Troubleshooting Azure Active Directory Synchronization
- Kiss, Mate
In this article, the most common problems are listed for troubleshooting purposes.
| Error symptoms | Solution |
|---|---|
The synchronization doesn't run and the following error message can be found in the web application log:
| Although the Active Directory Synchronization profile is set in the web application and the connector application is registered in the Azure Active Directory, administrator consent must be added to the connector application from the web application. Visit the Active Directory Synchronization profile configuration page and proceed with the step 8 and step 9 of the article Configuring Active Directory Synchronization - Basic (Azure). |
The synchronization doesn't run or the Group searching or the Test Connection doesn't work. The following error message can be found in the web application log:
| The Azure Active Directory connector application's permissions are misconfigured. Grant the required permissions to the configured application with step 17 of the article Registering a Connector App for Azure AD. Then go back to the Active Directory Synchronization profile configuration page in the Verby web application and give admin consent to the new permissions too. To achieve that in the Azure AD login section click on the "Login again" button and log in with your Azure Active Directory administrator account to accept the new permissions. |
Error during adding admin consent. After clicking on the "Login" button on the Active Directory Synchronization profile configuration page the browser was redirected to a Microsoft Sign In page. After logging in with an Active Directory user and accepting the application's permission requests, the following error message was shown:
| There is a misconfiguration in the connector Azure Active Directory application. Go back to the Active Directory Synchronization profile configuration page in the web application. Check the used URL in the browser. Based on the current architecture it can be "localhost", a valid CNAME or IP address. Save this value for later. Visit the connector application configuration page in the Azure Active Directory which was created based on this article: Registering a Connector App for Azure AD. Go to the Authentication menu and check the Redirect URIs under the Web platform. In this list your Verba web application URL, you check previously, must be listed. For one application multiple Redirect URI can be stored. If it doesn't exist, add it to the list with step 5 of the article Registering a Connector App for Azure AD. Otherwise, check the URLs which has been added already and use the Verba web application with one of these URLs. Go back to the Active Directory Synchronization profile configuration page in the Verby web application. Double-check the URL in the browser. Try the log-in process again. |
Error during adding admin consent. After clicking on the "Login" button on the Active Directory Synchronization profile configuration page the browser was redirected to a Microsoft Sign In page. This page shows the following error message:
| The configured Tenant ID is not valid. Visit the Active Directory Synchronization profile configuration page and proceed with step 5 of the article Configuring Active Directory Synchronization - Basic (Azure). Try the log-in process again. |
Error during adding admin consent. After clicking on the "Login" button on the Active Directory Synchronization profile configuration page the browser was redirected to a Microsoft Sign In page. This page shows the following error message:
| The configured Application ID is not valid. Visit the Active Directory Synchronization profile configuration page and proceed with step 5 of the article Configuring Active Directory Synchronization - Basic (Azure). Try the log-in process again. |