Recently I faced an issue with Azure AD Connect.
A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account.
As Azure AD Connect was running in the context of a service account, it wanted to utilise a proxy server to connect to the internet as it is WPAD aware.
The error message given was:
“An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User Realm Discovery Failed”
The trace log file also reported:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed —> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
All the solutions (AADConnect Troubleshooting) I found on the internet pointed me at configuring the machine.config (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config) with the required proxy server settings, but in my scenario I did not want to utilise a proxy server.
To resolve the issue I added the syntax below to the machine.config file which resolved the issue.
As always test in your environment before deploying into production.
AADConnect Troubleshooting – https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect-troubleshoot-connectivity/ (Accessed 16/05/2016)