Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Troubleshooting Specops Password Sync syncing issues.

First to start let’s take a look at the required installed pieces that make up Specops Password Sync:

Required Installs:

  • Specops Password Sync Server
    • This should be installed on a Windows Server.
    • Handles the syncing over to your destination sync point.
  • Specops Password Sync Notifier
    • This is required to be installed on all writeable Domain Controllers.
    • Watches for password changes on domain controllers.
    • Requires a reboot after installing on each Domain Controller.

You can view the requirements for the installation here:

To troubleshoot issues with Sync, we should start with checking our basic configuration.

Check basic configuration

  • Validate our user is within the sync scope defined. This defines our scope of management and is user based.
  • Next validate our Sync Server(s) are listed under Sync Servers. These servers do the syncing to the destination.
  • Next validate our Sync Points configuration. You will want to check that the sync points are listed, and that the Provider is configured correctly.
  • Finally we want to validate that our Group Policies used for Sync are listed under Policies.
The GPO(s) listed here should be assigned to the user account(s) of the user(s) that should be synced.

Once you’ve validated those steps, move on to tracking password sync below.

Tracking the password sync process to look for issues

Sync Notifier Events

The very first place to look to track is on the Domain Controller that the password change was run against.

Look under the Event Viewer, Windows Logs, and Application. Look for the Event ID listed below:

Information151A password change will take place for the user indicated in the event log message.

If you see this event successfully, then the Sync Notifier saw the password change, and sent it over to Sync Server. Go to that section to continue to track it.

If you do not see the event, it might be for one of these causes:

  1. The Domain Controller has not been rebooted after the Sync Notifier installation. If you are not seeing any events from Sync Notifier, then this is the most likely cause.
  2. The user is not within the scope used for your Sync Scope when you configured Password Sync.
  3. The user does not have the Password Sync GPO assigned to their account.

Otherwise you can look at an explanation of other events here:

Sync Server Events

Once the Sync Notifier sees the change, it sends it over to your Sync Server.

If Sync Server is then able to sync the password to the destination successfully you should event ID 155 under the Event Viewer, Windows Logs, and Application of your Sync Server:

Informational155A successful password change was made by a provider.

For a list of events, see here:

If you are having issues at this step, this would generally be related to Sync Point configuration issues, or connectivity to your destination from the Sync Server.

Publication date: September 15, 2021
Modification date: October 30, 2023

Was this article helpful?

Related Articles