Cloud Active Directory Import is timing out while attempting to run one of the Azure AD Imports
Article ID: 388125
Updated On: 02-28-2025
Products
Issue/Introduction
Azure AD Import is taking too long while using ITMS with Microsoft Entra:
Using IT Management Suite with Microsoft Entra
When you go to Cloud Active Directory Import and attempt running one of the Azure AD Imports, it just keeps running till it times out and then you get “Import operation failed. Check the NS log for details.”
These are examples of errors you may see in the NS logs:
Entry 1:
PerformCall failed with exception for url 'https://graph.microsoft.com/v1.0/groups/0f171c70.......c3e8b0e1d4ed/members?$top=500'
One or more errors occurred. [AggregateException @ mscorlib.dll] at System.Threading.Tasks.Task<>.GetResultCore(bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRESTApiConnector.PerformCall(string, string, bool)
A task was canceled. [TaskCanceledException]
Exception logged from: at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string) at Altiris.NS.Cloud.Oauth.RestApi.OauthRESTApiConnector.PerformCall(string, string, bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRestApi.AcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.RestApi.Azure.OauthAzureRestApi.MsGraphAcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadMembersInternal(string, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroupMembersInternal(Guid, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector+<>c_DisplayClass55_1.<LoadGroups>b_1(AzureJsonOdata, bool) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroups(ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadAdGroupTree(ICloudActiveDirectoryConnector, CloudAdImportSettings, DirectoryElementCollection, string, ref bool) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadActiveDirectoryData(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.PerformImport(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.CloudActiveDirectoryImportTask.ExecuteTask(Hashtable, ItemTaskState) at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<,>.ExecuteThreadProc(object) at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object) at System.Threading.ThreadHelper.ThreadStart(object)
-----------------------------------------------------------------------------------------------------Date: 1/23/2025 11:02:15 AM, Tick Count: 430032812 (4.23:27:12.8120000), Size: 3.00 KBProcess: AeXSvc (16856), Thread ID: 109, Module: mscorlib.dllPriority: 1, Source: OauthRASTApiHelper
Entry 2:
Failed to execute query https://graph.microsoft.com/v1.0/groups/0f171c70..........c3e8b0e1d4ed/members?$top=500.
One or more errors occurred. [AggregateException @ mscorlib.dll] at System.Threading.Tasks.Task<>.GetResultCore(bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRESTApiConnector.PerformCall(string, string, bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRestApi.AcquireQueryResults<T>(string, OauthRestApiParameterCollection)
A task was canceled. [TaskCanceledException]
Exception logged from: at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string) at Altiris.NS.Cloud.Oauth.RestApi.OauthRestApi.AcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.RestApi.Azure.OauthAzureRestApi.MsGraphAcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadMembersInternal(string, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroupMembersInternal(Guid, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector+<>c_DisplayClass55_1.<LoadGroups>b_1(AzureJsonOdata, bool) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroups(ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadAdGroupTree(ICloudActiveDirectoryConnector, CloudAdImportSettings, DirectoryElementCollection, string, ref bool) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadActiveDirectoryData(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.PerformImport(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.CloudActiveDirectoryImportTask.ExecuteTask(Hashtable, ItemTaskState) at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<,>.ExecuteThreadProc(object) at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object) at System.Threading.ThreadHelper.ThreadStart(object)
-----------------------------------------------------------------------------------------------------Date: 1/23/2025 11:02:15 AM, Tick Count: 430032812 (4.23:27:12.8120000), Size: 3.00 KBProcess: AeXSvc (16856), Thread ID: 109, Module: mscorlib.dllPriority: 1, Source: OauthRestApi
Entry 3:
Failure during cloud AD import task execution
Failed to execute query https://graph.microsoft.com/v1.0/groups/0f171c70..........c3e8b0e1d4ed/members?$top=500. [RestApiException @ Altiris.NS.Cloud.dll] at Altiris.NS.Cloud.Oauth.RestApi.OauthRestApi.AcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.RestApi.Azure.OauthAzureRestApi.MsGraphAcquireQueryResults<T>(string, OauthRestApiParameterCollection) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadMembersInternal(string, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroupMembersInternal(Guid, ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector+<>c_DisplayClass55_1.<LoadGroups>b_1(AzureJsonOdata, bool) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.ProcessQuery(string, Func<string,AzureJsonOdata>, Func<AzureJsonOdata,bool,bool>) at Altiris.NS.Cloud.Oauth.ActiveDirectory.Azure.AzureCloudAdConnector.LoadGroups(ICloudActiveDirectoryConnectorRequest) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadAdGroupTree(ICloudActiveDirectoryConnector, CloudAdImportSettings, DirectoryElementCollection, string, ref bool) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.LoadActiveDirectoryData(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.DirectoryImport.CloudActiveDirectoryImporter.PerformImport(CloudActiveDirectoryImportMode, CloudAdImportSettings) at Altiris.NS.Cloud.ActiveDirectory.CloudActiveDirectoryImportTask.ExecuteTask(Hashtable, ItemTaskState)
COM Exception errcode: 0x80004005
One or more errors occurred. [AggregateException @ mscorlib.dll] at System.Threading.Tasks.Task<>.GetResultCore(bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRESTApiConnector.PerformCall(string, string, bool) at Altiris.NS.Cloud.Oauth.RestApi.OauthRestApi.AcquireQueryResults<T>(string, OauthRestApiParameterCollection)
A task was canceled. [TaskCanceledException]
A task was canceled. [TaskCanceledException]
Exception logged from: at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string) at Altiris.NS.Cloud.ActiveDirectory.CloudActiveDirectoryImportTask.ExecuteTask(Hashtable, ItemTaskState) at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<,>.ExecuteThreadProc(object) at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool) at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object) at System.Threading.ThreadHelper.ThreadStart(object)
-----------------------------------------------------------------------------------------------------Date: 1/23/2025 11:02:15 AM, Tick Count: 430032812 (4.23:27:12.8120000), Size: 3.31 KBProcess: AeXSvc (16856), Thread ID: 109, Module: Altiris.NS.Cloud.dllPriority: 1, Source: CloudActiveDirectoryImportTask
Environment
ITMS 8.7.2, 8.7.3
Cause
Azure http call is timeouts and then the task fails. This is a performance issue since it is network-related. Normally it takes less than a second for a single poll, but there are spikes, so a time-out (default one is 100 seconds, delays are up to 2 minutes) occurs. We failed to provide a way for specifying a non-default timeout for Azure calls.
Resolution
This issue has been addressed in our ITMS 8.8 release.
We have added new default values:
The default time-out is 5 minutes (300 seconds), and number of retries is 5.
Before the fix, there was: a 100-second timeout and one connection attempt.
Behavior can be controlled by following coresettings (if you want to override default values. Time out is specified in seconds):
<customSetting key="CloudAzureConnectionTimeout" type="local" value="300" /><customSetting key="CloudAzureConnectionAttempts" type="local" value="5" />
The mentioned "CloudAzureConnectionTimeout" and "CloudAzureConnectionAttempts" coresettings (in case you want to change the default values we are using) will need to be created under the Core Settings page (Settings>Notification Server>Core Settings) and manually add them.
Additional Information
Feedback
