Active Roles Administration service won't start if Azure is configured and connection to Azure is lost or if the Active Roles configuration is moved to a host which cannot communicate with Azure.
The Active Roles Administration Service Event Viewer shows the following error message:
Event ID 2501. One or more errors occurred.
Verbose service logging shows one of the following error:
This is a product defect (TF00709345).
Steps to reproduce:
1. Install and Configure Active Roles.
2. Configure Azure Tenant and Application.
3. Provide application consent.
4. Apply Azure Policy on an Organizational Unit.
5. Check Azure user creation from Active Roles Web Interface.
6. Stop the Active Roles Administration Service.
7. Disable internet connection on the Active Roles host.
8. Start the Active Roles Administration Service.
Expected: Service should start with warning.
If the Active Roles Administration Service is already running, only Azure-related functionality will be unavailable. The Active Roles Web Interface and Active Roles Console will still function as expected.
If the service is stopped and cannot be started, there are two options:
MFA must be disabled for the service account used to connect to Azure.
This Product Defect (TF00709345) will be fixed in a future release of the product.