Office 365 – Unhealthy Identity synchronization Notification

Today I received an e-mail from a new customer.  They hade received an e-mail from

On Friday, 02 March 2018 01:28:41 GMT, Azure Active Directory did not register a synchronization attempt from the Identity synchronization tool in the last 24 hours for.

I logged on to the server that hade Azure AD Connect installed and looked in to the Event Viewer System log

The first error I saw Event ID: 36874

Log Name:      System
Source:        Schannel
Date:          2018-03-02 14:03:48
Event ID:      36874
Task Category: None
Level:         Error
User:          SYSTEM

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

I then started the Synchronization Service Manager and it also showed me errors.

A couple of weeks ago I received an E-mail from Microsoft that they required TLS 1.2 from March 1 2018 to access Office 365 services.

As outlined in the article “Preparing for the mandatory use of TLS 1.2 in Office 365”, this is going to present a problem if your organization is still using Windows 7/Vista clients. Why?

Because on March 1, 2018, Microsoft Office 365 will be disabling support for TLS 1.0 and 1.1. This means that, starting on March 1, 2018, all client-server and browser-server combinations must use TLS 1.2 or later protocol versions to be able to connect without issues to Office 365 services. This may require certain client-server and browser-server combinations to be updated.

 Read more here:

 The problem with the articles is that in one it says March 1 and the other says October 31 2018  The E-mail I received said 1 March.
What date is the correct?

My solution:

Was to update the Azure AD Connect version to a new version that supports TLS 1.2

There are a couple of things to think about when you update

  • Check your configuration and document it. My upgrade failed so I had to uninstall and do a new install.
    • Check what OU you are syncing
    • Check if you have any custom settings in the Synchcronization Rules Editor
  • During the upgrade the sync service will be stopped so any new created accounts or password changes will not be synced during the upgrade.

Good luck


This entry was posted in Active Directory, Azure, Office 365. Bookmark the permalink.

One Response to Office 365 – Unhealthy Identity synchronization Notification

  1. Hi Chris,

    October 31 is the correct date. The change in date was announced early February 2018. More information can be found here:

Leave a Reply

Your email address will not be published. Required fields are marked *