Q. Do you have any windows 2003 domain controllers?
Will be in touch... as no doubt this will come to me soon.
Alrighty then :) not an urgent case at the moment as the system isn't live for users yet here.
Thanks a lot!
I just thought I would update this thread, in case anyone else got the particular Error
The DirSync components need to make an LDAP query to the DC’s as part of the password sync process, there is an issue in the LDAP library in windows that causes binds to DC’s to fail when chasing LDAP referrals. DirSync does not need to chase referrals to work and therefore does not normally raise an issue for the product.Quote:
Password synchronization failed for domain: domain.local. Details:
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.
at System.DirectoryServices.Protocols.LdapConnection. ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
However, if the GUEST account is enabled the bind will work, but a subsequent query will not be processed correctly and an LDAP timeout error generated. This causes the password sync component of DirSync to fail.
This issue in the LDAP library is in the windows operating system and is only currently exposed by DirSync. The windows product group are currently looking at fixing this in a future version of windows (i.e not one that is currently released)
Further more a change maybe made to DirSync Product in a later version!
The current solution is to disable the GUEST account.