Azure AD Password Sync – “no recent synchronization” – Event ID 611 – “the operation was aborted because the client side timeout limit was exceeded”


Azure AD Connect (v1.1.614.0) Password Synchronisation has stopped working.

In the Office 365 Admin Centre, DirSync Status shows no recent password synchronisation.



The following error is flagged on the Azure AD Connect Server.

Event ID: 611 (Log: Application, Source: Directory Synchronization)
Level: Error
Description: Password synchronization failed for domain:
Details: System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Online.PasswordSynchronization.DirectoryAttributeSearcher.<GetObjectAttributes>d__8.MoveNext()
at Microsoft.Online.PasswordSynchronization.DirectoryAttributeSearcher.<GetObjectAttributes>d__0.MoveNext()
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IEnumerable`1 changeObjects, IList`1& passwordChanges, IList`1& retryObjects)
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IList`1 changeSetObjects)
at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)


Change the LdapClientIntegrity registry value to 0.



Restart the Microsoft AD Azure Sync Service and this will resolve the issue.

You will see Event ID 4643 (Password sync started for management agent “”), and 904 (Starting sync scheduler thread) events logged.

After a short wait, in the Office 365 Admin Centre, DirSync Status shows recent password synchronisation.




LdapClientIntegrity controls whether the LDAP client automatically attempts to negotiate a signed or integrity-validated session when a bind is performed.  Signing protects the session by detecting attempts to alter LDAP traffic during an LDAP connection to the network.

The following settings are possible:

0: Do not automatically use signing.

1: Automatically use signing against supported servers, but permit fallback to a non-signed session if unable to establish signing.

2: Always use signing, and fail to bind if unable to establish signing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s