• State Not Answered
  • Replies 0 replies
  • Subscribers 97 subscribers
  • Views 0 views
  • Users 0 members are here
Options
Related

Subject: Sync Editor AD Connector - DMZ Domain Fails During Initial Sync (Timeout Error)

hamza bentiba
8 days ago

Hello community,

I'm experiencing a problem with the Synchronization Editor in One Identity Manager while trying to run an initial sync on an Active Directory domain located in a DMZ

  • Setup Info:

- One Identity Manager: 9.2

- Connector Type: Active Directory (One Identity Manager connector)

- Connection: Established successfully

- SSL: Not in use

- Connectivity Test: Target system is reachable and browsable from Sync Editor (no network block)

- Working Setup: I have another AD connector (not in DMZ) that works fine with identical settings (except hostname/IP)

  • Issue:

When I run the initial synchronization workflow, it fails with the following error:

Error running synchronization project (Active Directory Domain (DC=DMZ-****)'s workflow (Initial Synchronization).**

Error connecting system (One Identity Manager connector)!
DistributionConnector: Error connecting the system.
Database error -2: Connection Timeout Expired. The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement. This could be because the pre-login handshake failed or the server was unable to respond back in time. The duration spent while attempting to connect to this server was - [Pre-Login] initialization=6; handshake=29995;
Connection Timeout Expired. The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement. This could be because the pre-login handshake failed or the server was unable to respond back in time. The duration spent while attempting to connect to this server was - [Pre-Login] initialization=6; handshake=29995;
The wait operation timed out

  • What I’ve Verified:

- Firewall rules are open for the necessary ports

- AD is accessible from the Sync Editor machine

- No SSL used (default port 389 is open)

- Name resolution is working

- The same credentials work in manual LDAP browsing

  • Question:

What could be causing the handshake timeout only on the DMZ connector, despite the connection being marked as successful in the configuration step? Are there any pre-login or handshake-related timeout settings I should adjust within the Synchronization Editor or AD connector configuration?

Thanks in advance for your support!