SOLVED
Home

Azure Active Directory Connect - error with AuthorizationManager check failed

%3CLINGO-SUB%20id%3D%22lingo-sub-163783%22%20slang%3D%22en-US%22%3EAzure%20Active%20Directory%20Connect%20-%20error%20with%20AuthorizationManager%20check%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-163783%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20configuring%20AAD%20Connect%20I%20get%20to%20the%20'connect%20directories'%20stage%2C%20and%20it%20auto%20discovers%20my%20local%20AD%2Fforest%20name%2C%20but%20when%20I%20click%20Add%20Directory%2C%20I%20enter%20the%20domain%20administrators%20credentials%20and%20get%20the%20message%20back%20saying%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%22An%20error%20occured%20while%20auto%20creating%20an%20account%20in%20the%20forest%20%3CFORESTNAME%3E.%20AuthorizationManager%20check%20failed.%22%3C%2FFORESTNAME%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20is%20the%20error%20trace%3A%3C%2FP%3E%0A%3CPRE%3E%5BERROR%5D%20Caught%20exception%20while%20creating%20synchronization%20account.%0AException%20Data%20(Raw)%3A%20System.Management.Automation.CmdletInvocationException%3A%20AuthorizationManager%20check%20failed.%20---%26gt%3B%20System.Management.Automation.PSSecurityException%3A%20AuthorizationManager%20check%20failed.%20---%26gt%3B%20System.Management.Automation.Host.HostException%3A%20A%20command%20that%20prompts%20the%20user%20failed%20because%20the%20host%20program%20or%20the%20command%20type%20does%20not%20support%20user%20interaction.%20The%20host%20was%20attempting%20to%20request%20confirmation%20with%20the%20following%20message%3A%20File%20C%3A%5CProgram%20Files%5CMicrosoft%20Azure%20Active%20Directory%20Connect%5CAdSyncConfig%5CAdSyncConfig.psm1%20is%20published%20by%20CN%3DMicrosoft%20Corporation%2C%20O%3DMicrosoft%20Corporation%2C%20L%3DRedmond%2C%20S%3DWashington%2C%20C%3DUS%20and%20is%20not%20trusted%20on%20your%20system.%20Only%20run%20scripts%20from%20trusted%20publishers.%0A%20%20%20at%20System.Management.Automation.Internal.Host.InternalHostUserInterface.ThrowPromptNotInteractive(String%20promptMessage)%0A%20%20%20at%20System.Management.Automation.Internal.Host.InternalHostUserInterface.PromptForChoice(String%20caption%2C%20String%20message%2C%20Collection%601%20choices%2C%20Int32%20defaultChoice)%0A%20%20%20at%20Microsoft.PowerShell.PSAuthorizationManager.AuthenticodePrompt(String%20path%2C%20Signature%20signature%2C%20PSHost%20host)%0A%20%20%20at%20Microsoft.PowerShell.PSAuthorizationManager.SetPolicyFromAuthenticodePrompt(String%20path%2C%20PSHost%20host%2C%20Exception%26amp%3B%20reason%2C%20Signature%20signature)%0A%20%20%20at%20Microsoft.PowerShell.PSAuthorizationManager.CheckPolicy(ExternalScriptInfo%20script%2C%20PSHost%20host%2C%20Exception%26amp%3B%20reason)%0A%20%20%20at%20Microsoft.PowerShell.PSAuthorizationManager.ShouldRun(CommandInfo%20commandInfo%2C%20CommandOrigin%20origin%2C%20PSHost%20host%2C%20Exception%26amp%3B%20reason)%0A%20%20%20at%20System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo%20commandInfo%2C%20CommandOrigin%20origin%2C%20PSHost%20host)%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20not%20sure%20where%20else%20to%20look%2C%20as%20I'm%20using%20the%20current%20logged%20in%20user%20domain%20admin%20account%20on%20the%20same%20VM%20which%20has%20AD%2FDNS%20installed%20etc%2C%20so%20permissions%20shouldn't%20be%20an%20issue%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-163783%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-164884%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Active%20Directory%20Connect%20-%20error%20with%20AuthorizationManager%20check%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-164884%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20solved%20this%20by%20manually%20installing%20the%20Microsoft%20certificate%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ELocate%26nbsp%3BC%3A%5CProgram%20Files%5CMicrosoft%20Azure%20Active%20Directory%20Connect%5CAdSyncConfig%5CAdSyncConfig.psm1%3C%2FLI%3E%0A%3CLI%3ERight%20click%20the%20file%2C%20and%20open%20properties%3C%2FLI%3E%0A%3CLI%3EGo%20to%20'Digital%20Signatures'%20tab%20and%20open%20the%20details%20for%20the%20certificate%3C%2FLI%3E%0A%3CLI%3EClick%20View%20certificate%3C%2FLI%3E%0A%3CLI%3EClick%20Install%20certificate%3C%2FLI%3E%0A%3CLI%3EI%20ran%20this%20twice%2C%20for%20both%20current%20user%20and%20local%20machine%3C%2FLI%3E%0A%3CLI%3EManually%20choose%20the%20following%20store%20to%20place%20certificates%3A%20'Trusted%20publishers'%3C%2FLI%3E%0A%3CLI%3ERe-run%20AAD%20Connect%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20this%20helps%20someone%20else%3C%2FP%3E%3C%2FLINGO-BODY%3E
Kevyn Williams
Occasional Contributor

When configuring AAD Connect I get to the 'connect directories' stage, and it auto discovers my local AD/forest name, but when I click Add Directory, I enter the domain administrators credentials and get the message back saying:

 

"An error occured while auto creating an account in the forest <forestname>. AuthorizationManager check failed."

 

Here is the error trace:

[ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: AuthorizationManager check failed. ---> System.Management.Automation.PSSecurityException: AuthorizationManager check failed. ---> System.Management.Automation.Host.HostException: A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: File C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1 is published by CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US and is not trusted on your system. Only run scripts from trusted publishers.
   at System.Management.Automation.Internal.Host.InternalHostUserInterface.ThrowPromptNotInteractive(String promptMessage)
   at System.Management.Automation.Internal.Host.InternalHostUserInterface.PromptForChoice(String caption, String message, Collection`1 choices, Int32 defaultChoice)
   at Microsoft.PowerShell.PSAuthorizationManager.AuthenticodePrompt(String path, Signature signature, PSHost host)
   at Microsoft.PowerShell.PSAuthorizationManager.SetPolicyFromAuthenticodePrompt(String path, PSHost host, Exception& reason, Signature signature)
   at Microsoft.PowerShell.PSAuthorizationManager.CheckPolicy(ExternalScriptInfo script, PSHost host, Exception& reason)
   at Microsoft.PowerShell.PSAuthorizationManager.ShouldRun(CommandInfo commandInfo, CommandOrigin origin, PSHost host, Exception& reason)
   at System.Management.Automation.AuthorizationManager.ShouldRunInternal(CommandInfo commandInfo, CommandOrigin origin, PSHost host)

 

I'm not sure where else to look, as I'm using the current logged in user domain admin account on the same VM which has AD/DNS installed etc, so permissions shouldn't be an issue

1 Reply
Solution

I've solved this by manually installing the Microsoft certificate:

 

  1. Locate C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1
  2. Right click the file, and open properties
  3. Go to 'Digital Signatures' tab and open the details for the certificate
  4. Click View certificate
  5. Click Install certificate
  6. I ran this twice, for both current user and local machine
  7. Manually choose the following store to place certificates: 'Trusted publishers'
  8. Re-run AAD Connect

 

I hope this helps someone else

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies