locked
[Solved] WS2016 Technical review 4 (10586) wont allow Azure AD Connect to with working Azure MSA account RRS feed

  • Question

  • I am trying to install the connector for Azure my details are an MSA account has an AD account a Azure Storage account which all works with AzCopy and other software, so I think its ws2016 TP4 at fault. Will I have to wait till version 5 to see this fixed, works in WS2012 so why not tp4. !!!
    • Edited by jims.halo10 Thursday, December 3, 2015 4:43 PM
    Wednesday, December 2, 2015 9:22 AM

Answers

  • The answer is you can use an MSA account to open a new Azure Management Subscription *free 30 days*.

    You CANNOT however create a Azure AD Directory.

    Suppose we have the (not real! spoof) MSA Email address jims.Cloud10@hotmail.co.uk

    This will become the Azure subcription AD Default Directory

    "Your directory comes with a default domain,

    jimscloud10hotmailco.onmicrosoft.com."

    Now the reason that the Azure connection breaks is because the first box with the Azure login details  becomes the concatenated strings to form:-

    jims.Cloud10@hotmail.co.uk@jimscloud10hotmailco.onmicrosoft.com

    Spot the TWO @ signs in the Azure login details

    The Fix

    First click on the Azure AD default directory  then Directory Integration

    Click Activated and Save, wait for completion

    Click on Users ->"Add" to AD default directory

    1

    Tell us about user   name "JoeAzCloud"

    2

    First name second name display name.

    Select Global Admin. Put in a real Alternative email address

    3

    The new user 'JoeAzCloud@jimscloud10hotmailco.onmicrosoft.com' will be assigned a temporary password that must be changed on first sign in. To display the temporary password and to create the account, click Create.

    Click Create

    On the left panel Scroll to bottom Settings

    in Settings Click Administrator. Click Add+ at bottom

    Co-administrators can fully manage the services within a subscription. Enter a valid email address, and then select at least one subscription.

    The email is that of the Global Admin just created "'JoeAzCloud@jimscloud10hotmailco.onmicrosoft.com"

    Select tick the Subscription "Free Trial". The tick the box.

    Sign out of Azure Management Portal and login using "'JoeAzCloud@jimscloud10hotmailco.onmicrosoft.com"

    enter the temporary password. Enter the new password and confirm and login check all ok.

    Now got to the Windows 2016 Administrator desktop shortcut to Azure Connector

    If you want password write back from Azure AD Portal use Custom Settings.

    If you just want standard use express settings

    in the Azure Login details are now the new Global Admin "'JoeAzCloud@jimscloud10hotmailco.onmicrosoft.com"

    and obviously Windows Server are domainNamed\Administrator

    Click instal and in Express just sit back and watch for around 20 minutes.

    Finally login to the Azure Management Portal and login using "'JoeAzCloud@jimscloud10hotmailco.onmicrosoft.com" and new password

    select all items AD Default Directory and check users. There should be all the users on Windows Server 2016 appear in you Azure AD user list. AD Connect Health is installed automatically along with many other application lists

    That is it fixed!

    Why the software spits out and error code to "jims.Cloud10@hotmail.co.uk@jimscloud10hotmailco.onmicrosoft.com"

    Your credentials could not be authenticated. Try again or contact Technical Support.

     GetAuthState() failed with -2147186688 state.

     HResult:0. Contact Technical Support. (0x80048820)

    instead of a valid message we will never know

    Thats one off my list Windows Server 2016 TP4 problems



    • Marked as answer by jims.halo10 Wednesday, December 2, 2015 8:14 PM
    Wednesday, December 2, 2015 8:13 PM