Azure AD Connection Health: Internal Server error 500

July 8, 2015 at 12:49 pm in Uncategorized by nsienaert

 

Hi All,

Very recenlty the Product Team announced that the new Azure AD Connection Health is GA.

In a mobility world AD FS plays a very important role regarding Identity and Single SignOn. Thanks to this new Azure AD Premium service you can keep control of your cloud and on-premise identity infrastructure.

The issue:

When installing the agent I saw the following error:

Untitled6 

After investigating the install logs I found this self-explaining error: :-)

Looking into the install log file it’s an error 500, meaning that the server could be reached but is sending back an internal error :

System.Net.WebException: The remote server returned an error: (500) Internal Server Error.

   at System.Net.HttpWebRequest.GetResponse()

   at Microsoft.Identity.Health.Common.RestRequest.SendJsonData(HttpMethod httpMethod, String uri, String accessToken, Object content, X509Certificate2 clientCertificate)

   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.RegisterADHealthAgent.RegisterServiceIfNotExist(String serviceTypeName, String serviceSignature)

   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.RegisterADHealthAgent.ProcessRecord()

The solution:

After some trial and error the problem was the following.

As the agent is leveraging the Azure service you need to sign in into Azure service.

I used a Global Admin tenant account with @outlook.com. Despite of the fact the login was succesful I received the above error.

When logging in with a Global Admin account with domain suffix the installation finished successfully.

Untitled3

Untitled4

Untitled5

After some contact with the Product Team it appears indeed that @outlook.com, @hotmail.com,… are not supported. You need to authenticate with a domain account.

They promised to workout a more clear error description in the future.

In meantime you know what to do! :-)

Till next time,

Nico Sienaert (@nsienaert)