This article applies to:

• MailMarshal SPE
• Connector Agent

Question:

• What are common issues with Connector Agent?
• Where do I look for logs and other information to debug Connector Agent?
• What can I do to make debugging easier?

Response:

The following points address some common issues and points to consider when troubleshooting Connector Agent:

Invalid addresses

• The Primary email address for each user (in the AD or LDAP at the customer site) must match a domain that belongs to the customer in SPE.
  • If any user does not match the domains, then that Connector Agent will have errors until ALL users are corrected.

Logs and other messages

• The end customer CA GUI often gives an error "invalid checksum," but this is misleading. This is actually a generic error.
• For best information, look at the SPELdapService log (found on the Customer Console server in the Logging subfolder of the install).
  • If the log shows invalid email addresses, the customer must fix all of these to get good imports.
  • When there are invalid addresses, the Connector Agent issues constant retries which are rejected.
  • An AD entry with a blank SMTP address is a particular case that is common and can be hard to resolve.
  • If the CA at the customer site is set to send updates more often than allowed by the SPE installation, this also causes rejected attempts.
• Also see the logs at the end customer connector agent installation (...\Marshal\ConnectorAgent\Logging)

Update frequency and "test mode"

• When testing or debugging, check the box "in test mode" for the customer (in Admin Console, Connector agent tab for each customer). This removes the restriction on "too frequent updates" and allows the customer to make and test changes.
• For production usage, set the Update Frequency to 4 hours (in Admin Console). Ensure that the customer Connector Agent is not configured to send updates more frequently. If the CA tries to send more frequent updates, they will only be rejected causing errors, frequent retries, and full logs. 

 Address validation

• The LDAP and AD groups are validated at different times in the process.
  • With the AD connector, the Connector Agent rejects users that do not match the customer's domains as configured in SPE. Non-matching users are not sent.
  • With the LDAP connector, the Connector Agent sends all users. Non-matching users are rejected by SPE.
• With AD domain validation, you might encounter a problem due to inconsistent capitalization (the check for matching domains is case sensitive, though it should not be).
  • If you encounter this issue and it cannot be corrected at the customer site, contact LevelBlue Technical Support for a fix. This fix will also be included in a future release of Connector Agent.