Troubleshoot ADSync Utility Errors
This article addresses some of the common issues that are faced while working with the ADSync Utility.
Errors that are encountered in the sync process generate log entries in the ADSync utility log. These log files are stored at <Install_Directory>/sync/logs. Log files are named with the following structure:
- sync_data.log.0
- sync_data.log.1
- sync_data.log.2
- sync_data.log.3
- sync_data.log.4
Here, sync_data.log.0 is the log file for the most recent sync attempt.
Possible error scenarios are as follows:
Before you try any of the following troubleshooting methods, review the sync.properties file to verify that:
- The action.key attribute has not been modified.
- The xml.response.dtd attribute has not been modified.
If the issue persists even after the troubleshooting, contact the Support team for assistance.
Client (LDAP) Errors
The errors generated on the client side are recorded in the sync_error.log.0 file. For more information about this file, see logger.properties.
Error Loading the Attribute Map List File
Review the attribute_map.list file and verify that it contains correct information.
Follow these steps:
- Verify that the file is available at the path that is defined in the ldap.attribute.map attribute in the sync.properties file.
- Verify that the org_name attribute is defined correctly, if you are using it. The parameter values must not contain any unnecessary characters, or spaces. For more information about the org_name attribute, see Configure the org_name Attribute in Configure the ADSync Utility .
Error Loading the Search Base List File
Review the searchBase.list file and verify that it contains correct information.
Verify that the file is available at the path that is defined in the search.base.list attribute in the sync.properties file.
Error Loading the Backup ID Mapper File
Verify that the backupIDMapper.properties file is available at the correct path. This file must be present at <:Install_Directory>/sync/backup/idMapper. Ensure that this file is not modified in any way.
If you have any issues in the backup, delete the backup files and run a complete synchronization. However, do not modify any files manually.
For more information about the backup files, see Backup in Get Started with ADSync Utility.
Error Connecting to the LDAP Server
Review the sync.properties file, and verify that the ldap.gc and ldap.dc attributes are defined correctly.
Next, verify that the ldap.bind.user and ldap.bind.user.pwd attributes are defined correctly.
For more information about these attributes, see sync.properties in Configure the ADSync Utility.
Error While Retrieving Records
Verify that the information provided in the searchBase.list file and the attribute_map.list file is correct. Remove unnecessary characters or spaces in the org_name attribute.
Verify that the organization unit structure provided in the searchBase.list file is correct. If you see any errors in these files, correct them and run the synchronization again.
Similarly, verify that the ldap.searchFilter attribute is defined correctly in the sync.properties file.
Error Finding Valid Certification Path
While connecting to the Serviceaide Intelligent Service Management server, you can encounter the following errors:
- sun.security.validator.ValidatorException
- sun.security.provider.certpath.SunCertPathBuilderException
This error is encountered if SSL settings are not configured properly. To configure the SSL settings, follow the procedure explained in Enable an SSL Environment for the ADSync Utility in Configure the ADSync Utility.
Server Errors
If there is an error on the Intelligent Service Management server, a response is recorded in the sync_data.log.0 file. The response can help you troubleshoot the error. Some errors contain a response code only. When a response code is present, the XML response from the server is not included in the sync_data.log.0 file.
Connection Error - Response Code: 4xx
These types of errors are reported in the sync_data.log.0 file as SEVERE Response code : 4xx. Here, 4xx denotes the response code (Example: 404, 403, 402).
Verify that the action.url attribute is defined correctly in the sync.properties file.
If you are using a proxy server, verify that the proxy.host and proxy.port attributes are defined correctly.
If you are using proxy authentication, verify that the proxy.user and proxy.password attributes are defined correctly.
ADSync Utility supports only basic authentication. Ensure that the proxy.auth.preference attribute is set to basic.
If the proxy.host and proxy.port attributes are defined correctly, verify that the SSL settings are enabled.
If the SSL settings are not configured, follow the procedure explained in Enable an SSL Environment for the ADSync Utility in Configure the ADSync Utility.
Modify the SSL settings only if the action.url, proxy.host, and proxy.port attributes are defined correctly.
Server Error - Response Code: 5xx
These types of errors are reported in the sync_data.log.0 file as SEVERE Response code : 5xx. Here, 5xx denotes the response code (Example: 502, 503, 504).
Possibly, the action is complete on the server side. Verify in Intelligent Service Management if the changes are reflecting. Though the action is successful, the backup file is not updated. Delete your backup files and run the synchronization again.
If the issue persists, contact the Support team. Inform the support team even if the action is successful on the server side.
Authentication Error
Verify that the authtoken and slicetoken parameters are defined correctly in the sync.properties file.
If the parameters are defined correctly and you are still facing the issue, contact the support team.
Error while Creating, Updating, or Deleting a Record
This error indicates that the updates to some records have failed.
If only a few records have failed, update them manually.
If many records have failed, delete the backup file and run the synchronization again. However, no records are deleted during the next synchronization in the absence of backup files. Any deletions must be handled manually during the next synchronization. For more details about the backup files, see Backup in Get Started with ADSync Utility.
Error While Updating Backup
Delete the backup files and run the synchronization again. However, no records are deleted during the next synchronization in the absence of backup files. Any deletions must be handled manually during the next synchronization. For more details about the backup files, see Backup in Get Started with ADSync Utility.
