Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library

Scenario

You are setting up the Forefront Identity Manager (FIM) 2010 R2 Azure Active Directory (AAD) connector.

Issue

AAD connector import or export fail with stopped-extension-dll-exception error.  In the Application event log are two events that correlate with the time of the error in FIM:

  1. Level: Error; Source: Directory Synchronization; Event ID: 109 (fig 1)
  2. Level: Error; Source FIMSynchronizationService; Event ID: 6801 (fig 2)

For completeness, here’s the event logs:

image

Figure 1: Directory Synchronization 109

The full details in the log are:

Failure while importing entries from Windows Azure Active Directory. Exception: Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library: C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\msoidcli.dll. GetLastError code: 127
at Microsoft.Online.Coexistence.Security.NativeMethods.GetFunctionPointer(IntPtr msoidcli, String methodName, Type delegateType)
at Microsoft.Online.Coexistence.Security.NativeMethods.Initialize()
at Microsoft.Online.Coexistence.Security.LiveIdentityManager..ctor()
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Initialize()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte[] syncCookie, Boolean isFullImport)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep).

The second log is:

image

Figure 2: FIMSynchronizationService 6801

The full details in the log are:

The extensible extension returned an unsupported error.
The stack trace is:

“Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library: C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\msoidcli.dll. GetLastError code: 127
at Microsoft.Online.Coexistence.Security.NativeMethods.GetFunctionPointer(IntPtr msoidcli, String methodName, Type delegateType)
at Microsoft.Online.Coexistence.Security.NativeMethods.Initialize()
at Microsoft.Online.Coexistence.Security.LiveIdentityManager..ctor()
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Initialize()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte[] syncCookie, Boolean isFullImport)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep)
Forefront Identity Manager 4.1.3496.0”

Resolution

Simple solution.  The version of the AAD connector has a dependency on the Azure Active Directory Sign-in Assistant, a.k.a. Microsoft Online Services Sign-in Assistant, version 7.250.4551.0 or later.

Download and install the AAD sign-in assistant and install.  It will install over the top of an existing installation without the need to uninstall first.

I was mistakenly running 7.250.4303.0 on a server that I recovered FIM onto and thus hit this issue.

Wrap-up

Almost not worth posting this but we managed to hit this issue more than once in a very short space of times when setting up development labs this month and last month so the older client is still readily available therefore I think there’s some value in this post.

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in Azure Active Directory, DirSync, FIM 2010 R2, Troubleshooting and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s