Use the steps below to troubleshoot authentication errors in your Password Sync logs. Local proxy or trusted certificate issues cause most errors.
Step 1: Check the service logs
Open your service log files and find any 0x6, 0x203, 0x4, or 0x102 errors.
For help with finding the Password Sync logs on your system, go to Where are the other logs and configuration files located?
If you find the error, continue to step 2.
Step 2: Configure the proxy settings
Most Authentication Failed errors can be fixed by troubleshooting your proxy connection. Complete the steps in I need help configuring proxy settings for Password Sync.
If you still get the error, continue to step 3.
Step 3: Review the service authorization logs
Review the service authorization logs and check the error messages found there.
For help with finding the Password Sync logs on your system, go to Where are the other logs and configuration files located?
If reviewing the service authorization logs doesn't help resolve the errors, continue to step 4.
Step 4: Check the server's trusted certificates
If you view a secure connection error in the service authorization logs, you might have an issue with your server's trusted root certificates.
Check the certificate details shown in the connection troubleshooting information in the Password Sync service or service authorization logs. Compare the information with your Microsoft Windows trusted root certificates. Make sure the Windows trusted certificate store includes a root certificate authority that signed the certificate details shown in logs. For details on how to view certificates, consult your Microsoft documentation. For information about Password Sync logs, go to Check the logs.
If the certificate you find in the logs doesn't match the Windows information, you could be connecting through a proxy. To resolve this issue, contact your network administrator.
If the certificate details in the logs indicate it's a Google's certificate, continue to step 5.
Step 5: Check the root certificate authority
If you cannot find the Google Trust Services root certificate when viewing your network certificate, you might need to install the root certificate authority:
- Download the Google Trust Services root certificate from https://pki.goog/roots.pem.
- Open a command prompt (CMD) window.
(Optional) Depending on your system, you might need to right-click Command Prompt and click More
Run as administrator.
- Enter the command certutil -addstore Root %userprofile%\Downloads\roots.pem.
If necessary, replace %userprofile%\Downloads\roots.pem with the path to the file you saved above.
You should get a verification message such as: Root "Trusted Root Certification Authorities" Signature matches Public Key Certificate "AAA Certificate Services" added to store. CertUtil: -addstore command completed successfully.
- Restart the Password Sync service by entering the
sc stop "Password Sync"command followed by thesc start "Password Sync"command.If you're using Password Sync versions 1.6.13–1.7.6, replace Password Sync with G Suite Password Sync.
If you're using version 1.6 or earlier, replace Password Sync with Google Apps Password Sync.
Still need help?
Contact Google Workspace support
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
