For a long time, I worked with Azure AD Connect and was installing another AAD Connect machine to staging mode. The installation didn’t finish because of an error I received in the configuration phase.
Error
The installation, or configuration, failed because it was unable to create a synchronization service account for Azure AD.
The exact error – ‘Unable to create the synchronization service account for Azure Active Directory’.
Errors in AADC deployment log.
From the Azure AD ‘Non-InteractiveSigninLogs’ is seen that ‘sync_FETADC04…’ account has multiple failure logins.
From the detailed sign-in information is seen that this user should enroll authentication information to multi-factor authentication service to be able to proceed.
From the AAD Connect server Event logs, I found event 906 which indicates that the AADC service hasn’t been able to get token.
Root Cause
The root cause is Azure AD Conditional Access policies. In the environment I was working on are multiple policies where these type of service accounts needs to be excluded and allow logins only from specific IP-address ranges.
After the service account was excluded from the needed CA policies I was able to finalize Azure AD Connect installation.
Hope this helps if you are facing the same issue. And, Happy New Year!
Sam's Corner 
Thank you so much! This was exactly my issue and your fix resolved it for me.
Great to hear!
I got same error during migration but you saved me. God Bless you
Great to hear!
Thanks for the article. It resolved my issue when migrating ADConnect to a new server.
Thanks for the feedback and great to hear that it as helpful!
I was having the same issue and I was able to fix it thanks to you. Thanks a lot for sharing.