Skip to main content

The Microsoft Entra Connect Sync server crashed. The customer didn’t choose to have a second Microsoft Entra Connect Sync server. So, if one server crashes, you can disable staging on the other server, and it resumes the sync to Microsoft Entra ID. In this article, you will learn how to fix the Microsoft Entra Connect Sync server after a crash.

Introduction

In our scenario, this is how the setup looks like:

  • DC01-2019: Crashed Microsoft Entra Connect Sync server
  • DC01-2022: New Microsoft Entra Connect Sync server

We can’t access the crashed Microsoft Entra Connect Sync server, and the backup to restore the Windows Server isn’t working, so we can’t restore it.

Fix Microsoft Entra Connect Sync crashed server

Go through the below steps to remove the crashed Microsoft Entra Connect Sync server and build a new one.

Step 1. Check synchronization status

It’s not possible to sign in on the crashed Microsoft Entra Connect Sync server, so we cannot open the Synchronization Service Manager and check the status messages. However, we can check the synchronization status in Microsoft 365 and Microsoft Entra ID.

Sign in to Microsoft 365 admin center and check Azure AD Connect tile. The sync status shows that the last sync was more than 3 days ago.

Microsoft Entra Connect sync status error in Microsoft 365 admin center

Click on Users > Active users. The user sync status still appears as synced from on-premises, which is the correct behavior.

Sync status synced from on-premises

Sign in to Microsoft Entra admin center and navigate to Hybrid Management > Microsoft Entra Connect > Connect Sync.

The last sync shows more than 1 day ago.

Microsoft Entra Connect sync status more than 1 day ago

So what are the correct steps to get the Microsoft Entra Connect Sync server up and running? Let’s look at that in the next step.

Step 2. Set up Microsoft Entra Connect Sync

Build a new Windows Server and install Microsoft Entra Connect Sync on it, or install Microsoft Entra Connect Sync on an already installed member server.

Step 3. Verify synchronization status

Open Synchronization Service Manager and check that the synchronization is a success. If you do have any sync issues for user accounts, fix them.

In our example, the new server is DC01-2022, and there are no issues. The status shows success.

Synchronization Service Manager status success

Sign in to Microsoft 365 admin center and go to the Azure AD Connect tile. Verify that both the Sync status and Password sync have a green checkmark and it’s syncing.

Microsoft Entra Connect sync status success in Microsoft 365 admin center

Sign in to Microsoft Entra admin center and go to Hybrid management > Microsoft Entra Connect > Connect Sync.

Verify that the last sync shows less than 1 hour ago.

Microsoft Entra Connect sync status less than 1 hour ago

Step 4. Remove old server from Microsoft Entra ID

When you Uninstall Azure AD Connect from Programs and Features, it will remove the server from Microsoft Entra ID. But since the server crashed, we are not able to do this anymore. We have to force remove the server from Microsoft Entra ID.

Scroll down in the Microsoft Entra Connect Sync page and click on Microsoft Entra Connect Health.

Microsoft Entra Connect Sync server health

Click Sync services and click on the service name.

Microsoft Entra Connect Sync server health sync services

Click on the failed Microsoft Entra Connect Sync server. It shows that it’s unhealthy.

Select Microsoft Entra Connect Sync server from list

Click Delete.

Delete Microsoft Entra Connect Sync server from Microsoft Entra ID

Fill in the Microsoft Entra Connect Sync server name. Click Delete.

Confirm Delete Microsoft Entra Connect Sync server from Microsoft Entra ID

Step 5. Check Microsoft Entra Connect Sync health alerts

Always check if there are any Microsoft Entra Connect Sync health alerts and fix them.

Click on the Alerts tile.

Microsoft Entra Connect Sync health alerts

It shows the issue:

Synchronization to Microsoft Entra ID appears to have been stopped for at least 24 hours. As a result, data in Microsoft Entra ID may not be up to date.

You can ignore that specific error. That’s because the synchronization works, but it takes time before this message disappears.

Synchronization alert issue

If there are other alerts, go through them and fix them immediately when possible.

Step 6. Remove old On-Premises Directory Synchronization Service account

You still have to remove the old On-Premises Directory Synchronization Service account.

In our example, the user account starts with Sync_DC01-2019.

Remove old On-Premises Directory Synchronization Service account

Step 7. Remove old AD DS Connector account

We chose to create a new AD DS Connector account in the Microsoft Entra Connect Sync setup, so we will remove the old one that was set up for the crashed Microsoft Entra Connect Sync server from Active Directory Users and Computers.

Remove old AD DS Connector account

That’s it!

Important: This is an excellent reminder to install Microsoft Entra Connect Sync on at least 2 servers. If one server crashes or has issues, you only have to Configure Microsoft Entra Connect Sync staging mode, and the synchronization will run through the backup server.

Leave a Reply