was a new account) I am just wondering if this could be a possible cause?
I am trying to getmy head round a current issue regarding ADFS, SSO, DirSync and general user management.
We have recently setup an O365 account, configured an ADSF federated domain by setting up FS servers and a FS proxy. This has been working fine, mostly. However our initial plan was to move to O365 so that we could get rid of our on premises exchange so we went the staged migration route.
So far when I get a new user I have to create their account in AD, then create their email address on out on premises exchange, then migrate them. This is fine but just seems a bit like a faff. From my observation i am not able to get rid of our on premises Exchange as for SSO to work properly I cannot switch off DirSync because if I do then new users will not get synced to O365 and as such SSO will not operate. Is this assumption correct? Also with DIrSync on I cannot manage or add new email accounts through MOP, it all has to be done through our local AD.
Have I missed something or is this the correct way to manage the process?
This is an issue I would recommend calling into support for, at your convenience. If ADFS is involved, it may require advanced support, which will require a service ticket be created for the case. Technical Support can be reached 24x7 at 1-800-865-9408.
Ok, thanks. I have done that.
Not sure what happends but I posted 2 questions and the second one seems to have been merged as a reply to the first one.
Any thoughts on post 2?
Both the ADFS and DirSync issues would be best handled via the phone on separate service requests. They will most likely need to be escalated to a specialized team that handles those.
We are having the same exact issue that you had encounterd in your post above (GetAuthState() failed...). How did they fixed the problem?
In our case the password on the master admin account we used to log into O365 (email@example.com) had expired. To get it working again I had to change the password and rerun the DirSync configuration wizard, using the new password. This got it all back up and working. The sad thing is that it took a week for MS to suggest that this could be the cause, unfortunately I hadn't realised these accounts had 90 day passwords as I never use it to log in, preferring my domain account.
That did the trick for us as well. Thanks for the heads up on the password expiring. It was 90 days to the date that we had established the account. We had no idea that those accounts had that exporation time limit as well. It would have been nice to know that.