Microsoft Entra Sync Service not running error

We did start the Microsoft Entra Connect app. But it didn’t show the usual Welcome screen with the configure button. Instead, it shows the error:

Sync Service not running
Cannot proceed because the Sync Service is not running. Start the ‘ADSync’ service and restart the AADConnect wizard to continue.

This is how the error looks.

When we start Microsoft Entra Connect Synchronization Service Manager, it shows the error below:

Synchronization Service Manager
Unable to connect to the Synchronization Service.

Some possible reasons are:
1) The service is not started.
2) Your account is not a member of a required security group

See the Synchronization Service documentation for details.

Why do we get this error, and what is the solution for Microsoft Entra Connect Sync Service not running?

Fix Microsoft Entra Connect Sync Service not running

There are different methods to fix the Microsoft Entra Connect Sync Service not running error. Let’s look at two methods.

Method 1. Start Microsoft Azure AD Sync service

To fix the Microsoft Entra Connect Sync Service is not running error, follow the steps below:

1. Open the Services application.
2. Find the service name Microsoft Azure AD Sync.
3. Click on Start the service.
4. Ensure that the Startup Type is set to Automatic.

5. Open the Microsoft Entra Connect application.
6. Verify that the Welcome to Microsoft Entra Connect Sync screen appears.

Method 2. Assign Log on as a service to ADSync service account

When starting the Microsoft Azure AD Sync service in Windows Services, you get the error:

Services
Windows could not start the Microsoft Azure AD Sync service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator.

Follow the steps below to fix this error:

1. Start Event Viewer
2. Go to Windows Logs > System
3. Search the latest errors and you will find the Event ID 7041 error

The ADSync service was unable to log on as EXOIP\ADSyncMSAaa9a3$ with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.

Service: ADSync
Domain and account: EXOIP\ADSyncMSAaa9a3$

This service account does not have the required user right “Log on as a service.”

User Action

Assign “Log on as a service” to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

https://029a19135c15686adf2bb300f3d48756.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

4. Start Local Security Policy

5. Navigate to Local Policies > User Rights Assignment
6. Doubleclick on Log on as a service policy

7. Add the ADSync service account (search for ADSync and select it)
8. Click OK

Note: Suppose it’s greyed out, and you can’t add a user to the policy; it means you have a group policy in place, and you have to edit the group policy and add the ADSync service account there.

https://029a19135c15686adf2bb300f3d48756.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

9. Open the Services application.
10. Find the service name Microsoft Azure AD Sync.
11. Click on Start the service.
12. Ensure that the Startup Type is set to Automatic.

13. Open the Microsoft Entra Connect application.
14. Verify that the Welcome to Microsoft Entra Connect Sync screen appears.