Overview
When using the AD Integrator with v7.0.3 of the Exinda firmware, it is possible to see that the AD Connector will sync with AD correctly upon an initial connection but then will not sync again, automatically or by manual remuneration.
The AD Connector is an integration tool that is installed on Domain Controllers and links up with an Exinda unit so that host IPs can be translated into the users that were using them at a specific moment. This works by utilizing Windows Event Log messages on the DC when an IP is given out to a particular host and the username associated with it at that time. For more in-depth information about how the AD Connector works, please see more information about the Active Directory Integration.
In general, the AD Connector does this by doing a sync and taking new Logon events at a specific interval. The Active Directory page under Configuration > System > Network, "Active Directory" tab will show an increasing time since the last sync:
If this number is higher than the period standard sync, this text will go red and bold to alert the administrators to the fact that there is a problem. There can be numerous reasons that sync fails:
- The password to the windows account connecting to the DC is incorrect
- A firewall is blocking port
In v7.0.3 ("vanilla," or not updated to version update 1) it is possible to see that this sync time keeps increasing past the programmed time period, there are no errors in the logs indicating a lousy password, and any firewall between the Exinda and the DCs is allowing for the correct port (8015). There might also be no firewall in the way. However, the sync still fails during its automatic period or when manually clicking "Renumeration" on the Active Directory page, until one of the following occurs:
- The domain controller is rebooted.
- The Exinda is rebooted.
- The "Active Directory Connector" service on the Exinda is stopped and then started.
When this happens, the sync will work once, thereby restarting the timer and gathering new and updated information, but it will not sync again.
Root Cause
This is a bug in the firmware having to do with how the Active Directory Integration works. It is of an unknown cause as of currently.
Resolution
Restarting the AD Service on the Exinda will force a re-synchronization.
- This can be done in the web UI by going to Configuration > System > Network, under the Active Directory tab.
- There is an option to stop and start the service:
- Pressing 'Stop' on this service, waiting for a few moments and then pressing 'Start' will reinitialize the AD Service on the Exinda. It will take a few moments for the Exinda to reconnect with the DC, and until this time it will say "No Clients" under the list of DCs it is currently connected to.
When the connection is reestablished, the DCs will once more show up in the list, and the sync will have been successful.
Update Firmware
This problem is known to occur on v7.0.3 vanilla (no updates, aka v7.0.3 (3497).
Updating to v7.0.3u1 or v7.4 will make stability better. Furthermore, ensure that the AD Connector version is 1.1.1.0.