Suddenly since last week one of our 5 Active Directory Synchronizations continuously fail.
Here are the server task logs:
2/10/16 1:05:23 PM Started: Synchronizing 1 groups
2/10/16 1:05:23 PM Synchronizing 1 synchronized groups
2/10/16 1:05:23 PM Another task is currently performing synchronization to group My Organization\DOMAINX, skipping.
2/10/16 1:05:23 PM Error synchronizing DOMAINX with Active Directory synchronization point [DC=DOMAINX,DC=com]
2/10/16 1:05:23 PM _Sync AD-ePO Dir [DOMAINX] (Synchronized 0 groups)
But there no other sync task running (even if there are no server tasks running at all it keeps failing with the same message)
Restarting the epo server didn't help either
Here are our sync settings:
All help is appreciated
Also getting this error along the previous posted one... Warning, some sync points failed to synchronize
I may have to open a case with Support as this is affecting the newly deployed system to be discovered and managed
I've been able to resolve mine. First thing I did is to disabled the options to push Agent on discovery new system (this is causing the process to proceed on error), then did a search for AD Synch. I realised that there are 2 types of synchronisation. the first one is AD Synchronisation and the second Active Directory/Domain Synchronization, I just search for Synchronisation and Synchronization, then terminated the running tasks, reboot and check status of synchronisation on all 5 domains via Group details/Synchronisation Type/Edit and all was clear. Go to Task and fire up AD Synch task, after successfully synch, enabled the Push Agent option on discovery and all is good. Will keep an watching and see how it behaves in couple of days.
Hope this is useful
Thanks....I guess I'm tired and quit reading. I did the sync successfully without the push enabled. But when i enable the push, the sync task only completes when there is no deploy agent started. It just sits here:
12/21/17 7:40:09 AM Started: Synchronizing 2 groups
12/21/17 7:40:09 AM Synchronizing 2 synchronized groups
12/21/17 7:40:24 AM Succeeded synchronizing [computers] with Active Directory synchronization point [OU=...]
12/21/17 7:40:29 AM Started: Deploy McAfee Agent
Can you deploy without executing AD Synch. direct deployment? also click on configure settings and check the login details, also check the task log and may have to delete all pending jobs
Yes. Deploy Agent button works as does the deploy agent that gets kicked off by the New Systems button. Just hangs in the AD sync server task.
Credentials are all correct. (verified anyway too)
Also, is there a way to see which machine the AD sync task deployed to? Seems awfully vague...."Started: Deploy McAfee Agent" and doesn't say to what system....sublog doesn't show it either.
Figured it out!!! And it's a much better way to auto-detect and auto deploy Agent and ENS.
[Update: Only catch is if ePO sync's with AD before an imaging process is done in which the imaging process added the machine to AD...then this solution fails before the image is completed and ready to receive the agent.]
Issue: AD Sync Server Tasks is configured to Push Agent on newly discovered systems, it will remain in the “In Progress (0%)” state if it triggers a Deploy McAfee Agent…even though the Agent gets deployed. Admin must use End Task to stop the server task in the log.
In the Synchronization type configuration, don’t use the Push Agent because:
Instead, use Tags> Apply tag to new computers added to the tree > I-Agent (something that indicates Install Agent)
Then in the AD sync Server Task:
Now if it triggers an agent deploy, you'll see it in the SubTask logs.
@rjbassett is correct: The actual issue is server task that ran to do AD Sync and deploy MA on the newly found system is not completed and stuck in "In Progress" state.
You can verify this from "Server Task Log", see if there are any server task running under "In Progress" status
There are other way to find it using SQL query, let me know if the above steps did not work