Talha Qamar

An error occurred executing Configure AAD Sync task: An error occurred while sending the request.

While installing the Entra Connect console for a client, i came across an issue where the installation fails with an error message “An error occurred executing Configure AAD Sync task: An error occurred while sending the request.“.

In order to force the Microsoft Entra Connect server to only use TLS 1.2, the registry of the Windows server must be updated. To verify please ensure the below registry settings are in place to enable the TLS 1.2:

Enable TLS 1.2

  • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
    • “SystemDefaultTlsVersions”=dword:00000001
    • “SchUseStrongCrypto”=dword:0000001
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    • “SystemDefaultTlsVersions”=dword:00000001
    • “SchUseStrongCrypto”=dword:00000001
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    • “Enabled”=dword:00000001
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    • “DisabledByDefault”=dword:00000000
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    • “Enabled”=dword:00000001
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    • “DisabledByDefault”=dword:00000000

You could also use the script provided at Microsoft.com to check the presence of the above keys to enable the TLS 1.2. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-tls-enforcement#powershell-script-to-check-tls-12

For the client, the TLS 1.2 check script showed the TLS 1.2 was missing:

To enable the TLS 1.2, you can manually add the above highlighted keys or you could run the script provided on Microsoft.com at https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-tls-enforcement#powershell-script-to-enable-tls-12

The script needs to be run as an administrator, and once done should confirm the TLS 1.2 registry keys as:

Once the TLS 1.2 is enabled, you will have to restart the server for the changes to take effect.

Leave a comment