Active Directory synching for SGN 5.50.8.13 error

Finally got a response back from tech support yesterday after complaining to our sales guy about no response for a week and a half.  Simple fix, which is annoying and SHOULD have been made available on the website. I’’’’m gonna write documentation for Sophos and bill them accordingly….

This issue has to do with our Sophos/Active Directory synchronization and how we need to synchronize the entire AD tree at some point during the night so it has a baseline. We currently have scheduled tasks setup to sync only certain OUs every 30 minutes because we are rolling this out to a few groups at a time who are not physically located in our office.

The fix is to download SGNKeyTester (specific to the version of SGN you are using) – we use 5.50.8 so if you need that one, I can provide it otherwise Sophos will have to direct you to their FTP site to download it (good luck with that). So, you download the SGNKeyTester, run it on your Sophos server – login as the MSO account (not one that you elevated, it has to be the actual MSO account). I have a screen shot of the SGNKeyTester but it won't let me paste it here.

Select “All Objects” radio button and click “Check only structure keys”, it will display any “Wrong Entries” in the bottom part of the screen, select one of the wrong entries and click “Additional Infos” (gotta love that misspelling!) and then “Repair Selected” (continue selecting the wrong entries listed and clicking “Repair Selected” until they are all fixed). Then click on “Check group and structure keys” and continue the “Additional Infos” and “Repair Selected” until those are all fixed.  Continue with the same process for “Check user and structure keys” and “Check computer and structure key”. Once you have done that, your problem is fixed and your AD syncs should work again.

The key to prevent it from happening again is to setup a scheduled task to run at say 1:00AM to synchronize your entire AD structure. That way it has a baseline – at least that’’’’s what tech support said. Then you can sync just the OUs that are using Sophos as necessary during the day.

Finally got a response back from tech support yesterday after complaining to our sales guy about no response for a week and a half.  Simple fix, which is annoying and SHOULD have been made available on the website. I’’’’m gonna write documentation for Sophos and bill them accordingly….

This issue has to do with our Sophos/Active Directory synchronization and how we need to synchronize the entire AD tree at some point during the night so it has a baseline. We currently have scheduled tasks setup to sync only certain OUs every 30 minutes because we are rolling this out to a few groups at a time who are not physically located in our office.

The fix is to download SGNKeyTester (specific to the version of SGN you are using) – we use 5.50.8 so if you need that one, I can provide it otherwise Sophos will have to direct you to their FTP site to download it (good luck with that). So, you download the SGNKeyTester, run it on your Sophos server – login as the MSO account (not one that you elevated, it has to be the actual MSO account). I have a screen shot of the SGNKeyTester but it won't let me paste it here.

Select “All Objects” radio button and click “Check only structure keys”, it will display any “Wrong Entries” in the bottom part of the screen, select one of the wrong entries and click “Additional Infos” (gotta love that misspelling!) and then “Repair Selected” (continue selecting the wrong entries listed and clicking “Repair Selected” until they are all fixed). Then click on “Check group and structure keys” and continue the “Additional Infos” and “Repair Selected” until those are all fixed.  Continue with the same process for “Check user and structure keys” and “Check computer and structure key”. Once you have done that, your problem is fixed and your AD syncs should work again.

The key to prevent it from happening again is to setup a scheduled task to run at say 1:00AM to synchronize your entire AD structure. That way it has a baseline – at least that’’’’s what tech support said. Then you can sync just the OUs that are using Sophos as necessary during the day.