Management Center Sync Error

---

rex wrote:
I'm getting an error whenever I try to sync the management center with AD. I get a "The Import Failed, Additional Information: Error on RecypteAEKForNewParent" has anyone seen this before? TIA

---

Hi Rex!

Thank you for posting your question in the SophosTalk community forum.

I haven't seen that error before in relation to 'RecrypteAEKForNewParent'. What you should NOT do is delete the objects you already imported into AD to attempt a fresh import. That would retire any Domain, OU and Group keys previously created.

I would say that your options are:

1. Open a case with Sophos Technical Support
2. Upgrade to SGN 5.50.

Please let us know what resolves the issue you posted.

I had this exact issue on 5.40 a few months back. Call support and they will walk you through patching your server and management center. This error (If i recall correctly) is due to not performing AD syncs in a timely manner in which lots of AD objects moved and the MMC doesn't know how to handle it.

Ever since we fixed the issue, I made sure to setup a scheduled task to automate the AD sync every night. Might want to look into it once you get the server and MMC repaired.

Sophos sent out an email right after I opened my ticket explaining the issue (Dated 1/28/2010). Here it is:

--------------------------

Sophos Technical Alert (28 January 2010)

Latest news:
Sophos has released a hotfix for SafeGuard Enterprise 5.40.0.152 Management Center and SafeGuard Enterprise 5.40.0.152 Server.
It is recommended that you apply this hotfix as soon as possible in order to avoid the issue, which is as follows:
Active Directory synchronization fails with the following error message:
The import failed. Additional Information: Error on RecrypteAEKForNewParent
Please note that if you do not apply the hotfix and the error occurs on your system, you will need to contact Sophos Technical Support
for help in fixing this issue.
For full details, refer to the Sophos knowledgebase advisory:
http://www.sophos.com/support/knowledgebase/article/110007.html

Thanks for the replies.  Sophos support helped me solve this issue last week by sending me a SGNKeyTester tool to help repair my database.  I will be upgrading the server this weekend to 5.50 so hopefully this problem will not happen in the future. 

---

rex wrote:

Thanks for the replies.  Sophos support helped me solve this issue last week by sending me a SGNKeyTester tool to help repair my database.  I will be upgrading the server this weekend to 5.50 so hopefully this problem will not happen in the future. 

---

Hey Rex!

I thought you are running a nightly job to sync AD? Is that no longer the case?

Also, I love the community member to community member contributions!!  Especially when I was stumped. :smileywink:

I also want to say that the overall SafeGuard Products discussions have been really good about keeping on topic. I love seeing the SDE/SGE/SGN 5.50 questions coming in because we all learn from them.

Hey David,

I am still running a continuous AD sync script but I noticed that the management center wasn't updating properly and when I ran the script manually it came up with errors.  When I tried to run the sync manually from the MC that's when I actually saw what was preventing the script from erroring out.  Now everything is running smoothly.

I try to pop in here once in awhile to check out some things and maybe share my .02 since I call support quite often. :smileywink:

It's also good to see that I'm not the only one experiencing some of the issues that we run into in our environment.