Troubleshoot Azure File Sync agent installation and server registration

After deploying the Storage Sync Service, the next steps in deploying Azure File Sync are installing the Azure File Sync agent and registering Windows Server with the Storage Sync Service. This article is designed to help you troubleshoot and resolve issues that you might encounter during these steps.

Agent installation

How to check if an Azure File Sync agent installation requires a restart

Installing an Azure File Sync agent might need a restart to finish. For example, Azure File Sync agent version 19.1.0.0 requires a restart on servers if updating from a version earlier than 18.2.0.0.

If the agent is updated using the auto-upgrade feature, run the following PowerShell commands to check if a restart is required to complete the agent auto-upgrade:

Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
Get-StorageSyncServer

If the value for the RebootNeeded property is True, a restart is required.

Agent update does not complete

When upgrading the Azure File Sync agent, you may experience one of the following symptoms:

  • AfsUpdater.exe hangs at "installing updates."
  • Agent installation hangs at "Stopping monitoring agent."

This issue occurs if the currently installed Azure File Sync agent version is earlier than v16.2 and the Logman.exe process fails to shut down.

To resolve this issue, perform the following steps:

  1. Open Task Manager.
  2. Right-click the LogMan process and select End task. Repeat this step until all LogMan processes are stopped and the agent update completes successfully.

Troubleshoot agent installation failures

If the Azure File Sync agent installation fails, locate the installation log file that's located in the agent installation directory. If the Azure File Sync agent is installed on the C: volume, the installation log file is located under C:\Program Files\Azure\StorageSyncAgent\InstallerLog.

Note

If the Azure File Sync agent is installed from the command line and the /l\*v switch is used, the log file will be located in the path where the agent installation was executed.

The log file name for agent installations using the MSI package is AfsAgentInstall. The log file name for agent installations using the MSP package (update package) is AfsUpdater.

Once you have located the agent installation log file, open the file and search for the failure code at the end of the log. If you search for "error code 1603" or "sandbox," you should be able to locate the error code.

Here's a snippet from an agent installation that failed:

CAQuietExec64:      + CategoryInfo          : SecurityError: (:) , PSSecurityException  
CAQuietExec64:      + FullyQualifiedErrorId : UnauthorizedAccess  
CAQuietExec64:  Error 0x80070001: Command line returned an error.  
CAQuietExec64:  Error 0x80070001: QuietExec64 Failed  
CAQuietExec64:  Error 0x80070001: Failed in ExecCommon64 method  
CustomAction SetRegPIIAclSettings returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)  
Action ended 12:23:40: InstallExecute. Return value 3.  
MSI (s) (0C:C8) [12:23:40:994]: Note: 1: 2265 2:  3: -2147287035

For this example, the agent installation failed with error code -2147287035 (ERROR_ACCESS_DENIED).

Agent installation fails with error: Storage Sync Agent Setup Wizard ended prematurely because of an error

In the agent installation log, the following error is logged:

CAQuietExec64:      + CategoryInfo          : SecurityError: (:) , PSSecurityException  
CAQuietExec64:      + FullyQualifiedErrorId : UnauthorizedAccess  
CAQuietExec64:  Error 0x80070001: Command line returned an error.  
CAQuietExec64:  Error 0x80070001: QuietExec64 Failed  
CAQuietExec64:  Error 0x80070001: Failed in ExecCommon64 method  
CustomAction SetRegPIIAclSettings returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)  
Action ended 12:23:40: InstallExecute. Return value 3.  
MSI (s) (0C:C8) [12:23:40:994]: Note: 1: 2265 2:  3: -2147287035 

This issue occurs if the PowerShell execution policy is configured using group policy and the policy setting is "Allow only signed scripts." All scripts included with the Azure File Sync agent are signed. The Azure File Sync agent installation fails because the installer is performing the script execution using the Bypass execution policy setting.

To resolve this issue, temporarily disable the Turn on Script Execution group policy setting on the server. Once the agent installation completes, the group policy setting can be re-enabled.

Agent installation fails on Active Directory Domain Controller

In the agent installation log, the following error is logged:

CAQuietExec64:  Error 0x80070001: Command line returned an error.
CAQuietExec64:  Error 0x80070001: CAQuietExec64 Failed
CustomAction InstallHFSRequiredWindowsFeatures returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 8:51:12: InstallExecute. Return value 3.
MSI (s) (EC:B4) [08:51:12:439]: Note: 1: 2265 2:  3: -2147287035

This issue occurs if you try to install the sync agent on an Active Directory domain controller where the PDC role owner is on a Windows Server 2008 R2 or earlier OS version.

To resolve, transfer the PDC role to another domain controller running Windows Server 2012 R2 or more recent, then install sync.

Accessing a volume on Windows Server 2012 R2 fails with error: The parameter is incorrect

After creating a server endpoint on Windows Server 2012 R2, the following error occurs when accessing the volume:

drive letter:\ is not accessible.
The parameter is incorrect.

To resolve this issue, install KB2919355 and restart the server. If this update can't install because a later update is already installed, go to Windows Update, install the latest updates for Windows Server 2012 R2 and restart the server.

Server registration

Troubleshoot server registration failures

If server registration fails, open the AfsSrvRegistration*.log file located under %LocalAppData%\Temp and search for "ErrorMessage" to get the error details.

If you can't identify the cause based on the error message, use the Debug-StorageSyncServer cmdlet to help diagnose if server registration fails due to a network issue or server certificate.

To run diagnostics on the server, run the following PowerShell commands:

Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
Debug-StorageSyncServer -Diagnose

To test the network connectivity on the server, run the following PowerShell commands:

Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
Debug-StorageSyncServer -TestNetworkConnectivity

Server registration using the Register-AzStorageSyncServer cmdlet fails with the error: Catastrophic failure (0x8000FFFF)

A server registration using the Register-AzStorageSyncServer cmdlet fails with the following error:

Catastrophic failure (0x8000FFFF (E_UNEXPECTED)) 'No system-assigned Managed Identity was found for this resource'

This issue occurs when the Azure Files Sync agent is upgraded from version 17.x to 18.x and the ServerType registry value is set to an unexpected value.

To resolve this issue, delete the ServerType registry value by running the following commands from an elevated command prompt:

reg delete HKLM\SOFTWARE\Microsoft\Azure\StorageSync /v ServerType /f  
net stop filesyncsvc  
net start filesyncsvc  

Once the ServerType registry value is deleted, retry the server registration.

Server Registration does not list all Azure Subscriptions

When registering a server using ServerRegistration.exe, subscriptions are missing when you select the Azure Subscription drop-down.

This issue occurs because ServerRegistration.exe will only retrieve subscriptions from the first five Microsoft Entra tenants.

To increase the Server Registration tenant limit on the server, create a DWORD value called ServerRegistrationTenantLimit under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure\StorageSync with a value greater than 5.

You can also work around this issue by using the following PowerShell commands to register the server:

Connect-AzAccount -Subscription "<guid>" -Tenant "<guid>"
Register-AzStorageSyncServer -ResourceGroupName "<your-resource-group-name>" -StorageSyncServiceName "<your-storage-sync-service-name>"

Server Registration displays the following message: "This server is already registered"

Screenshot that shows the Server Registration dialog box with the 'server is already registered' error message.

This message appears if the server was previously registered with a Storage Sync Service. To unregister the server from the current Storage Sync Service and then register with a new Storage Sync Service, complete the steps that are described in Unregister a server with Azure File Sync.

If the server isn't listed under Registered servers in the Storage Sync Service, on the server that you want to unregister, run the following PowerShell commands:

Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
Reset-StorageSyncServer

Note

If the server is part of a cluster, use the Reset-StorageSyncServer -CleanClusterRegistration parameter to remove the server from the Azure File Sync cluster registration detail.

When I register a server, I see numerous "web site not trusted" responses. Why?

This issue occurs when the Enhanced Internet Explorer Security policy is enabled during server registration. For more information about how to correctly disable the Enhanced Internet Explorer Security policy, see Prepare Windows Server to use with Azure File Sync and How to deploy Azure File Sync.

Server is not listed under registered servers in the Azure portal

If a server isn't listed under Registered servers for a Storage Sync Service:

  1. Sign in to the server that you want to register.
  2. Open File Explorer, and then go to the Storage Sync Agent installation directory (the default location is C:\Program Files\Azure\StorageSyncAgent).
  3. Run ServerRegistration.exe, and complete the wizard to register the server with a Storage Sync Service.

See also

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.