FIM Azure AD Management Agent returns error Stopped-Extension-DLL-Exception on Full Import or Delta Import

by

AzureAD

After enabling the new Intune Mobile Device Management features inside the O365 tenant and enrolling some new devices into Intune you now have device objects in your Azure AD tenant to deal with.

The next time you do a Full Import or Delta Import you will most likely encounter a DLL Exception error in the FIM console.

If you debug the Azure connector further using the ILSpy tool and trace what line it is failing on it will most likely be this:

SchemaType schemaType = this.targetDirectorySchema.get_Types()[text];

 

Errors logged in the Application log:

FIMSynchronizationService Event 6801

The extensible extension returned an unsupported error.

The stack trace is:

“System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

at System.Collections.Generic.Dictionary`2.get_Item(TKey key)

at System.Collections.ObjectModel.KeyedCollection`2.get_Item(TKey key)

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetConnectorSpaceEntryChange(SyncObject syncObject)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()

at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep)

Forefront Identity Manager 4.1.3634.0″

 

DirectorySynchronization Event 109:

Failure while importing entries from Windows Azure Active Directory. Exception: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

at System.Collections.Generic.Dictionary`2.get_Item(TKey key)

at System.Collections.ObjectModel.KeyedCollection`2.get_Item(TKey key)

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetConnectorSpaceEntryChange(SyncObject syncObject)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()

at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()

at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep).

 

 

Updating the Schema for the Management Agent for the Azure AD tenant in the FIM Synch console and adding the missing object type (Device) to the Azure AD Management Agent resolved the issue in my case.

FIMError

 

Other scenarios known to return Stopped-Extension-DLL-Exception error in the FIM Synch console:

  • The password of your Azure AD Synch service account has expired
  • You have outdated binaries of the MSOL Sign-in Assistant installed
  • You have removed the default objects from the WAAD Synch configuration (Contact or Group when a Contact or Group is present in WAAD)
  • The Azure AD Subscription is inactive or expired

 

Further details:

Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference
https://msdn.microsoft.com/en-us/library/dn511001(v=ws.10).aspx

ILSpy Visual Studio extension
https://visualstudiogallery.msdn.microsoft.com/8ef1d688-f80c-4380-8004-2ec7f814e7de

Using the ILSpy extension
https://channel9.msdn.com/coding4fun/blog/ILSpy-the-Visual-Studio-Extension

Decompiler tools for the .NET framework
http://blogs.msdn.com/b/amb/archive/2011/05/24/decompiling-tools-for-net-framework.aspx

[Troubleshooting] Connectors: Azure Active Directory Connector: stopped-extension-dll-exception
http://blogs.msdn.com/b/ms-identity-support/archive/2014/01/28/troubleshooting-connectors-azure-active-directory-connector-stopped-extension-dll-exception.aspx

The version of the AAD connector has a dependency on the Azure Active Directory Sign-in Assistant, a.k.a. Microsoft Online Services Sign-in Assistant, version 7.250.4551.0 or later
http://blog.msresource.net/2014/01/21/microsoft-online-coexistence-security-dynamicpinvokeexception-failed-to-get-address-for-method-createidentityhandle2-from-library/

Azure AD Sync failing
http://exchangeserverpro.com/azure-active-directory-synchronization-failing-stopped-extension-dll-exception-error/

Troubleshooting synchronization with Windows Azure Active Directory (WAAD) Parts 1-3
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/troubleshooting-synchronization-windows-azure-active-directory-waad-part1.html

 

 

 

Leave a Reply

Your email address will not be published.