-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replication Errors with OPF #36
Comments
Yes, if you have a cloud sync it MUST be the last ones in the LSA
notifiers. Especially Gsync (DEAD LAST!) which likes to kill the stack..
make sure OPF is before them, especially GSYNC!
edited:
And that is on **ALL** ADs, but can test on one that your changing the PW on - using powershell with -server <ip/hostname> switch
OPF shouldnt affect attributes though, so could also be something else.
|
Is this what you are referring to?
[cid:image003.png@01D5FDFA.929F6A70]
Just moving the OpenPasswordFilter to the top of the Notification Packages in the registry?
thanks,
david
From: FFFreak [mailto:notifications@github.com]
Sent: Wednesday, March 18, 2020 3:10 PM
To: jephthai/OpenPasswordFilter <OpenPasswordFilter@noreply.github.com>
Cc: David Hodgson <dhodgson@pfsweb.com>; Author <author@noreply.github.com>
Subject: Re: [jephthai/OpenPasswordFilter] Replication Errors with OPF (#36)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Yes, if you have a cloud sync it MUST be the last ones in the LSA
notifiers. Especially Gsync (DEAD LAST!) which likes to kill the stack..
make sure OPF is before them, especially GSYNC!
On Mon, Mar 16, 2020 at 9:37 AM dh-pfsweb ***@***.******@***.***>> wrote:
Hello,
We installed OpenPasswordFilter recently and have had some problems with
it. We ran into the krbtgt error mentioned in an older post. In addition to
that, we are having replication issues between our domains. When we change
a users password, or make other attribute changes, we need to stop the OPF
Service on the DC to get the changes to replicate to the other DCs. Has
anyone else run into this issue or have any suggestions as to what we might
be able to do to correct this problem?
thanks,
david
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#36>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJDA4M3CATDCK3V42CZ7KETRHZIVNANCNFSM4LMNNKEA>
.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#36 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO27HAVWPAI257EUX5NVHJ3RIETALANCNFSM4LMNNKEA>.
|
Cannot see image, but I did it on mine before the cloud providers. However, most things "pass-through" so i don't know of any issue with it being first, but i also have never tried it that way. Sorry i cannot tell you a yes or no on it. |
Sorry. The image was a screenshot of our registry. I was wondering if this was the proper place to make the change to the LSA Notification.
HKLM > SYSTEM > CurrentControlSet > Control > Lsa > Notification Packages
In there I find three values:
rassfm
scecli
OpenPasswordFilter
Do I just need to move OpenPasswordFilter to the top?
thanks,
david
From: FFFreak [mailto:notifications@github.com]
Sent: Thursday, March 19, 2020 6:24 PM
To: jephthai/OpenPasswordFilter <OpenPasswordFilter@noreply.github.com>
Cc: David Hodgson <dhodgson@pfsweb.com>; Author <author@noreply.github.com>
Subject: Re: [jephthai/OpenPasswordFilter] Replication Errors with OPF (#36)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Cannot see image, but I did it on mine before the cloud providers. However, most things "pass-through" so i don't know of any issue with it being first, but i also have never tried it that way. Sorry i cannot tell you a yes or no on it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#36 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO27HATJ7JUYIRU3VCIAD7LRIKSPXANCNFSM4LMNNKEA>.
|
I personally see no issue with the original order. When you remove (OPF) it does replication perfectly? (replication and partition syncing [like on a service restart] are very different). |
Also what Operating System (I'm just some dude, and played alot with OPF in my test environments, but OSes I think were 2008 R2 to 2012). |
This is installed on Server 2012 R2.
All we have to do is to disable the OPF Service on the DCs and everything works fine. With the service enabled, we have long delays to change passwords (20 seconds up to several minutes), and we see replication problems arise.
thanks,
david
From: FFFreak [mailto:notifications@github.com]
Sent: Friday, March 20, 2020 11:38 AM
To: jephthai/OpenPasswordFilter <OpenPasswordFilter@noreply.github.com>
Cc: David Hodgson <dhodgson@pfsweb.com>; Author <author@noreply.github.com>
Subject: Re: [jephthai/OpenPasswordFilter] Replication Errors with OPF (#36)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
I personally see no issue with the original order. When you remove (OPF) it does replication perfectly? (replication and partition syncing [like on a service restart] are very different).
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#36 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO27HAUUOGMDJKUQ4J2GI63RIOLW7ANCNFSM4LMNNKEA>.
|
So OPF does use a sorta local loopback (127.0.0.1) to do the communication from LSA notifier to the service that does the checking. Have you tried wire shark to see if there is a communication issue with this loopback. I am wondering if that communication channel is having issues and your hitting a timeout on the call. I didn't write it, but figured they did this for a buffer and ability to queue up asynchronous calls in to a synchronous check. |
Hello,
We installed OpenPasswordFilter recently and have had some problems with it. We ran into the krbtgt error mentioned in an older post. In addition to that, we are having replication issues between our domains. When we change a users password, or make other attribute changes, we need to stop the OPF Service on the DC to get the changes to replicate to the other DCs. Has anyone else run into this issue or have any suggestions as to what we might be able to do to correct this problem?
thanks,
david
The text was updated successfully, but these errors were encountered: