If your environment includes an unauthenticated proxy server, your identity sync client may not authenticate to Microsoft Azure Active Directory.
For example, you experience this issue when you use an identity sync client such as Azure AD Connect, Azure Active Directory Sync Services (Azure AD Sync), or the Azure Active Directory Sync Tool.
If you're using Azure AD Connect or Azure AD Sync
The wizard displays the following configuration error message:
Ready to configure.
We have gathered enough information to configure Azure AD Sync and will now create a default configuration.
Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 01601250-7951-469c-8973-34e2a8e1ca10 See the event log for more details.
When this problem occurs, an "Error 906" entry that resembles the following is logged in the Azure AD Connect or Azure AD Sync log. This entry indicates that the identity sync appliance tries to make a direct connection to the Internet.
AzureActiveDirectoryDirectorySyncTool Error: 906 : System.Management.Automation.CmdletInvocationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 90edf657-f63e-46cc-94ec-df88817f4c73 See the event log for more details.. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 90edf657-f63e-46cc-94ec-df88817f4c73 See the event log for more details..
If you're using the Azure Active Directory Sync Tool
The following Directory Synchronization event ID 0 is logged in the Application log of the identify sync client computer:
Log name: Application Source: Directory Synchronization Event ID: 0 Task Category: None Level: Error Description: Unable to establish a connection to the authentication service. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support. (0x80048862)
Additionally, a Network Monitor (Netmon.exe) trace indicates that the Microsoft Online Services Sign-in Assistant uses the proxy and accesses login.microsoftonline.com.
This problem occurs because the Microsoft .NET Framework on which your identity sync appliance is based doesn't recognize your proxy settings.
Note In this text, the placeholder <PROXYIP> represents the actual proxy IP address. For more information about the proxy settings in this context, see Element (Network Settings).
For more information, see the following articles in the Microsoft Knowledge Base:
318140 Error on .NET client that consumes a web service through an HTTP proxy server
307220 How to configure an XML web service client by using the .NET Framework to work with a proxy server
330221 Common proxy server and firewall issues with MapPoint web services
953890 Error message when you try to configure the Microsoft Dynamics CRM 4.0 Online client for Outlook or the Data Migration client for Microsoft Dynamics CRM Online: "Mandatory updates for Microsoft Dynamics CRM could not be applied successfully"