Azure AD Syn c Не удается установить «Не удается подключиться к LDAP»

Question

• Новый стандартный контроллер домена Server 2019
• Брандмауэр Win отключен
• AV не установлен
• Пропускает все тесты, выполненные в сценарии тестирования подключения. https://gallery.technet.microsoft.com/scriptcenter/Azure-AD-Connect-Network-150c20a3
• Может соединяться с LDP.exe через порт 389 без проблем
• Пользователь домена является членом администраторов домена, администраторов схемы, администраторов предприятия.
• O365 - учетная запись администратора клиента. без проблем с паролем
• AD Syn c служба запускается и работает без проблем
• UA C отключена
• DNS указывает на локальный IP-адрес локальной сети, имя домена разрешается внутренне и внешне
• удалили все локальные файлы и SQL базы данных и переустановили AD syn c, та же проблема

ОШИБКА

[21:40:54.947] [ 18] [VERB ] ServiceControllerProvider:     Initial service status: Stopped
[21:40:54.947] [ 18] [VERB ] ServiceControllerProvider:     Starting service and waiting for completion.
[21:40:55.457] [ 18] [INFO ] ServiceControllerProvider: StartService status: Running
[21:40:55.465] [ 18] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service. The server could not be contacted. | The LDAP server is unavailable.  Please see the Application and System event logs for additional details. ---> System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
   at System.DirectoryServices.Protocols.LdapConnection.Connect()

ОШИБКА

AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService:
AzureActiveDirectorySyncEngine Verbose: 903 : TryStopAndDeleteBootstrapService.
AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService.
AzureActiveDirectorySyncEngine Verbose: 903 : StopAndDeleteBootstrapService completed successfully.
AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService: EventLog.CreateEventSource caught expected exception. Details System.ArgumentException: Source ADSyncBootstrap already exists on the local computer.
   at System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.CreateBootstrapService(SyncServiceAccount syncServiceAccount)
AzureActiveDirectorySyncEngine Verbose: 903 : CreateBootstrapService: completed successfully.
AzureActiveDirectorySyncEngine Verbose: 903 : GetPrincipal: MachineName = IQMS-DCFS01 DomainName = 10100154, isLocalMachineAccount=False, isDomainController=True, IsManagedServiceAccount=False.
AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:InstallCore - Caught unexpected exception. Details System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
   at System.DirectoryServices.Protocols.LdapConnection.Connect()
   at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.GetPrincipal(Boolean isDomainController, AccountManagementAdapter localAccountManagementAdapter, AccountManagementAdapter& domainAccountManagementAdapter)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.ResolveSid(Boolean isDomainController)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
AzureActiveDirectorySyncEngine Error: 906 : SyncServiceAccount:RemoveAccountRights - no SidString available
AzureActiveDirectorySyncEngine Verbose: 901 : >>> RegistryAdapter::SetBooleanValue(HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\services\ADSync\Parameters, LocalDBKeepAlive, False)
AzureActiveDirectorySyncEngine Verbose: 902 : <<< RegistryAdapter::SetBooleanValue
AzureActiveDirectorySyncEngine Verbose: 903 : RestartBootstrapService:
AzureActiveDirectorySyncEngine Verbose: 903 : RestartBootstrapService: completed successfully.
AzureActiveDirectorySyncEngine Error: 906 : The server could not be contacted.