DirSync will break when your Office 365 admin password expires
For those of you that have recently installed DirSync, be aware that the admin account that DirSync uses to authenticate to Office 365 is not exempt from the password expiration policy. This means that in the default setup, DirSync will break 90 days after you first set up the admin account. Obviously if you have changed the password expiration policy, it will be longer (or shorter), but even lengthening it to the maximum of 730 days will only delay the inevitable.
The error messages you get form it are also bloody useless and contain only obscure clues to what the problem is. The email you get from MicrosoftOnline.com only refers to this page which mentions nothing about password expiry. Meanwhile, the FIM UI reports a status of stopped-extension-dll-exception and Event Viewer only has this to say:
Nice to know Microsoft are still world-leading in descriptive error messages, isn't it?
An unknown error occurred with the Microsoft Online Services Sign-in Assistant. Contact Technical Support. GetAuthState() failed with -2147186688 state. HResult:0. Contact Technical Support. (0x80048831)
How to fix it
There's a detailed post about what to do about it here: Office 365 Service Accounts - How do I stop DIRSYNC from breaking every 90 days…
Basically, you can use Powershell (because Microsoft apparently don't hire GUI designers any more) to flag a particular account to never expire the password. Use this on the admin account that DirSync uses and you are all set.
Also, if anyone from Microsoft is reading this, any chance we could have this mentioned in the setup guides? Or the troubleshooting page? The above blog post is nearly 2 years old and still no-one has got around to putting it in the official documentation.