Intermittent issue with backsync

Hi,

I replaced our Admin and Sync service account recently because the old one kept locking, and since then I've been having problems with the Backsync.  I've been able to set up mappings to Users, and a new connection.  The backsync appears to work maybe 1/3 of the time, but isn't picking up new users at all so I can see Azure Properties and Exchange Online properties for existing users but not new ones.  I see a few errors, described below.  The new account isn't in Domain Admins as the old one was but I've tried adding it back in and it doesn't make a difference.

1. When trying to Configure Backsync in the Settings I get an error saying "An error occurred while connecting to Azure"

2. When the Backsync fails, or when I open a connection or try to amend a mapping I get the message "The underlying connection was closed: An unexpected error occurred on a send.  Unable to read data from the transport connection. An existing connection was forcibly closed by the remote host."

3. Occasionally when our helpdesk staff search for someone in the web client version they get a message saying "Quick Search  cannot display cloud-only objects until you complete Azure integration"

I've created new connections and mappings, cleared out the App registrations in Azure and created a new secret, which worked although it took a few attempts to go through.  We're using 7.5 and I did find a kb about item 2 suggesting is was a TLS problem but it was for versions 7.4.5 and below, and the suggestion registry entries were present, and it worked fine between the update to 7.5 in December and when I replaced the account.  When I did the replacement I reauthenticated to Azure as well, and it has held the existing accounts connections but doesn't seem to be created new ones.

Has anyone come across any or all of this?  I've logged a call with support but they're having trouble finding a resolution because it's intermittent.

  • This may seem like a silly question but when you installed 7.5, did you go through the whole process of re-creating your Sync Service's Azure connection and backsync job?

    As I understand it architecturally, the "new" approach to M365 connectivity for the Sync Service as implemented in 7.5 doesn't rely on a service account anymore but rather the app registration (as was already the case for the Administrative Service).

    'Hence my initial question.


  • With respect to my comment ...doesn't rely on a service account anymore above, the upshot of this (not spelled out in the documentation!  - grrrrr) is that you you have to re-create all synchronization steps that leverage your Azure connection (including, obviously, your BackSync). Frowning2

  • Hi, thanks for the reply, and yes, each time we've updated Active Roles I've recreated the connections.  That was doubly important with the update to 7.5 because it changed to the App ID registration instead of simply logging in to the cloud admin account as it did before.  

    EDIT - We had three "secrets" in App registration that support suggested I tidied up, which I did, so the mappings, connections and sync workflows have all been recreated.  I get that error in point 2 most of the time when I try to touch any of that stuff but if I persevere it will connect eventually.