Good day,
we have started pilot run for CloudPanel in our AD, and the issue is following:
user changes password, it is written into xml file and on scheduled sync CloudPanel fails to parse this xml file.
with following error message:
| ERROR | CloudPanel.SyncService.Tasks.ProcessADPasswordChanges| Task: Active Directory Password Changes, Type: Error, Message: Error reading file C:\Program Files\Know More IT\Sync Service\db\username.xml: System.Xml.XmlException: ‘,’ is an unexpected token. The expected token is ‘;’. Line 3, position 33.
XML file Password line contains symbol “<” that breaks the import process:
<ADPasswordChange>
<Username>username</Username>
<Password>|Mn8>&lt;n+&_Ro,<o(<n+&</Password>
<Retry>0</Retry>
<LastMessage>none</LastMessage>
</ADPasswordChange>
CloudPanel VERSION: 3.2.330.0
Unfortunately it did not helped with update routine.
Still getting user passwords not synced with error message:
[2021-06-21 15:01:22,564] | ERROR | CloudPanel.SyncService.Tasks.ProcessADPasswordChanges| Task: Active Directory Password Changes, Type: Error, Message: Error reading file C:\Program Files\Know More IT\Sync Service\db\dmamontovs.xml: System.Xml.XmlException: Name cannot begin with the ‘~’ character, hexadecimal value 0x7E. Line 3, position 20.
and the xml file has password data, that cannot be correctly processed (“<” symbol breaks the logic):
<Password>jmTP<<~1Z33l</Password>
It appears to be one big issue with users changing their passwords in AD.
it looks like ~25% of users geting this problem on password changed in AD not uploaded to CloudPanel due to incorrect symbols in xml file.
Is there any permanent fix to this issue?
@ad-it-dept Do you have an example password we could try? We did find issues as you pointed out and implemented a fix but it would be helpful if we had a test password to try and make sure 100%. I can send you the update file after you respond. Thank you!
have tried with following password and failed:
***************
@ad-it-dept Thank you. I will run that through our encryption methods and see the output.
We are finishing up some changes we made to CloudPanel in order to deploy the new ADSync service that will resolve this issue. We are hoping to finish testing by EOD Tuesday and release on Wednedsay.
@ad-it-dept yes. Sorry we were not thinking about being off Monday for the holiday so the release is a day later than planned (today). I will post here when it it out this afternoon
Here is the download: https://compsysar.sharefile.com/d-sc281d978d3b140b297497cf88a9562f4
Just so you know, we are still troubleshooting the password filter not registering on Server 2012 servers.
@jdixon, than you,
do we need to update Cloud Panel and AD Sync on DC, or AD Sync will do the magic?
@ad-it-dept We did make some changes in CloudPanel to support multiple company codes in ADSync, so I would update it as well. We also updated some documentation: https://kb.knowmoreit.com/docs/cloudpanel-adsync/
@jdixon I am having the same issue where some users are not syncing and I am seeing an Error reading file in the logs. I am currently on 3.2.335. Would the upgrade help me or is this something we should look into first?
@rferrigno The new update will resolve issues with invalid characters in the XML file which causes it not to be able to read the XML file in order to reset passwords. It should resolve your issue but you need to update CloudPanel and the ADSync on each domain controller it is deployed.
@jdixon I upgraded them last night but I still see the errors in the logs. Should we try to reset those passwords again and do we need to delete the db xml files first?
@rferrigno It won’t be able to read those previous XML files since they contain invalid characters. Only the new ones will start to function properly going forward. Let me know if you run into any issues or get more error messages
@jdixon thank you. So should I just reset the password to clear those xmls and overwrite them or or should I delete those xml files first?
@rferrigno I’d just go ahead and just delete them but a password reset will overwrite the files anyway. So both accomplish the same result. It is up to you! 🙂
@jdixon Different error this time.
[2021-07-28 12:41:51,806] | ERROR | GetADSyncSettings | Error retrieving the ADSync settings: System.Exception: Unable to access ADSync settings from CloudPanel: [NotAcceptable]
at CloudPanel.SyncService.Helpers.ServiceManager.GetADSyncSettings()
[2021-07-28 12:41:51,812] | ERROR | CloudPanel.SyncService.Tasks.GetCPUsers| Erroring retrieving a list of users from CloudPanel: Unable to access ADSync settings from CloudPanel: [NotAcceptable]
[
@rferrigno You did upgrade Cloudpanel first right? Also can you check the registry under HKLM\Software\Know More IT\Sync Service and make sure the values are correct? Sometimes if you do a “repair” (not saying you did) it can revert the DWORD values to STRING values which cause a problem:
https://kb.knowmoreit.com/docs/cloudpanel-adsync/customize-time-frames/
@jdixon I did upgrade the cloudpanel first. The values in the registry do look good. I verified with the knowledge base. I’m stumped.
