Forum Discussion
unable to run Update-AzureADSSOForest
Dear All,
We encounter an issue with update-azureadssoforest it prompt below errro, need help
Update-AzureADSSOForest : one or more error occurred。
所在位置 行:1 字符: 1
+ Update-AzureADSSOForest
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Update-AzureADSSOForest], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.KerberosAuth.Powershell.PowershellCommands.UpdateAzureADSSOForestCommand
Hi, Don.
I'd recommend reading the following two articles as there's not enough information in the error you've provided to guide us:
- Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On - Microsoft Entra | Microsoft Learn
- Azure AD Connect - Microsoft Entra | Microsoft Learn
I've bookmarked the second article on the process for rotating the Kerberos decryption key as that's related to the first article, but you should probably read the whole article.
Also pay particular attention to the information call-outs (both articles have these call-outs) that discuss things to look out for in relation to the Active Directory domain administration account (included in the picture below for ease of reference) used with the call to Update-AzureADSSOForest, as not adhering to these will also result in a Kerberos error:
Cheers,
Lain
- Don_VlogeerBrass ContributorRunnin through a netmon log and figured out there as an connectivity issue with one of the url. after enabling the port 443, things started to roll
- LainRobertsonSilver Contributor
Hi, Don.
I'd recommend reading the following two articles as there's not enough information in the error you've provided to guide us:
- Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On - Microsoft Entra | Microsoft Learn
- Azure AD Connect - Microsoft Entra | Microsoft Learn
I've bookmarked the second article on the process for rotating the Kerberos decryption key as that's related to the first article, but you should probably read the whole article.
Also pay particular attention to the information call-outs (both articles have these call-outs) that discuss things to look out for in relation to the Active Directory domain administration account (included in the picture below for ease of reference) used with the call to Update-AzureADSSOForest, as not adhering to these will also result in a Kerberos error:
Cheers,
Lain