Azure AD Connect: User Realm Discovery Failed.


Recently I faced an issue with Azure AD Connect.

The scenario:

A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account.

As Azure AD Connect was running in the context of a service account, it wanted to utilise a proxy server to connect to the internet as it is WPAD aware.

The error message given was:

An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User Realm Discovery Failed

The trace log file also reported:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed —> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.

All the solutions (AADConnect Troubleshooting) I found on the internet pointed me at configuring the machine.config (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config) with the required proxy server settings, but in my scenario I did not want to utilise a proxy server.

To resolve the issue I added the syntax below to the machine.config file which resolved the issue.

                <defaultProxy enabled=”false”></defaultProxy>

As always test in your environment before deploying into production.

AADConnect Troubleshooting – (Accessed 16/05/2016)




12 thoughts on “Azure AD Connect: User Realm Discovery Failed.

  1. Hi there,

    I have a different scenario where I have to use a proxy server – which doesn’t use authentication.

    So in my case, I add the entry

    And then I finally manage to finish the AD connect wizard, but got this on the last page: AD connect was successfully configured, password sync cannot be configured. Check event log for more info.

    Going there, i can see some information events (no errors) saying that the sync failed to resolve the name ‘’

    I tried browsing to it – it’s working (this is part of the URL list that the network admin has already whitelisted on the web proxy)

    I then went to powershell: import-module AdSync
    Start-AdSyncSyncCicle -policyType initial

    Received a big big error saying that “user realm discovery failed—>System.Net.WebException: The remote name could not be resolved: ‘’

    My understanding is that the sync is trying to access that fqdn through 443 and is not going through the proxy server.

    Any ideas?

    1. sorry, the entry i added in the machine.config is, right before the last line:


      Not sure why it didnt take it before

      1. still, it wont take all my copy-paste heh; sorry for the spam:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.