Troubleshooting the AD Agent
Issue: Installer Crash
When performing an installation of the Windows Agent the application crashes when selecting the install target location.
This is likely due to the account currently signed into not having appropriate access to the Install folder location.
To correct this:
- Go to C:\Program Files\ and right click on the Passportal folder and select Properties.
- Go to the Security Tab, then choose Advanced.
- Change the owner to the account you are currently signed into, and select the checkbox to replace the owner on the subcontainers and objects.
- Apply these permissions.
- Attempt to install the Windows Agent again, and it should complete successfully this time.
Issue: Sync has not been Running for a Client
You're seeing that sync has not happened for a client in a couple days.
- Connect to the Primary Domain Controller, and launch the Passportal Application.
- Authenticate with your Passportal credentials on the agent, and select the client you are connected to.
- Note the Passportal Sync credentials from Passportal, and paste them into the agent.
- Save and start the agent, and verify that the sync for the client is now showing as recently synced.
Issue: I've installed the AD agent with 2-way password sync enabled but password changes made in AD are not Updated in Passportal
Below are the areas to check in order to verify that the 2-way sync meets the prerequisites and is installed correctly:
- Redistribute package of Microsoft C++ on the DC i.e.:
- Ensure the following .dll file is present: c:\windows\system32\ADPasswordChangeNotifier.dll
- Three Passportal Registry entries:
- system registry entry
- To enforce the notification password, the password complexity setting must be enabled.
If the redistributable is missing, it can be found on Microsoft's site (install both the x86 and x64 versions):
[HKEY_LOCAL_MACHINE\Software\Passportal\ADAgentAddress] = 127.0.0.1
[HKEY_LOCAL_MACHINE\Software\Passportal\ADAgentPort] = 7771
[HKEY_LOCAL_MACHINE\Software\Passportal\InstalledByAutoUpdate] = False
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages] = “Notification Packages” is a value of type REG_MULTI_SZ, so it may contain multiple DLL names. There should be among them adpasswordchangenotifier
If all of these prerequisites are in place, activate the Security Policy Audit Log to trace the events to see what might be happening at the operating system level.
To audit the loading of notification packages:
- Click Start > Administrative Tools > Local Security Policy.
- Expand Local Policies, and then select Audit Policy.
- Double-click Audit System Events.
- Tick the Success and Failure check boxes.
Any errors attributed to the 2-way sync notifier will now appear in Event Viewer > Security logs.
Issue: You have two credentials with the same Username
This issue has been resolved as of Agent 220.127.116.11. We recommend to update the Agents where neccessary to resolve this issue. If you cannot update the Agent the below will assist in dealing with the issue.
If a second credential entry with the same username has appeared in Passportal, the newest credential entry will be marked as Waiting on Connection.
Disable any second credentials that are showing as Waiting on Connection.
Once the duplicate entries have been disabled in the system, please ensure that your Windows Agent is running the latest version. You can see the version of the agent by launching the Passportal Application on the desktop, then check in the bottom left corner.