Ran into an issue recently implementing Azure Active Directory Connect as a client. This is the same client and machine as a previous post (Connectivity issues with MSOL PowerShell), where we found that disabling TLS 1.0 required us to force TLS 1.2 on .Net 4.x.
The basic install went off ok, then we got into configuring, and ran into this at the Install Required Components screen:
A check of the ApplicationEvent Log revealed a number of error messages:
Error 12/18/2017 10:58:30 AM AzureActiveDirectorySyncEngine 906 None
SynchronizationServiceSetupTask:Enable LocalDB Instance – Caught unexpected exception. Details System.InvalidOperationException: LocalDB powershell operation failed on ADSync Bootstrap service: Enable-ADSyncBootstrapLocalDBInstance
The key is the last one in the group of five:
Error 12/18/2017 10:58:30 AM ADSyncBootstrap 906 None
EnableADSyncBootstrapLocalDBInstance: Error while attempting to enable local db instance. Details: Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1.
Details: Sqlcmd: Error: Microsoft SQL Server Native Client 11.0 : Encryption not supported on the client.
This lead us to realize that the version of SQL Express 2012 is RTM, and a quick check revealed that SQL anything 2012 doesn’t support TLS 1.2 without a much newer version of the SQL Native Client. (https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server)
Download the latest sql native client here.
The method that worked for me was to do the base install of AAD Connect, then cancel and install the SQL Native Client. Once that has been completed, the configuration of AAD Connect can continue normally.