Recently, I had a weird situation where I was not able to use my On-premise AD account to login to Azure Portal.
Azure AD connect Sync was not showing any errors and i was able to see my On-premise account in Azure portal also but for some reason when i was trying to login to portal.azure.com, I was getting incorrect password error.
I checked logging in with another Onprem account & it was still showing me the same error. Definitely issues seems for multiple accounts.
Below steps followed for fix -
1. Since the error was related to Incorrect password, so no way it could be due to things like Conditional access because CA are checked once the user is authenticated (i.e Authorization after authentication ).
2. I opened Powershell Launcher from Azure AD Connect.
Open Azure AD Connect --> Configure --> Select Troubleshoot --> Next --> Launch
3. Onprem accounts are already syncing to Entra ID, i have chosen Option 2 which will do checks against Passwords syncing to Entra ID from On-premise.
4. In this case, I suspect issues for multiple On-premise account & hence I have chosen option 1 which is "Password Hash Synchronization doesn't work at all".
If there is a specific account for which issue is reported, then we can go for Option 2 / Option3.
If there is a specific account for which issue is reported, then we can go for Option 2 / Option3.
5. Post selecting option1, it will do certain tests such as Checking if Password sync is Enabled in your tenant or On premises, Password Sync is running for the connector etc.
In below output, it's clear that Password Sync is enabled but it's not running for Local / Onprem AD Connector & this is what causing the incorrect password issue. Password typed while login was correct but since it's not getting sync to Entra ID, it is not able to authenticate the Onprem ID.
I pressed "Y" & it restarted the Password Hash Sync for the AD Connector. Post this, issue got resolved.
No comments:
Post a Comment