Skip to main content

Azure Pass-Through Authentication Failing

By November 7, 2017September 16th, 2020Azure, Blog, Microsoft
Azure Pass-Through Authentication diagram

Azure Pass-Through Authentication Issue:

We recently ran into an issue where we were facing authentication issues with Azure Pass-through Authentication. After ensuring that Pass-Through Authentication was still enabled in the Azure Portal and the hosting server was in an Active state, I went to the logs. In the logs I found the following error.

Error:

“AADSTS80001: No Microsoft Azure AD Connect Authentication Agent was found. Make sure that your environment is configured correctly. If your directory is set for pass-through authentication, make sure that your Microsoft Azure AD Connect Authentication Agent is online.”

Resolution:

The error message was helpful and led me to our Azure Active Directory services. I noticed that the Microsoft AAD Application Proxy Connector was stopped. So even though Azure shows the service and server as healthy, it was stopped. A quick start to this service got us back up and running again.

NOTE: I think it’s also worth mentioning that for this error Microsoft states the following, “Ensure that agent servers are members of the same AD forest as the users whose passwords need to be validated and they are able to connect to Active Directory.”

Pass-Through Authentication Failure messageAdditional Error Information:

User-facing sign-in error messages

AADSTS80001

Unable to connect to Active Directory

Ensure that agent servers are members of the same AD forest as the users whose passwords need to be validated and they are able to connect to Active Directory.

AADSTS8002

A timeout occurred connecting to Active Directory

Check to ensure that Active Directory is available and is responding to requests from the agents.

AADSTS80004

The username passed to the agent was not valid

Ensure the user is attempting to sign in with the right username.

AADSTS80005 Validation encountered unpredictable WebException

A transient error. Retry the request. If it continues to fail, contact Microsoft support.

AADSTS80007 An error occurred communicating with Active Directory

Check the agent logs for more information and verify that Active Directory is operating as expected.

 

Sign-in Error Codes

50144 User’s Active Directory password has expired. Reset the user’s password in your on-premises Active Directory.

80001

No Authentication Agent available.

Install and register an Authentication Agent.

80002

Authentication Agent’s password validation request timed out.

Check if your Active Directory is reachable from the Authentication Agent.

80003

Invalid response received by Authentication Agent.

If the problem is consistently reproducible across multiple users, check your Active Directory configuration.

80004

Incorrect User Principal Name (UPN) used in sign-in request.

Ask the user to sign in with the correct username.

80005

Authentication Agent: Error occurred.

Transient error. Try again later.

80007

Authentication Agent unable to connect to Active Directory.

Check if your Active Directory is reachable from the Authentication Agent.

80010

Authentication Agent unable to decrypt password.

If the problem is consistently reproducible, install and register a new Authentication Agent. And uninstall the current one.

80011 Authentication Agent unable to retrieve decryption key.

If the problem is consistently reproducible, install and register a new Authentication Agent. And uninstall the current one.

Leave a Reply