Error installing Azure Active Directory Connect - AuthorizationManager check failed.

Copper Contributor

Good day to all,

I am having issues when I attempt to install Azure Active Directory Connect. Below is the log file section related to the failure. I saw another post that referenced installing the certificate that signs, AdSyncConfig.psm1. That didn't change the outcome.

[16:48:13.149] [ 4] [ERROR] AzureTenantPage: Caught exception when connecting to Azure via AAD PowerShell.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Errors occurred while loading the format data file:
Microsoft.PowerShell, , C:\Program Files\Microsoft Azure Active Directory Connect\AADPowerShell\MSOnline.Format.ps1xml: The file was skipped because of the following validation exception: AuthorizationManager check failed..
---> System.Management.Automation.RuntimeException: Errors occurred while loading the format data file:
Microsoft.PowerShell, , C:\Program Files\Microsoft Azure Active Directory Connect\AADPowerShell\MSOnline.Format.ps1xml: The file was skipped because of the following validation exception: AuthorizationManager check failed..

at System.Management.Automation.Runspaces.FormatAndTypeDataHelper.ThrowExceptionOnError(String errorId, Collection`1 independentErrors, Collection`1 PSSnapinFilesCollection, RunspaceConfigurationCategory category)
at System.Management.Automation.Runspaces.RunspaceConfigurationEntryCollection`1.Update(Boolean force)
at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadModuleManifest(String moduleManifestPath, ExternalScriptInfo manifestScriptInfo, Hashtable data, Hashtable localizedData, ManifestProcessingFlags manifestProcessingFlags, Version minimumVersion, Version maximumVersion, Version requiredVersion, Nullable`1 requiredModuleGuid, ImportModuleOptions& options, Boolean& containedErrors)
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeCommand(IPowerShell powerShell, Command command)
at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.ImportModule(IPowerShell powerShell, String moduleName)
at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.ConnectMsolService(IPowerShell powerShell, Command connectCommand, String azureInstanceId)
at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.ConnectMsolService(IPowerShell powerShell, String accessToken, String azureInstanceId)
at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ConnectToMSOnline(IPowerShell powerShell, IAzureAuthenticationProvider azureAuth, String& helpLinkTag)

Any help will be much appreciated.


Thanks,

Tim

2 Replies

Hello @c5411,

 

Please, try to manually install the Microsoft certificate:

 

  1. Go to C:\Program Files\Microsoft Azure Active Directory Connect\AADPowerShell\MSonline.Format.ps1xml
  2. Right-click the file, and open the properties
  3. Go to 'Digital Signatures' tab and open the details for the certificate
  4. Click View certificate
  5. Click Install certificate for the local machine
  6. Manually choose to store certificates at 'Trusted publishers'
  7. Click Ok to close the certificate wizard.
  8. Go Back to the Azure AD Connect Wizard > Click Previous > and Click Next again.

 

IT - Hint: Error when configuring Azure AD Connect at MSOnline.Format.ps1xml file

Thank you for the reply. While manually installing the certificate did not address the problem, it led me down the path of the solution.

I reviewed all of the objects in the GPOs and determined that the PowerShell signing requirement was what was stopping the process from completing. Using the logic of installing the certificate, I used GP to add the both of the certificates that are used to sign the PowerShell scripts and xml files in Azure Active Directory Connect to the computers Trusted Publishers node. Now everything is working correctly.

Thank you for the assistance.