I’ve been updating and installing the latest versions of AAD Connect recently (v1.1.750.0 to the latest v1.1.819.0) and noticed that I could not create a brand new custom ‘Connector’ using any of the following out of the box Connector templates:

  • Generic SQL
  • Generic LDAP (didn’t happen to me but I’ve seen reports it’s impacting others)
  • PowerShell
  • Web Service

The message in the AAD Connect Synchronisation Engine would appear as:

“The extension could not be loaded”

each time I tried to create a Connector with any of the above templates.

The Application Log in Event Viewer was a bit more helpful (specifying the PowerShell Connector):

“Could not load file or assembly ‘Microsoft.IAM.Connector.PowerShell, Version=1.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. Strong name signature could not be verified.  The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)”

Screen Shot 2018-05-17 at 10.55.20 am

The text: ‘strong name signature could not be verified’ lead me to this article:

https://blogs.msdn.microsoft.com/securitytools/2009/12/30/how-to-turn-off-strong-name-validation/

Basically, AAD Connect’s web assembly is rejecting the DLLs for the Connectors.  To circumvent this strong name signature verification for these DLLs, you need to run the following command:

sn.exe -Vr *,31bf3856ad364e35

where 31..35 is the number that corresponds to the ‘PublicKeyToken’ mentioned in the Event Viewer log.  I’m 99% certain this is a static value (based on another user reporting this issue to Microsoft) so the above command should work for you as well.

In terms of the location of the correct ‘sn.exe’, my AAD Connect had four versions installed onto it – you might have more depending on the number of versions of the .NET Framework you have installed.  I suggest you try first the latest .NET framework version, and specify the x64 folder (since AAD Connect is 64-bit).  I also strongly suggest you restart the Windows Server/s hosting AAD Connect after you apply it too.

Good luck!

 

 

 

 

Category:
Application Development and Integration, Azure Infrastructure, Azure Platform, Identity and Access Management

Join the conversation! 1 Comment

  1. Microsoft forgot to sign .dll
    I’ve tried with swapping .dll from MIM-GenericLdapConnector.msi and it worked without error, however I can’t say anything if it worked correctly in terms of operation.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: