This article answers common questions regarding PolicyServer.
Select the question to know the corresponding answer about PolicyServer.
It is recommended to have an active management for your PolicyServer and related database. To ensure availability for end-users attempting to authenticate on your network:
- Actively monitor CPU usage and establish a threshold for when the PolicyServer Windows Service should be restarted.
- Schedule a regular restart of the service on a basis that fits your established maintenance windows (daily, weekly, monthly, etc.).
- Synchronize the schedule of restart for PolicyServer Windows Service with the maintenance on your AD environment, server, or database. Any maintenance or changes on the AD environment may result in a loss of connectivity at the PolicyServer level.
A nightly backup of both MobileArmorDB and MobileArmorLog databases is recommended.
No. However, it is recommended to upgrade the PolicyServer first before upgrading the clients. It is also recommended to always update the clients to the latest version for troubleshooting purposes.
Below are the possible causes of the issue:
- Incorrect Username or Password are entered for SQL Authentication Account.
- The SQL Server is added to the domain after the SQL Server installation.
- The SQL Account used does not have sufficient permissions to create a database or add a user.
- The logged in Windows user does not have read/write permissions to C:\Windows\System32 directory.
- The SQL Server is not configured to use SQL Authentication.
To resolve this, refer to the Microsoft article You may receive a "Not associated with a trusted SQL Server connection" error message when you try to connect to SQL Server 2000 or SQL Server 2005 Print Print Email Email.
No. We synchronize password changes but if you modify a user, such as changing User Name, updating email address, or moving to another group, the changes are not automatically applied in the PolicyServer.
To synchronize the changes made in Active Directory, update the changes in PolicyServer via MMC or re-import the user.
To grant the required permission to the application, change the application trust level in the configuration file.
This issue happens when running the installation from a network or UNC share. Copying and running the file to the local drive fixes the issue.
For more information regarding this issue, refer to the Microsoft article System.Security.SecurityException: Security error" error message when the virtual directory points to a remote share in ASP.NET.
The issue happens because the PolicyServer does not have the required level 3 setting in the registry key below. The domain controller may reject the credentials even though the account is an OU admin.
To fix this issue, configure the following registry key:
Level 3 - Send NTLM 2 response only. Clients will use NTLM 2 authentication and use NTLM 2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLM 2 authentication.
The PolicyServer/Client communications vary depending on the following:
- Policy settings
- Number of policy groups
- Number of privileged users
- Size of the legal notice
- Number of Administrators
- Enabled OCSP and used certificates
The synchronization timer starts after the Windows loads. Therefore, devices with a 30-minute synchronization interval consumes network traffic 30 minutes after start-up. Testing the Endpoint Encryption shows that a single device should not transmit more than 3 MB per synchronization interval. This should not affect the LAN. However, consideration should be given to clients that are communicating over slow WAN links.