SOLVED

unable to run Update-AzureADSSOForest

Brass Contributor

Dear All, 

 

We encounter an issue with update-azureadssoforest it prompt below errro, need help 

 

Update-AzureADSSOForest : one or more error occurred。
所在位置 行:1 字符: 1
+ Update-AzureADSSOForest
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Update-AzureADSSOForest], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.KerberosAuth.Powershell.PowershellCommands.UpdateAzureADSSOForestCommand

2 Replies
best response confirmed by Don_Vlogeer (Brass Contributor)
Solution

@Don_Vlogeer 

 

Hi, Don.

 

I'd recommend reading the following two articles as there's not enough information in the error you've provided to guide us:

 

 

I've bookmarked the second article on the process for rotating the Kerberos decryption key as that's related to the first article, but you should probably read the whole article.

 

Also pay particular attention to the information call-outs (both articles have these call-outs) that discuss things to look out for in relation to the Active Directory domain administration account (included in the picture below for ease of reference) used with the call to Update-AzureADSSOForest, as not adhering to these will also result in a Kerberos error:

 

LainRobertson_0-1681277449035.png

 

Cheers,

Lain

Runnin through a netmon log and figured out there as an connectivity issue with one of the url. after enabling the port 443, things started to roll
1 best response

Accepted Solutions
best response confirmed by Don_Vlogeer (Brass Contributor)
Solution

@Don_Vlogeer 

 

Hi, Don.

 

I'd recommend reading the following two articles as there's not enough information in the error you've provided to guide us:

 

 

I've bookmarked the second article on the process for rotating the Kerberos decryption key as that's related to the first article, but you should probably read the whole article.

 

Also pay particular attention to the information call-outs (both articles have these call-outs) that discuss things to look out for in relation to the Active Directory domain administration account (included in the picture below for ease of reference) used with the call to Update-AzureADSSOForest, as not adhering to these will also result in a Kerberos error:

 

LainRobertson_0-1681277449035.png

 

Cheers,

Lain

View solution in original post