-
Title
Capture Agent Connection Points defined in GPO defaulting to port 808 -
Description
When utilizing the Sync Service Capture Agent Group Policy (GPO) to define a Connection Point to the Synchronization Service, the Capture Agent fails to connect to the Sync Service. The following error is observed in the caSvcCfg.xml file:
Can't process link to 'net.tcp://syncservicehost.domain.com/ActiveRoles.SyncService.Server/PasswordService': Could not connect to net.tcp://syncservicehost.domain.com/ActiveRoles.SyncService.Server/PasswordService. The connection attempt lasted for a time span of 00:00:01.0099426. TCP error code 10061: No connection could be made because the target machine actively refused it 10.250.1.121:808. No connection could be made because the target machine actively refused it 10.250.1.121:808
The Capture Agent caSvcCfg.xml file can be found in the following location on the Domain Controller:
- %ProgramData%\One Identity\Active Roles\Logs\Synchronization Service\
-
Cause
When utilizing the Sync Service Capture Agent GPO .adm template to define a Connection Point, the connection defaults to using port 808. Port 808 is no longer utilized in the latest versions of the Sync Service, and has been replaced with port 15173.
This issue has been identified as a product defect and assigned the Defect ID 311713.
-
Resolution
WORKAROUND
When specifying the Connection Point in the GPO, ensure port 15173 is defined, which will override the default of 808.
Example:
- net.tcp://syncservicehost.domain.com:15173/ActiveRoles.SyncService.Server/PasswordService
STATUS
Waiting for fix in a future release of Active Roles.
-
Change Request
311713 -
Additional Information
This defect is only relevant to scenarios where the Capture Agent GPO is utilized to override the Connection Points. When using the Service Connection Point (SCP) that are automatically created in Active Directory via the Sync Service instead of the GPO, the correct ports are utilized.