Connection Reset and Timeout Errors
While synchronizing a large number of records, you may encounter errors like, connection reset or timed out. The error arises because the connection between your ADSync Utility and Intelligent Service Management times out. The timeout limitation depends on various factors, like:
- Size of transactions
- Network latency
- Proxy server interference
You can resolve these issues by using the direct URLs to Intelligent Service Management. You can request the Support team for the direct URL that is relevant to your location.
However, in case of very large transactions, we recommend that you split your data into smaller batches, by mapping them to separate organization units. For example, you can modify your organization structure such that each unit is limited to 15000-20000 records.
Other Errors
Path Building Failed or Unable to Find Valid Path
Getting SSL error in sync_data.log file of ADSync Utility.
Error Message
DD/MM/YYYY XX:XX:XX SEVERE sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
DD/MM/YYYY XX:XX:XX SEVERE Exception while trying to extract response code in catch block of exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Source
sync_data.log
Resolution
The above error shows that the SSL certificate which is available in “si” file of the ADSync utility is incorrect. Update the ‘si’ file with the correct environment ssl certificate by following the instructions at Enable an SSL Environment for the ADSync Utility.
HTTP Response Code: 500
Getting http response code 500 error in the sync_data.log file of ADSync Utility.
Error Message
DD/MM/YYYY XX:XX:XX SEVERE Server returned HTTP response code: 500 for URL: https://sm1s.saas.ca.com/NimsoftServiceDesk/servicedesk/controller/processxmldoc?appid=1=1
DD/MM/YYYY XX:XX:XX SEVERE Response code while getting exception java.io.IOException: Server returned HTTP response code: 500 for URL: https://sm1s.saas.ca.com/NimsoftServiceDesk/servicedesk/controller/processxmldoc?appid=1=1 is :: 500
Source
sync_data.log
Resolution
The URL which has been configured in action.url parameter under sync.properties of ADSync utility is incorrect, and needs correction. In the above example, at the end of the URL an additional keyword “=1” has been appended, and hence the URL becomes incorrect.
Invalid Authorization Token
Error in ADSync after changing the slicetoken of the production instance. The utility was working fine in the staging environment. Encountering the following error in sync_data.logs.
Error Message
<error errorId="1"><![CDATA[Failed to authenticate the user due to an invalid authorization token.]]></error>
Source
sync_data.log
Resolution
As mentioned in the scenario, you have only updated the slicetoken of new environment. You also need to update the action.url field with the URL of the production environment. If you encounter the above error, verify whether the slicetoken, authtoken and action.url are defined correctly in the sync.properties file.
From the Bamboo release onwards, the slice token, authtoken, and action.url values are auto-populated while you download the utility. When you change the environment, download the utility again in the new environment. You do not need to modify these values manually any more
Error after Updating slicetoken, action.url, and authtoken
ADSync is working fine in staging instance. However, after updating the slicetoken, action.url, and authtoken of the production instance, the utility is not creating any user in the production instance. No error is displayed in the log file.
Error Message
None
Source
None
Resolution
The utility was pointing to the staging instance during the last run. Since, it was working fine, a backup file has been generated inside the utility. When you change the URL to the production instance and run the utility, it validates the ADSync user data against the existing backup file. It does not send any data into the application as it does not find any change in the backup.
To resolve this issue, archive the existing backup folder saved under <ADSync Utility>/sync/backup at some other location and then execute the ADSync utility again.
If the problem is not resolved, download the ADSync utility again. From the Bamboo release onwards, these three values are auto-populated while you download the utility. When you change the environment, download the utility again in the new environment.
User Exception or Content Exception
Encountering the following errors messages in the log file after executing ADSync utility.
Error Message
LDAP Exception while searching for the user Exception Message : LDAPException while creating the directory context Exception Message : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
com.ca.saas.adsync.exception.LDAPException: LDAPException while creating the directory context Exception Message : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
at com.ca.saas.adsync.template.LDAPTemplate.initialiseContext(LDAPTemplate.java:284)
at com.ca.saas.adsync.template.LDAPTemplate.search(LDAPTemplate.java:83)
at com.ca.saas.adsync.adapter.NSDAdapter.getUserList(NSDAdapter.java:137)
at com.ca.saas.adsync.AdSyncService.main(AdSyncService.java:80)
Source
sync_data.log
Resolution
The Ldap Error Code "AcceptSecurityContext error, data 52e" indicates that you are using invalid credentials. This error is returned when the username is valid, but the password/credential is invalid. Visit the following URL for more details:
http://ldapwiki.willeke.com/wiki/Common%20Active%20Directory%20Bind%20Errors
Organization Not Updated
ADSync fails to update the organization information.
Warning
Primary organization was not updated since a matching organization profile was not found within Nimsoft Service Desk.
Source
sync_data.log
Cause
- The organization hierarchy is not defined in your Intelligent Service Management instance.
- There are duplicate entries for organizations in Intelligent Service Management.
Resolution
Correct the organization hierarchy in Intelligent Service Management. Navigate to MANAGE> Tools> Organizations to review and correct your organizational hierarchy.
Note: Always set up the organization hierarchy before you install ADSync Utility.
© 2019 Serviceaide 1-650-206-8988 http://www.serviceaide.com info@serviceaide.com