An error occured executing Update ADFS Federated AAD Trust task in Entra Connect

Question

Hello MS Q&A Community,

I encountered a strange problem when trying to federate one of our domains with Entra ID in Entra Connect.

Our ADFS service is located on a separate Windows 2016 server, has a public name like adfs.domain.com and internal adfs.domain.local, has a valid LetsEncrypt certificate for public name and can be properly resolved on public and AD DNS, is published externally with ports 443 and 49443 and is accessible externally on these ports, as well as via the standard link: https://adfs.domain.com/adfs/ls/idpinitiatedSignOn

Entra Connect is installed on one of the domain controllers, updated to the latest version 2.4.21.0 and worked fine in password hash mode.

TLS1.2 is enabled on ADFS and DC (with Entra Connect) servers.

The ADFS service was configured without problems using Entra Connect wizard (and yes, I know about the problem of missing ADFS PS module, I've installed but not configured ADFS role on that DC server for this), but when trying to federate a domain, it gives a strange error:

Update ADFS Federated AAD Trust
The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.

I found similar errors only in topics about developing services for Azure or dedicated to .Net.

This is quite strange, since I once configured AD FS in a similar scenario and then everything worked immediately and without problems.

I have even reinstalled the AD FS server and returned the Entra Connect settings to the original ones (password hash sync) in order to try to set up domain federation again.

I am attaching screenshots of Entra Connect Sync and its log.

1.png 2.png 3.png