Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library

Scenario

You are setting up the Forefront Identity Manager (FIM) 2010 R2 Azure Active Directory (AAD) connector.

Issue

AAD connector import or export fail with stopped-extension-dll-exception error.  In the Application event log are two events that correlate with the time of the error in FIM:

1. Level: Error; Source: Directory Synchronization; Event ID: 109 (fig 1)
2. Level: Error; Source FIMSynchronizationService; Event ID: 6801 (fig 2)

For completeness, here’s the event logs:

Figure 1: Directory Synchronization 109

The full details in the log are:

Failure while importing entries from Windows Azure Active Directory. Exception: Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library: C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\msoidcli.dll. GetLastError code: 127
at Microsoft.Online.Coexistence.Security.NativeMethods.GetFunctionPointer(IntPtr msoidcli, String methodName, Type delegateType)
at Microsoft.Online.Coexistence.Security.NativeMethods.Initialize()
at Microsoft.Online.Coexistence.Security.LiveIdentityManager..ctor()
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Initialize()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte[] syncCookie, Boolean isFullImport)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep).

The second log is:

Figure 2: FIMSynchronizationService 6801

The full details in the log are:

The extensible extension returned an unsupported error.
The stack trace is:

“Microsoft.Online.Coexistence.Security.DynamicPInvokeException: Failed to get address for method: CreateIdentityHandle2 from library: C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\msoidcli.dll. GetLastError code: 127
at Microsoft.Online.Coexistence.Security.NativeMethods.GetFunctionPointer(IntPtr msoidcli, String methodName, Type delegateType)
at Microsoft.Online.Coexistence.Security.NativeMethods.Initialize()
at Microsoft.Online.Coexistence.Security.LiveIdentityManager..ctor()
at Microsoft.Online.Coexistence.ProvisionHelper.GetLiveCompactToken(String userName, String userPassword)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Initialize()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.Import(Byte[] syncCookie, Boolean isFullImport)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep)
Forefront Identity Manager 4.1.3496.0”

Resolution

Simple solution.  The version of the AAD connector has a dependency on the Azure Active Directory Sign-in Assistant, a.k.a. Microsoft Online Services Sign-in Assistant, version 7.250.4551.0 or later.

Download and install the AAD sign-in assistant and install.  It will install over the top of an existing installation without the need to uninstall first.

I was mistakenly running 7.250.4303.0 on a server that I recovered FIM onto and thus hit this issue.

Wrap-up

Almost not worth posting this but we managed to hit this issue more than once in a very short space of times when setting up development labs this month and last month so the older client is still readily available therefore I think there’s some value in this post.