You might encounter the following error codes and messages when using Password Sync. Use the table below to troubleshoot errors.
Errors & solutions
| Error code or message | Explanation & troubleshooting |
|---|---|
| 0x00005012 S_ADS_NOMORE_ROWS
The search operation has reached the last row |
Password Sync contacted the Active Directory server and succeeded with a search. However, no results were returned that matched the query. Here are possible causes:
|
| 0x80005008
One or more input parameters are invalid |
This error can occur when the user whose password is being synced isn't included in the base DN you provided. Try using a broader top-level base DN rather than specifying an organizational unit. For example, if you used OU=Sales,DC=altostrat,DC=corp as your base DN, try DC=altostrat,DC=corp instead. |
| 0x80005010
The specified column in the directory was not set |
Password Sync is unable to find the user's email address in Active Directory using the attribute specified during Password Sync installation (usually mail). Confirm the user has a valid email address and you aren't using a computer account (LocalSystem account). If yes, it's possible that the user that Password Sync is using to query Active Directory (authorized user) doesn't have access to this attribute for the user. Try providing a different Active Directory user in the Password Sync configuration interface. |
| 0x80041007 |
At least one user isn't an existing Google user or Password Sync can't access the user. Find the affected user in the logs. You can search for Failed with 0x80041007. Then, verify in your Google Admin console that the user exists in your organization's Google Account. |
| 0x8004100f |
The time is incorrect on the domain controller (DC) running Password Sync. Make sure the date, time, and time zone are correct. Then, try authorizing again. |
| 0x80041011 |
The service account isn't authorized in your Google Admin console. Create a Password Sync service account or authorize Password Sync using 3-legged OAuth. For details, go to:
|
| 0x80041012 |
The service account isn't correctly authorized in your Google Admin console. Verify that you used the correct API scope or authorize Password Sync using 3-legged OAuth. For details, go to:
|
| 0x80041013 |
The JSON file provided is invalid. Make sure you configured your service account correctly or authorize Password Sync using 3-legged OAuth. For details, go to:
|
| 0x80070005
Access denied |
If you see this error in the service logs as "SyncConfig::GetDataDirectory [...] Failed with 0x80070005," it's probably related to a change in the service "Log on as" setting. To fix this:
If this error appears in the configuration interface logs, make sure:
|
| 0x80070057
The parameter is incorrect |
This error can have different meanings in different contexts.
If you get this error on the same line with TryDecryptAndGetSecret in the Password Sync service logs, you might have turned on Windows application compatibility settings for Password Sync. Turn it off and try again. |
| 0x8007052e
Logon failure: unknown user name or bad password |
If you set up Password Sync to use Anonymous access to connect to Active Directory, this error indicates Password Sync isn't turned on. To fix the error, in the Password Sync configuration, enter an Active Directory user and password.
If you already entered a username and password, make sure they’re correct and in the domain\administrator format. If that doesn’t work, try the [email protected] format. |
| 0x8007065e |
This issue can occur if the network timeout registry entries have been created using the wrong registry data type (for example, REG_SZ instead of REG_DWORD). Use the Registry Editor (regedit) to make sure all entries under the following paths are REG_DWORD and not any other type:
|
| 0x8007200a
The specified directory service attribute or value does not exist |
This error usually means the user Password Sync uses to query Active Directory (authorized user) doesn't have access to the attribute. Provide a different Active Directory user in the Password Sync configuration interface. |
| 0x8007202b
A referral was returned from the server There is no such object on the server |
These errors usually mean the base DN is incorrect. If you collected logs using the Password Sync support tool, compare the base DN in the config.xml file to the admin's DN in the PasswordSyncSupportTool.log file. Check if there are any differences in the DC= sections.
For details on the Password Sync support tool, go to Automatic troubleshooting. |
| 0x8007203e
The search filter cannot be recognized |
Password Sync contacted the Active Directory server, but a search was unsuccessful.
This error can occur if the email address attribute contains invalid characters. |
| 0x80072ee0 | There was an issue with authorization for your organization’s Google Account, usually due to an incorrect network or proxy configuration. To resolve it, go to I need help configuring proxy settings.
If this doesn't resolve the issue, try reauthorizing Password Sync in the configuration interface. If you have multiple domain controllers and you're using 3-legged OAuth for authentication, don't use the same super administrator account to authorize more than 10 DCs. For details about Password Sync authentication, go to Choose your authentication method. |
| 0x80072ee2 | Password Sync's connection to Google is timing out. This error usually means there is a block to the connection. To troubleshoot:
|
| Error 400: invalid_request: The version of the app you're using doesn't include the latest security features to keep you protected. Please make sure to download from a trusted source and update to the latest, most secure version | Make sure you're using the latest version of Password Sync. For details, go to Upgrade Password Sync. |
| HTTP/1.1 403
You are not authorized to access this API |
Two issues can trigger this error. The domain controller isn't properly authorized with your organization’s Google Account. To resolve the issue:
The source account email address cannot be found in Google Workspace. To resolve the issue:
|
| RetrieveTargetEmail ... Failed with 0x80072020
An operations error occurred |
Password Sync failed to open a search in Active Directory. The error appears when trying to use Anonymous access, but the Active Directory server doesn't allow it. Try using the recommended application’s security context option instead. For details, go to Authorization access methods. |
| WinHttpSendRequest failed with 0x80004005 | The proxy server requires authentication. Make sure all the required URLs are in the authentication bypass list of your proxy server. For details, go to Set up a Google Workspace host name allowlist. |
Get help with other error codes
For other Microsoft Active Directory or LDAP-related error codes, consult the Generic ADSI Error Codes table in your Microsoft documentation.
Related topic
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
