To verify that the agent is running, follow these steps: Because the DNS records in the chain might be changed from time to time, we can't provide you with any list DNS records. Due to this, you must ensure that the device can resolve all the records in the chain, and allows connection to the resolved IP addresses. However, during the name resolution, the CNAME records might contain DNS records with different host names and suffixes. It’s guaranteed that the Azure AD Application Proxy connector always accesses host names with the domain suffixes *. or *. This ensures fault tolerance and flexibility. Public DNS records for Azure AD Application Proxy endpoints are chained CNAME records, pointing to an A record. DNS name resolution for Azure AD Application Proxy endpoints The IP ranges are updated each week.Īvoid all forms of inline inspection and termination on outbound TLS communications between Azure AD Application Proxy connectors and Azure AD Application Proxy cloud services. If not, you need to allow access to the Azure IP ranges and service tags - public cloud. You can allow connections to *., *., and other of the preceding URLs, if your firewall or proxy lets you configure access rules based on domain suffixes. The connector uses this URL during the registration process. The connector uses these URLs during the registration process. The connector uses these URLs to verify certificates. Allow access to URLsĬommunication between the connector and the Application Proxy cloud service. If your firewall enforces traffic according to originating users, also open ports 80 and 443 for traffic from Windows services that run as a network service. Handling all outbound communication with the Application Proxy service. If there's a firewall in the path, make sure that the following ports to outbound traffic are open: Port numberĭownloading certificate revocation lists (CRLs), while validating the TLS/SSL certificate. Verify that the Azure AD Connect provisioning agent is able to communicate successfully with Azure datacenters. If all is well, you will see the active (green) status for the agent. Verify that the agent in question is there. On the On-premises provisioning agents screen, you see the agents you've installed. On the Azure AD Connect cloud sync screen, select Review all agents. On the left, select Azure Active Directory > Azure AD Connect. To verify that Azure detects the agent, and that the agent is healthy, follow these steps: You can verify these items in the Azure portal and on the local server that's running the agent. In particular, some of the first things that you want to verify with the agent are: When you troubleshoot agent problems, you verify that the agent was installed correctly, and that it communicates with Azure Active Directory (Azure AD). It introduces the typical areas for you to focus on, how to gather additional information, and the various techniques you can use to track down problems. This article helps you troubleshoot these problems. Cloud sync has many different dependencies and interactions, which can give rise to various problems.
0 Comments
Leave a Reply. |