Endpoint encryption 5.0 Patch 2 has a new feature that supports the simplified AD integration to avoid AD sync at same time on multiple TMEE Policy Server environment.
In the database table PolicyServerSettings, the new policy value is ADSyncLock.
| AD Sync Value | Scenario |
|---|---|
| True | A Policy Server is running an AD synchronization |
| False | No Policy Server is running an AD synchronization |
The default value for ADSyncLock is set to “false”. However, during the AD synchronization, the value of the ADSyncLock will be set to “true”. After AD synchronization process done, the value will then be set back to “false”.
The Policy Server checks the ADSyncLock value before it starts the AD synchronization and skips the synchronization when the value is true. This function runs by the PolicyServer Windows Services.
For some unknown reason, the Policy Server Window Service stops during AD synchronization, this may be because the ADSyncLock value is set to "true" and it was never set back to "false". Therefore, the PolicyServer will always think that there is an AD synchronization process running.
To check the DB value:
Select * from dbo.PolicyServerSettings
where ParameterName='ADSyncLock'
To resolve the issue, restart the Policy Server Windows services to reset the ADSyncLock Value.