Dear all,

I have recently installed my remote loader on my user app server to
connect to Active Directory(AD) server.
Yes, my remote loader is not installed on my AD server.
My colleague did the same configuration and it worked.

Recently, i have encountered problem whereby changes from the AD server
such as user object deletion were not detected and changes in attribute
were not flowing back to eDirectory.
When i checked the remote loader Trace log, i noticed there isn't the
usual "Get Object Changes" message which should be present when the
driver poll for AD changes.

I have set the driver polling interval to 1, which is equivalent to 1
minute of polling rate.
I have ensured the filter to have user class set to synchronized in the
publisher channel.

On my user app server, the remote loader server service is set to to run
as an account, run service 'log on as' this specify "aduser" credential.
This "aduser" account is created on the AD server side as well. The
rights given were domain admin. Domain admin consist of the 3 essential
rights which is "READ", "WRITE" and "Replicating Directory Changes".

When the remote loader service is ran as 'local system', the message
"Get Object Changes 0x0000" appears! But i got the set password platform
err 5. Thus, i cannot run as local system as my AD driver needs to set
Thus, i set it back to run service 'log on as' aduser. Password was set
successfully but still not "Get Object Changes" message. When i
increased the trace log to level 4, i found this message, "error
initializing command connection: Socket error:Permission denied". Could
this be the reason why my AD driver is not polling?

Googled and found the above message to be related to sock corruption
Will troubleshoot further and update this thread. In the meantime,
please share any possible solution, greatly appreciated!

tanhehua's Profile:
View this thread: