Azure AD Pass-through authentication (PTA) recommends that you run at least three authentication agents to provide high availability for authentication.
When you download and install the PTA agent, registering the PTA agent to Azure AD might fail. This happens most of the time when the network connectivity to Azure AD requires the use of a proxy server. In such a network setup you normally encounter configuration errors only, if the proxy server is misconfigured or the Internet Explorer zone configuration is missing required entries for trusted sites.
When you encounter an error during installation and registration of the dedicated PTA agent I recommend to separate these two steps. You need the credentials of an Azure AD account that is a member of the Global Administrator management group.
- Download the most current release of the PTA agent: https://aka.ms/getauthagent
- Copy the downloaded file to the server that will serve as a PTA agent
- Open an administrative command prompt and install the PTA agent software in silent mode without registering the agent:
AADConnectAuthAgentSetup.exe REGISTERCONNECTOR="false" /q
- Open an administrative PowerShell session, navigate to the default installation location and register the PTA agent manually
# navigate to the default installation locationcd "C:\Program Files\Microsoft Azure AD Connect Authentication Agent"# enter the global admin credentials$cred = Get-Credential# register the PTA agent using the RegisterConnector.ps1 script# multiline example.\RegisterConnector.ps1 `-ModulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" `-ModuleName ""PassthroughAuthPSModule"" `-AuthenticationMode Credentials ` -UserCredentials $cred `-Feature PassthroughAuthentication# single line example.\RegisterConnector.ps1 -ModulePath ""C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\"" -ModuleName ""PassthroughAuthPSModule"" -AuthenticationMode Credentials -UserCredentials $cred -Feature PassthroughAuthentication
The Azure AD Pass-through agent Quickstart documentation has an example for automating the installation of the PTA agent as part of a server provisioning process. The current example references the wrong PowerShell module named AppProxyPSModule. The most recent release of the PTA agent does not contain a PowerShell module by that name. Use the PowerShell module PassthroughAuthPSModule