If you have synchronization issues, please check the following:
- Make sure that your environment meets our requirements. Domain controller requirements:
- Windows Server 2003 Service Pack 2 or later, Windows 2008 Server Core;
- .NET Framework 3.5 with SP1;
- Outbound network connection is opened on port 443 (SSL).
- Make sure that you have Administrative permissions. Run the installation again by right-clicking the file and choosing "Run as Administrator".
- Reinstall DirectoryLink. To do this, navigate to Start > Control Panel > Add/Remove programs, uninstall DirectoryLink, reboot the DC and run the installation again.
Does your domain controller meet the requirements?
If the troubleshooting guide isn't working for you, click here to review the full text of the article.
Make necessary changes.
These are the most common synchronization issues:
- The server is not operational
- Timeout error
- If synchronization doesn’t work for a specific user
- Password will not synchronize
- Distribution List membership will not synchronize
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
- This error means that Microsoft ad services are not running on DC. You can get these errors after reboot, when AdSync service started before Microsoft ad services. After Microsoft ad services are started the error goes away.
TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond [server_IP]:443
The HTTP request to https://adsync.serverdata.net/SyncDataService.svc has exceeded the
allotted timeout of 00:00:57.3740000. The time allotted to this operation may have been a portion of a longer timeout
- The above error usually indicates temporary network issues and does not affect the synchronization process.
- In case you notice delays in synchronization, you need to check firewall settings and verify that connections to the server are not blocked.
- Check the AdSync service state on all DC’s. To view it’s state navigate to Start > right-click My Computer > Manage > Services and Applications> Services. AdSync service should be in "Running" state.
- Is the user linked?
- Is the property in the list of properties that are supported?
- UPN: the domain must be added to CONTROL PANEL.
- Country and State values should match the ones listed in
dropdownon the Mailboxes General properties page in Control Panel. Other values will not be imported.
- Each field has its length limitation. If some properties were
imported,but cut in length, that means they didn't match the field length requirements.
- Verify the property is chosen for synchronization in CONTROL PANEL > Services > DirectoryLink > Settings.
If password is not synchronized for one of the users, try the following troubleshooting steps:
- Check if the password meets password requirements
- Unlink user in the CONTROL PANEL > wait 5 minutes > link user again in CONTROL PANEL > change password in the local Active Directory > allow 15 minutes for propagation > login to OWA.
- Check that each DC's "Notification Packages" registry contains "PasswordFilter" line and manually add this line to the key if it's not
inthe list. Once you add the line to the key you must restart the DC. See more details below:
- Start > Run > type cmd and hit Enter > type regedit and hit enter;
- Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control > click on LSA > double-click on Notification Packages > make sure there is a line "PasswordFilter".
- Check that c:\windows\system32\passwordfilter.dll exists.
- Stop the ADSync service on all Domain Controllers > wait 5 minutes > restart the service > reset password > wait for 15 minutes > login to OWA.
If changes in the Distribution List membership are not propagated from your Active Directory to CONTROL PANEL:
- Make sure the users are linked. Unlinked users will not be added as members and will not be removed from Distribution List.
- Make sure the Distinguished Names of the linked users are the same as the Distinguished Names of the members listed in the Distribution List.
Is the issue fixed?
Provide Support with the following information for troubleshooting:
- Results of any tests/checks.
- Errors/warnings from application log.
- Click this link from the domain controller and submit the results:
- The time (and time zone) and date when the last attempt to make changes happened.
- The user, the property and the value you wanted to synchronize at the specified time.
Alsoyou may include msinfo32 information. On each domain controller, go to Start > Run and type "msinfo32". In the System Information window, click File > Save and save it as an .NFO file.