Azure AD Pass-through authentication (PTA) recommends that you run at least three authentication agents to provide high availability for authentication.
When you download and install the PTA agent, registering the PTA agent to Azure AD might fail. This often happens when the network connectivity to Azure AD requires a proxy server. In such a network setup, you usually encounter configuration errors only if the proxy server is misconfigured or the Internet Explorer zone configuration lacks the required entries for trusted sites.
When you encounter an error during the installation and registration of the dedicated PTA agent, I recommend separating these two steps. It would be best if you had the credentials of an Azure AD account that is a member of the Global Administrator management group.
- Download the most current release of the PTA agent: https://aka.ms/getauthagent
- Copy the downloaded file to the server that will serve as a PTA agent
- Open an administrative command prompt and install the PTA agent software in silent mode without registering the agent:
AADConnectAuthAgentSetup.exe REGISTERCONNECTOR="false" /q
- Open an administrative PowerShell session, navigate to the default installation location, and register the PTA agent manually
# navigate to the default installation location cd "C:\Program Files\Microsoft Azure AD Connect Authentication Agent" # enter the global admin credentials $cred = Get-Credential # register the PTA agent using the RegisterConnector.ps1 script # multiline example .\RegisterConnector.ps1 ` -ModulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" ` -ModuleName ""PassthroughAuthPSModule"" ` -AuthenticationMode Credentials ` -UserCredentials $cred ` -Feature PassthroughAuthentication # single line example .\RegisterConnector.ps1 -ModulePath ""C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\"" -ModuleName ""PassthroughAuthPSModule"" -AuthenticationMode Credentials -UserCredentials $cred -Feature PassthroughAuthentication
The Azure AD Pass-through agent Quickstart documentation has an example for automating the installation of the PTA agent as part of a server provisioning process. The current example references the wrong PowerShell module named AppProxyPSModule. The most recent release of the PTA agent does not contain a PowerShell module by that name. Use the PowerShell module PassthroughAuthPSModule.