Windows Intune & Dirsync : Error message “stopped-server-down” (FIM Synchronization Service Manager)

11:24 am in ADFS, dirsync, FIM, intune by Kenny Buntinx [MVP]

 

In Windows Intune , you need dirsync to synchronize your users between on-premise AD and Azure AD. Already a few days we received a mail that states ": There was no AD synchronization with Azure AD” … Weird .

Running Dirsync for Windows Intune (same as Office 365) , which is actually a special version of FIM 2010 (Forefront Identity Manager).When installing Dirsync , by default it is set to synchronize your on premise Active Directory with Azure Active Directory for every 3 hours.

At first sight , Dirsync looks like a big black box .Event viewer is around , but doesn’t tell you much :

image

You won’t find any shortcut to the Synchronization Service Manager but you will find it here  "C:Program FilesMicrosoft Online Directory SyncSYNCBUSSynchronization ServiceUIShellmiisclient.exe".

If you launch the Synchronization Service Manager , you will find the same information :

image

This error message doesn’t really tell you much, but if you look closely , “TargetWebService” is the connection to Azure AD and as you can see the status of “stopped-server-down”.

Digging deeper in to the event viewer , we found : “An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult: (0×80048831)”.Looking this up on the internet , this error message actually means is that the service account that you use to connect to Windows Intune has an expired password.

To fix this, open the “Windows Azure Active Directory Module for Windows PowerShell” and set a new password for the service account and to avoid it in the future add the parameter “–passwordneverexpires”

Set-MsolUserPassword –userPrincipalName dummy@intune.com -NewPassword "pa$$word"

Set-MsolUser –UserPricipalName dummy@intune.com –passwordneverexpires $true

Now go in to the Management Agents tab in Synchronization Service Manager, right-click on TargetWebService and click on Properties.Change your new password here

image

 

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management