Troubleshoot profile synchronization Bridge Connectors
Troubleshooting items for:
- All Bridge Connectors for Collaborate
- Active Directory Connector
Bridge Connectors for Collaborate
Genesys recently deprecated TLS 1.0 protocol support and implemented TLS 1.1 and TLS 1.2 support to enhance Genesys Cloud security. This effort adversely affects the following profile synchronization Bridge Connectors running on Windows Server versions earlier than Windows Server 2012 R2:
- Active Directory 184.108.40.2066 and earlier
- CIC Data 220.127.116.11 and earlier
- REST Dynamic 18.104.22.168 and earlier
- SQL Database 22.214.171.124 and earlier
- Workday 126.96.36.199 and earlier
These Bridge Connector versions running on Windows Server versions earlier than Windows Server 2012 R2 support the now-deprecated TLS 1.0. When the system attempts to connect back to Genesys Cloud to synchronize user profile information, a TLS negotiation failure occurs. An Unable to load configuration from Directory message appears.
Update your Bridge Connector to use TLS 1.1 or 1.2, using one or both of these solutions. Once the update completes, profile synchronization resumes without further intervention.
Upgrade to the latest Bridge Connector version
Apply a Microsoft security update
Apply this Microsoft security update to enable TLS 1.1 and TLS 1.2 by default:
Restart after applying the update.
Active Directory Connector
The Active Directory Connector API returns this error message, due to a malformed LDAP query: The directory service is unavailable.
Make sure that the LDAP query begins with &. For example:
How do I set up a custom LDAP query to capture a specific subset of Active Directory users?
Use the membership attribute
memberof:1.2.840.1135188.8.131.521 in the LDAP query to perform a nested search. For example:
The Active Directory Connector API returns this error message: Get User Schema failed for domain ‘DomainName‘. This error message, indicating that the Active Directory Connector could not contact the Active Directory server, occurs if the query uses just the domain as the server address. This causes the Active Directory to use the default Active Directory schema.
If your Active Directory Connector implementation uses custom Active Directory objects, make sure to use the IP or FQDN of a specific Active Directory server as the server address. If your implementation does not use custom Active Directory objects, you can ignore the error message.