Troubleshooting issues with Azure AD Connect can be a lot of fun, until you realize that new functionality throws an error that is incredibly vague.

This blogpost provides the instructions to get Azure AD Connect working for your Hybrid Identity implementation when you receive “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:” when configuring Azure AD Connect version 1.4.38.0, and up.

The situation

The organization wants to deploy Hybrid Identity with Azure AD Connect. The organization uses a single Active Directory domain in a single forest.

The following preparations were made:

• The Windows Server installation intended to be used as the synchronization server was updated with the latest Windows Updates.
• The latest version (v1.4.38.0) was downloaded and placed on the disk of the Windows Server intended to be used as the synchronization server.
• The account to run the Azure AD Connect installer was made a member of the Enterprise Admins group in Active Directory. After the membership change, the account was signed out and used to sign in to the synchronization server.

The issue

You encounter the following error:

Further symptoms include:

• The Azure AD connect log mentioned on the Azure AD Connect error page (above) mentions ‘Caught exception while installing synchronization service.’
• The System log in Event Viewer (eventvwr.exe) features an event with ID 7045 with source Service Control Manager stating the ADSync service is installed successfully.
• The Microsoft Azure AD Sync service (ADSync) is not visible as a service in the Services MMC Snap-in (services.msc)

The cause

The error is caused by the SQL Server Native Client not supporting TLS 1.2.

It seems that the version of SQL Server Native Client that comes with the installation and configuration of Azure AD Connect, in some cases, does not support TLS 1.2.

The solution

To successfully install and configure Azure AD Connect when you encounter “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:”, follow these steps:

• Manually uninstall Azure AD Connect and remove all components in relation to Azure AD Connect as indicated by the uninstall wizard.
• Download Azure AD Connect again.
• Start the Azure AD Connect installation by double-clicking AzureADConnect.msi.
• Do not click on Configure. Simply close the Microsoft Azure Active Directory Connect Configuration wizard at this point.

Note:
This action automatically confirms the License Agreement and privacy notice.

• Download the latest version of the Microsoft SQL Server 2012 Native Client.
• Install the Microsoft SQL Server 2012 Native Client.
• Now, configure Azure AD Connect by clicking its shortcut on the desktop.