Forum Discussion
Entra ID Connect cloud sync: User and group sync is quarantined
Hi,
I connected our on-premise AD with Entra ID with Azure AD Connect Cloud Sync. Agents are active, but User and group sync is quarantined with the following error.
Error code: HybridSynchronizationContainerStateEnumerationFailed
- filip_promonotesCopper ContributorHi, I'm faced with the same issue... Have You had any luck in resolving it?
- pischtaCopper Contributor
- LainRobertsonSilver Contributor
Error 53 "UnwillingToPerform" is being thrown by your domain controllers when the agent is attempting to perform a search. Or put another way, your domain controllers are rejecting the request from the agent.
There's multiple causes for this kind of error, but I'm only familiar with those common on Windows, not Samba hosts.
On Windows, the most common scenario I've seen is where the client/agent is trying to set a secure property like a password over an unsecured (non-TLS) connection, but that isn't the scenario in your error (or at least the wording of the error suggests is isn't at any rate).
You might want to check the following article that explains how to export the Cloud Sync log files as they may contain more specific information on what it was trying to do at the time it received the error 53.
Failing that, I can only think to check that the Samba domain controllers have a valid certificate and are configured to support LDAPS.
You might want to read that article in full for other troubleshooting pointers.
There are other non-TLS reasons you can get an error 53 and I do have a hunch that this may not be TLS-related but perhaps unsupported query structure-related, or perhaps even that the agent is failing to authenticate first and is trying to run an anonymous search (I also have reservations about this, but it's possible), but as I say, I'm starting with the most common type I see from the Windows context.
Cheers,
Lain