top of page
  • Writer's pictureAbhijit Tiwari

Stopped Extension DLL error on AD connect or DirSync is not always a Global Admin credential issue


We often start getting pesky emails from Microsoft that the DirSync isnt working and we need to fix it. Soon we open up the MIIS client and this is what we find.

After seeing Stopped Extension DLL. we take a breath of relief thinking that perhaps the Global Admin credentials have expired and we need to update it and most of the time it does work.

But sometimes no matter how many times you change the credentials it doesn't seems to work. Reasons? Well aren't we being too judgemental about this error? The very reason you get this error is because the tool isn't able to talk to MSODS (Microsoft Online Directory Services) or Azure AD and there can be many reasons why it would not be able to talk apart from the GA credentials getting expired or changed.

Did we even bother to check the network connectivity? Is your server able to talk to the internet? if no perhaps thats the cause. You might say well the internet seems to be in place, then why am I seeing this? Answer is perhaps you have a firewall in between that is being the culprit here. Now, you shall be saying that I can't risk my environment for the sake of running a tool but wait a second there is documentation available that might help you configure the exceptions. The list is available right here that contains all the information about the port numbers, IP addresses and domain. https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US . Just add the exceptions and you aare ready to rock and roll but setting these exceptions doesn't mean that you wont face this issue again. Microsoft has the tendency to modify the above exceptions from time to time so its recommended that you keep yourself updated from the RSS feed that they provide which can be found here https://support.office.com/en-us/o365ip/rss

Are you still facing the issue? and perhaps you are so frustrated that you think of blaming Microsoft for the tool that they have designed but wait let me ask you one more question.Are you using credentials from a federated domain? if yes, its highly possible that your ADFS server is down or for some reasons the federated account cannot be authenticated. In my opinion its always a good idea to use a GA account that ends with the ".onmirosoft.com" domain and set that account to have a password that never expires. This issue can be identified by just keying in the federated GA accounts credentials in the WAAD connector properties and I am pretty sure that if you have issues with the federated account , you shall see error related to authentication.

So, next time when you see the Stopped Extension DLL issue don't conclude it to be a GA credentials issue.

540 views0 comments

Comments


bottom of page