Troubleshooting Specops Password Sync syncing issues.
First to start let’s take a look at the required installed pieces that make up Specops Password Sync:
- Specops Password Sync Server
- This should be installed on a Windows Server.
- Handles the syncing over to your destination sync point.
- Specops Password Sync Notifier
- This is required to be installed on all writeable Domain Controllers.
- Watches for password changes on domain controllers.
- Requires a reboot after installing on each Domain Controller.
You can view the requirements for the installation here: https://specopssoft.com/support/en/password-sync/installation.htm
To troubleshoot issues with Sync, we should start with checking our basic configuration.
Check basic configuration
- Validate our user is within the sync scope defined. This defines our scope of management and is user based.
- Next validate our Sync Server(s) are listed under Sync Servers. These servers do the syncing to the destination.
- Next validate our Sync Points configuration. You will want to check that the sync points are listed, and that the Provider is configured correctly.
- Finally we want to validate that our Group Policies used for Sync are listed under Policies.
Once you’ve validated those steps, move on to tracking password sync below.
Tracking the password sync process to look for issues
Sync Notifier Events
The very first place to look to track is on the Domain Controller that the password change was run against.
Look under the Event Viewer, Windows Logs, and Application. Look for the Event ID listed below:
|Information||151||A password change will take place for the user indicated in the event log message.|
If you see this event successfully, then the Sync Notifier saw the password change, and sent it over to Sync Server. Go to that section to continue to track it.
If you do not see the event, it might be for one of these causes:
- The Domain Controller has not been rebooted after the Sync Notifier installation. If you are not seeing any events from Sync Notifier, then this is the most likely cause.
- The user is not within the scope used for your Sync Scope when you configured Password Sync.
- The user does not have the Password Sync GPO assigned to their account.
Otherwise you can look at an explanation of other events here: https://specopssoft.com/support/en/password-sync/troubleshooting.htm
Sync Server Events
Once the Sync Notifier sees the change, it sends it over to your Sync Server.
If Sync Server is then able to sync the password to the destination successfully you should event ID 155 under the Event Viewer, Windows Logs, and Application of your Sync Server:
|Informational||155||A successful password change was made by a provider.|
For a list of events, see here: https://specopssoft.com/support/en/password-sync/troubleshooting.htm
If you are having issues at this step, this would generally be related to Sync Point configuration issues, or connectivity to your destination from the Sync Server.