What is the probability that a given machine's local user DB will become corrupt if the network connection between the machine and the server is interrupted in the middle of a sync? Asking because we're finding more of these than we'd expected. An Emergency Boot fixes the problem after the fact, but we'd like to prevent it. Am I correct in assuming the size of the user DB for a given machine would correlate with the probability of such corruption, along with the frequency of sync? Is there a rule of thumb to determine what an appropriate user DB size might be? Running 5.2.2 across the board with 1600 users and 1200 machines. Most machines have ~125 users assigned between support and local users. A few have as many as 300. AutoDomain has proven too unreliable due to high work force mobility, infrequent network connectivity, laptop sharing, and very high turnover. I'd like to consolidate some of my user groups to reduce administrative burden but don't know if that's wise. (I'd ensure in advance the local DB size was adequate to accomodate the additional users...). Thanks for any input anyone can offer.
- what error do you get as a result of such corruption
In the client local log: "Error [e0050043]: Unable to open the client data store attribute"
- how frequently do you get those errors (per week)
Roughly two per week
- do you delay machine synch by X minutes ?
Yes. by 1 minute with a 2 minute randomization. Hourly sync thereafter.
- delay longer: 5-10 minute delay is more appropriate. Allow booting PCs stabilize first.
- synch less frequently. I would put every 4 hours as minimum, but better yet use every 48 hours (to catch rarely restarted PCs).
Default database size is probably good for 300 users, but I doubt your problems are related to it.
Thx. I'll increase the initial delay. Our helpdesk will set me afire if I lengthen the sync interval though. They'd prefer it sync every 60 seconds--so many user SSO pw sync problems...
In testing I can fit 700-800 users into the DB at default size. Just don't know if it's smart. Aside from increased server load and increased network traffic what's the remaining downside to doing it? EEPC V6 has a batch transfer size setting. Guess from that I'm assuming really big transfers can somehow be problematic or it wouldn't have become available as an option. Could be some other reason I suppose.
Our helpdesk will set me afire if I lengthen the sync interval though. They'd prefer it sync every 60 seconds--so many user SSO pw sync problems...
Yeah, we don't use SSO.
I'm quite sure that big amount of assigned users to each PC is more headache than benefit. First of all, this encryption product is not really suitable for shared use. We tend to treat PC's as personal machines. One user account and few support accounts. We have very few shared systems, those use shared accounts.