Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AD Connect hangs synchronizing local AD to Azure AD

Silver Contributor

We are using latest Azure AD Connect tool (1.1.371.0) on WS2012R2 server (2CPU, 2GB RAM, Hyper-V virtual machine). In a few months synchronization has hanged 3-4 times. I usually reboot whole server to fix this. Today i have found such error (at the same time AD Connect Sync Status tool was showing in-progress state):

The management agent controller encountered an unexpected error. "ERR_: MMS(2084): ..\memutils.cpp(7965): Unusual error code reported 0x80004005
Azure AD Sync 1.1.371.0" The management agent "ourdomain.onmicrosoft.com - AAD" failed on run profile "Delta Synchronization" because the server encountered errors.

7 Replies

I'd say reinstall or even do a clean install on another box. Checking the logs might give you more clue, but it's more trouble to investigate IMO...

We had some cases where our Sync process hung and a server reboot was required.

We finally traced it back to a SQL maintenance job that we had running on the SQL database - you may want to check that if you are using a full SQL implementation.

We are using the built-in (Express?) database provided by AD Connect itself. We probably can't tune that (or shouldn't even). On another thread it was suggested to give it more RAM. It was 2 GB originally. I have increased it to 4 GB and it is running fine for 1-2 weeks so far. But i'm still hesitant to call it 'solved'. Need to monitor longer.

Yah - I would not make any changes to the Express DB.
Hope the RAM is the solution.

Make sure everything is up2date, both Local & HV-VM, also if this is the PDC, make sure you have backup and if the the HV-VM is RODC check for sync runtime progress via powershell.

https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/powershell/introductio...

We are only installing Security and Critical updates on the servers. In that regard all machines (HV host, VM with Ad Connect (separate VM, not on PDC), VM with PDC, VM with 2 DC) are up2date. There is no RODC.

We are only installing Security and Critical updates on the servers. In that regard all machines (HV host, VM with Ad Connect (separate VM, not on PDC), VM with PDC, VM with 2 DC) are up2date. There is no RODC.

"Still double check if replication of CN, DN, etc. is all replicated to other DC."