Article ID: 2867278 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

You notice that password hash synchronization for Microsoft Azure Active Directory stops working after several days. Additionally, in Event Viewer, you see that the following event ID 611 error is logged in the Application log:
Password synchronization failed for domain: Contoso.COM.

SOLUTION

Install the latest version of the Azure Active Directory Synchronization tool. To do this, go to the following Microsoft website:
Install or upgrade the Directory Sync tool

MORE INFORMATION

You may see one or more of the following error details for Event ID 611.

Collapse this tableExpand this table
Event IDDescriptionCauseMore information
611
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: contoso.com. Error: An exception occurred while attempting to locate a domain controller for domain contoso.com. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsCommunicationException: An exception occurred while attempting to locate a domain controller for domain contoso.com. ---> System.Security.Authentication.AuthenticationException: The user name or password is incorrect.
Password hash synchronization doesn’t work for users in a federated domain.Password hash synchronization continues for users in a domain that’s not federated.
611
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Recovery task failed. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8439 : The distinguished name specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.
Windows Server 2003 domain controllers handle certain scenarios unexpectedly. Update to the latest version of the Directory Sync tool to resolve this issue.
611
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8593 : The directory service cannot perform the requested operation because the servers involved are of different replication epochs (which is usually related to a domain rename that is in progress).
This is a known issue that was fixed in Azure Active Directory Sync tool build 1.0.6455.0807.Update to the latest version of the Directory Sync tool to resolve this issue.
611
System.ArgumentOutOfRangeException: Not a valid Win32 FileTime.
This is a known issue that was fixed in Azure Active Directory Sync tool build 1.0.6455.0807.Update to the latest version of the Directory Sync tool to resolve this issue.
611
System.ArgumentException: An item with the same key has already been added.
This is a known issue that was fixed in Azure Active Directory Sync tool build 1.0.6455.0807.Update to the latest version of the Directory Sync tool to resolve this issue.

Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Properties

Article ID: 2867278 - Last Review: July 9, 2014 - Revision: 8.0
Applies to
  • Microsoft Azure
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365a o365e o365m o365022013 hybrid KB2867278

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com