cancel
Showing results for 
Search instead for 
Did you mean: 
mcdave
Level 10

Failing Active Directory Synchronizations

Suddenly since last week one of our 5 Active Directory Synchronizations continuously fail.

Here are the server task logs:


2/10/16 1:05:23 PM     Started: Synchronizing 1 groups


2/10/16 1:05:23 PM     Synchronizing 1 synchronized groups


2/10/16 1:05:23 PM     Another task is currently performing synchronization to group My Organization\DOMAINX, skipping.


2/10/16 1:05:23 PM     Error synchronizing DOMAINX with Active Directory synchronization point [DC=DOMAINX,DC=com]


2/10/16 1:05:23 PM     _Sync AD-ePO Dir [DOMAINX] (Synchronized 0 groups)




But there no other sync task running (even if there are no server tasks running at all it keeps failing with the same message)

Restarting the epo server didn't help either

Here are our sync settings:

10-02-2016 13-46-34.png

All help is appreciated

regards,

Dave

0 Kudos
9 Replies
Fademidun
Level 10

Re: Failing Active Directory Synchronizations

Also getting this error along the previous posted one... Warning, some sync points failed to synchronize

I may have to open a case with Support as this is affecting the newly deployed system to be discovered and managed

0 Kudos
Fademidun
Level 10

Re: Failing Active Directory Synchronizations

I've been able to resolve mine. First thing I did is to disabled the options to push Agent on discovery new system (this is causing the process to proceed on error), then did a search for AD Synch. I realised that there are 2 types of synchronisation. the first one is AD Synchronisation and the second Active Directory/Domain Synchronization, I just search for Synchronisation and Synchronization, then terminated the running tasks, reboot and check status of synchronisation on all 5 domains via Group details/Synchronisation Type/Edit and all was clear. Go to Task and fire up AD Synch task, after successfully synch, enabled the Push Agent option on discovery and all is good. Will keep an watching and see how it behaves in couple of days.

Hope this is useful

Rgds,

0 Kudos
rjbassett
Level 7

Re: Failing Active Directory Synchronizations

Fademidun,  Were you able to later enable the option to push Agent on discovery of new system?

0 Kudos
Fademidun
Level 10

Re: Failing Active Directory Synchronizations

Hi Rjbassett,

Yes I did, as stated in last statement in my comment.

"after successfully synch, enabled the Push Agent option on discovery and all is good"

Rgds

0 Kudos
rjbassett
Level 7

Re: Failing Active Directory Synchronizations

Thanks....I guess I'm tired and quit reading.  I did the sync successfully without the push enabled.  But when i enable the push, the sync task only completes when there is no deploy agent started.  It just sits here: 

12/21/17 7:40:09 AM Started: Synchronizing 2 groups

12/21/17 7:40:09 AM Synchronizing 2 synchronized groups

12/21/17 7:40:24 AM Succeeded synchronizing [computers] with Active Directory synchronization point [OU=...]

12/21/17 7:40:29 AM Started: Deploy McAfee Agent

0 Kudos
Fademidun
Level 10

Re: Failing Active Directory Synchronizations

Can you deploy without executing AD Synch. direct deployment? also click on configure settings and check the login details, also check the task log and may have to delete all pending jobs

0 Kudos
rjbassett
Level 7

Re: Failing Active Directory Synchronizations

Yes.  Deploy Agent button works as does the deploy agent that gets kicked off by the New Systems button.  Just hangs in the AD sync server task.

Credentials are all correct. (verified anyway too) 

Also, is there a way to see which machine the AD sync task deployed to?  Seems awfully vague...."Started: Deploy McAfee Agent" and doesn't say to what system....sublog doesn't show it either.

0 Kudos
rjbassett
Level 7

Re: Failing Active Directory Synchronizations

Figured it out!!!   And it's a much better way to auto-detect and auto deploy Agent and ENS.

[Update: Only catch is if ePO sync's with AD before an imaging process is done in which the imaging process added the machine to AD...then this solution fails before the image is completed and ready to receive the agent.] 

Issue:  AD Sync Server Tasks is configured to Push Agent on newly discovered systems, it will remain in the “In Progress (0%)” state if it triggers a Deploy McAfee Agent…even though the Agent gets deployed.  Admin must use End Task to stop the server task in the log.

In the Synchronization type configuration, don’t use the Push Agent because:

  1. It doesn’t end the server task when it completes if the deploy agent was triggered; and
  2. It doesn’t tell you which system(s) it was deployed to.

Instead, use Tags> Apply tag to new computers added to the tree > I-Agent (something that indicates Install Agent)

synctype.jpg

pushagt_tag.jpg

Then in the AD sync Server Task:

  1. Run the Active Directory/NT Domain Synchronization
  2. Run a query to find all systems with the tag I-Agent and:
    1. Sub-Action:  deploy the Agent
    2. Sub-Action:  tag with I-ENS4 (which will trigger the Client Task to install ENS on the first Agent check-in)

          servertask.jpg

Now if it triggers an agent deploy, you'll see it in the SubTask logs.

0 Kudos
jaydxt01
Level 9

Re: Failing Active Directory Synchronizations

@rjbassett is correct: The actual issue is server task that ran to do AD Sync and deploy MA on the newly found system is not completed and stuck in "In Progress" state.

You can verify this from "Server Task Log", see if there are any server task running under "In Progress" status

There are other way to find it using SQL query, let me know if the above steps did not work

0 Kudos