Jump to content

AD Sync failing


Recommended Posts

Hello

OU AD Sync is failing since a few days. It seems related to the MSP branch that appeared in our AD since migration to new MSP portal :

 

image.png.1d1b92ee9256353a5ec359dcb49ef71d.png

 

Our AD Sync task is configured to sync with the "All" folder and "Delete" groups that are no longer present. If I switch "Delete" of group to "Skip", the Sync works.

/var/log/eset/RemoteAdministrator/Server/trace.log shows this

2020-05-19 08:07:33 Error: CServerStaticGroupsModule [Thread 7f53425a1700]: Linked synchronized static group may not be removed

Anyone seen this ? Since MSP related, maybe not many concerned.

Link to post
Share on other sites
  • ESET Staff

Hello @karsayor

The most likely reason would be, that as you have synced your ESMC with EMA 2, it created the "MSP" container. This one is "read only", and can´t be deleted, unless the EMA account used for addition is still in use.

You will have to reconfigure your task to sync a different container, not the group all. I would suggest to create "AD" group, and then move all other groups / computers there, and reconfigure the AD sync accordingly. 

As the "MSP" is empty, does it mean you do not plan to use automatic synchronization of managed companies in EMA vs. groups in ESMC? What is your EMA / ESMC setup / relation? Meaning, if there is any relation at all, between the customers list in EMA, vs. the static group structure in ESMC

Link to post
Share on other sites

Hi @MichalJ

Ok we can do this.

We plan to make another ESMC console for MSP management, this one has been used up to now only to manage ESET in our own domain and we don't want to mix things.

But since licences were initially added to this console using the MSP account, they all appeared as says since EMA 2. I created a sub account in our MSP portal for this console now, but it seems I cannot remove this MSP Group now, even though MSP account is no longer set in licences tab of ESMC.

I hope I am clear enough...

Link to post
Share on other sites
  • ESET Staff

Thank you @karsayor, all clear. I will check with the development team why the deletion of "MSP" group is not possible even in case when the MSP account that triggered its creation is no longer present in the console. 

Link to post
Share on other sites
  • ESET Staff

I have been asked by the developers to ask you if it would be possible for you to submit an official customer care ticket. It would help our devs to properly focus / allocate time to the investigation of this issue. Thank you. 

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...