Troubleshoot profile synchronization Bridge Connectors


Troubleshooting items for:

  • All Bridge Connectors for Collaborate
  • Active Directory Connector

Bridge Connectors for Collaborate

Problem

Genesys recently deprecated TLS 1.0 protocol support and implemented TLS 1.1 and TLS 1.2 support to enhance PureCloud security. This effort adversely affects the following profile synchronization Bridge Connectors running on Windows Server versions earlier than Windows Server 2012 R2:

  • Active Directory 2.1.0.276 and earlier
  • CIC Data 2.0.0.224 and earlier
  • REST Dynamic 1.0.0.163 and earlier
  • SQL Database 2.0.0.206 and earlier
  • Workday 2.0.1.130 and earlier

These Bridge Connector versions running on Windows Server versions earlier than Windows Server 2012 R2 support the now-deprecated TLS 1.0. When the system attempts to connect back to PureCloud to synchronize user profile information, a TLS negotiation failure occurs. An Unable to load configuration from Directory message appears.

Solution

Update your Bridge Connector to use TLS 1.1 or 1.2, using one or both of these solutions. Once the update completes, profile synchronization resumes without further intervention.

Upgrade to the latest Bridge Connector version

Upgrade to the latest Bridge Connector version that supports TLS 1.1 and TLS 1.2. For more information, see Upgrade a Bridge Connector. Restart after the upgrade.

Apply a Microsoft security update

Apply this Microsoft security update to enable TLS 1.1 and TLS 1.2 by default: 

https://support.microsoft.com/da-dk/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in 

Restart after applying the update.

Active Directory Connector

Problem

The Active Directory Connector API returns this error message, due to a malformed LDAP query: The directory service is unavailable.

Solution

Make sure that the LDAP query begins with &. For example:(&(objectCategory=User) 

Problem

How do I set up a custom LDAP query to capture a specific subset of Active Directory users?

Solution

Use the membership attribute memberof:1.2.840.113556.1.4.1941 in the LDAP query to perform a nested search. For example: 

(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=cn=TestGroup,ou=Groups,ou=CompanyUsers,dc=test,dc=corp))

Problem

The Active Directory Connector API returns this error message: Get User Schema failed for domain ‘DomainName. This error message, indicating that the Active Directory Connector could not contact the Active Directory server, occurs if the query uses just the domain as the server address. This causes the Active Directory to use the default Active Directory schema.

Solution

If your Active Directory Connector implementation uses custom Active Directory objects, make sure to use the IP or FQDN of a specific Active Directory server as the server address. If your implementation does not use custom Active Directory objects, you can ignore the error message.