tanhehua Absent Member.
Absent Member.
1436 views

Remote Loader Logs Not Showing "Get Object Changes"


Dear all,

I have recently installed my remote loader on my user app server to
connect to Active Directory(AD) server.
Yes, my remote loader is not installed on my AD server.
My colleague did the same configuration and it worked.

Recently, i have encountered problem whereby changes from the AD server
such as user object deletion were not detected and changes in attribute
were not flowing back to eDirectory.
When i checked the remote loader Trace log, i noticed there isn't the
usual "Get Object Changes" message which should be present when the
driver poll for AD changes.

I have set the driver polling interval to 1, which is equivalent to 1
minute of polling rate.
I have ensured the filter to have user class set to synchronized in the
publisher channel.

On my user app server, the remote loader server service is set to to run
as an account, run service 'log on as' this specify "aduser" credential.
This "aduser" account is created on the AD server side as well. The
rights given were domain admin. Domain admin consist of the 3 essential
rights which is "READ", "WRITE" and "Replicating Directory Changes".

When the remote loader service is ran as 'local system', the message
"Get Object Changes 0x0000" appears! But i got the set password platform
err 5. Thus, i cannot run as local system as my AD driver needs to set
password.
Thus, i set it back to run service 'log on as' aduser. Password was set
successfully but still not "Get Object Changes" message. When i
increased the trace log to level 4, i found this message, "error
initializing command connection: Socket error:Permission denied". Could
this be the reason why my AD driver is not polling?

Googled and found the above message to be related to sock corruption
issue.
Will troubleshoot further and update this thread. In the meantime,
please share any possible solution, greatly appreciated! 🙂


--
tanhehua
------------------------------------------------------------------------
tanhehua's Profile: https://forums.netiq.com/member.php?userid=10293
View this thread: https://forums.netiq.com/showthread.php?t=55146

Labels (1)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Remote Loader Logs Not Showing "Get Object Changes"

As always, post your driver trace at level three (from the RL side),
including the startup of the driver.

It would help to know more about what you have done to set things up. If
what you posted was a comprehensive list of steps, you're missing the hard
part where you configure your (presumably) member server to have a
relationship with the domain controller (DC) configured as your
synchronization point. If you do not do this, then you can only have
Subscriber channel synchronization, thus your error. I'd probably guess
this is your problem; see the MAD driver documentation for details; the
details will basically be a link to the MAD documentation on microsoft's
site about setting up SSL.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Remote Loader Logs Not Showing "Get Object Changes"

ab wrote:

> As always, post your driver trace at level three (from the RL side),
> including the startup of the driver.
>
> It would help to know more about what you have done to set things up. If
> what you posted was a comprehensive list of steps, you're missing the hard
> part where you configure your (presumably) member server to have a
> relationship with the domain controller (DC) configured as your
> synchronization point. If you do not do this, then you can only have
> Subscriber channel synchronization, thus your error. I'd probably guess
> this is your problem; see the MAD driver documentation for details; the
> details will basically be a link to the MAD documentation on microsoft's
> site about setting up SSL.


Most importantly, this is not an eDirectory issue. It is an IDM issue and you should create a new thread under the Identity Manager Engine/Drivers subforum.
You will reach a wider and more relevant audience by posting in the IDM forums.

Make sure the new thread includes the details that Aaron asked for.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.