Friday, May 27, 2016

AAD Connect service failed to start with "Error 1069: The service did not start due to logon failure"

Scenario:
AAD Connect has been installed on a Domain Controller. After some time "Microsoft Azure AD Sync" service has stopped.


and failed to start with following error “Error 1069: The service did not start due to logon failure“.


AAD Connect was removed manually and reinstalled. This time, after restarting the server, AAD Connect functioned normally. However, after some time had passed, the same errors occurred again.

Resolution:
You may have "Group Policy Object" that has predefined set of accounts in "Log on as a service" group policy and applies to Domain Controller. 
In my case it was "Default Domain Controllers Policy" however you may have the same issue for "Default Domain Policy" or other group policy that applies to regular member server.
  • Find “Log on as a service” group policy setting is found under Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
  • Add "AAD_..." account or service account that you may defined during AAD Connect deployment to the list of allowed account to "Log on as a service" list.
  • Run "gpupdate /force" from the Command Prompt
  • Restart "Microsoft Azure AD Sync" service

Thursday, May 5, 2016

DNS Propagation Checker

Scenario:
You've changed public DNS settings recently and are waiting for DNS propagation across country/world. How to check DNS propagation progress? I've found following service useful for checking DNS propagation after any public DNS changes or changes for Office 365 like:
  • MX/CNAME Autodiscover records for Exchange Online
  • SRV/CNAME Autodiscover DNS records for Skype for Business Online
Solution:
DNS Propagation Checker: https://www.whatsmydns.net
whatsmydns.net lets you instantly perform a DNS lookup to check a domain names current IP address and DNS record information against multiple name servers located in different parts of the world.
This allows you to check the current state of DNS propagation after having made changes to your domains records.