I have a problem with the password synchronisation agent installed on the AD DC.
when configuring the AD Endpoint, I verified that "Password Synchronisation agent is installed" is checked.
Add to that, I installed the agent in the AD DC and I verified that the "eTpropagatePassword" is on 1 .
the network flow is verified too.
But when I reset a password in the AD, there is nothing going to the provisioning server.
Have you an idea please about that ?
Remark: C:\Program Files (x86)\CA\eTrust Admin Password Sync Agent\Logs is empty.
Doc located here:https://docops.ca.com/ca-identity-manager/12-6-8/EN/administrating/password-management/synchronizing-passwords-on-endpoints/password-synchronization-on-windows#PasswordSynchronizationonWindows-HowtheEnable/DisablePasswordSyncWorks
First check that a reboot has been performed post install:How the Enable/Disable Password Sync WorksWhen the Password SYNC Agent is installed on a Domain Controller, the Agent gets registered in the Domain Controller's Local Security Authority Notification Package in the registry, and the DLL loads on reboot. The Domain Controller is a specific Active Directory machine where the password sync agent is installed. This agent is a DLL, and it acts as a Microsoft password filter that allows CA Identity Manager to run its own code. For example, the Agent calls into CA Identity Manager to change the users password.
Then Check if the agent is enabled:[Main];; The following parameter allows to enable/disable Password Sync. Agent.;; The default value for the flag is 'yes'.;; pwd_sync_enable=no
Then check if logging is enabled:You may also have logging_enabled=no, change this to yes, and try to reset a password.
Thanks Bill for your reply.
I verified those parameters and they are already well setted ( value =1).
Add to that, logging_enabled is enabled but there is no log files ...
That being the case, then it must be that the Domain Controller was not rebooted post install.
Reboot that domain controller to pick up the psych dll
Make sure that the logon server is set to that domain control (from windows cmd prompt type "set L" that will show the logon server)
If this does not work, then a support ticket will be required.