Albert Einstein was famously quoted for saying that the definition of insanity is doing the same thing over and over again and expecting a different result. I was reminded of that during a recent Azure AD Connect installation.
May thanks to Russ Tarr, a Principal Consultant at Microsoft, he actually traced this down to root cause for us in our troubleshooting session. There's no substitute for experience and I am sharing our experience with you. We hope this helps someone running into the same issue.
The Azure AD Connect installation would get to the ADFS Service Account screen (shown below) but would not allow the installation to proceed. After restarting the installation process and walking through the steps several times, the process appeared to be in an infinite loop (see paragraph above). The screen below was the brick wall in the installation process. The account information was auto populated from the existing ADFS farm. The accounts specified throughout the installation wizard are all done in DOMAIN\User format. So what's going on here?
Digging Through the Logs
During the installation of Azure AD Connect, logs are created in the C:\ProgramData\AADConnect folder on the local machine and give a clue on the issue being experienced.
The Moment of Clarity
So, where is this coming from? In our case, the service account on the Active Directory Federation Services service was configured with the Log On account configured in UPN format. While this is perfectly valid for a service account as far as Windows is concerned, the Azure AD Connect installation has a problem with it.
The solution is easy, just change the service log on information to DOMAIN\UserName format in the service and the installation will proceed past the ADFS Service Account screen.
Now that we have the Log On information in the service account for ADFS corrected, the installation continues on.