This article discusses the possible causes and resolutions for an Active Directory (using Synchronization Engine) Directory Connector showing a status of Not yet Active.
- Active Directory Sync using the Mimecast Synchronization Engine version 188.8.131.5217 and later.
The Directory Connector status Not Yet Active is set when a connector is first created, indicating that the Directory Sync has not run successfully yet. If this status does not change for 24 hours after creating the connector you should assume there is a problem with your configuration. As this feature uses a number of components, there are a number of factors to consider, including:
- the Mimecast Synchronization Engine service is not running,
- the configuration for the connector has not been finalized,
- a local permissions error connecting to Active Directory,
- a local networking error where your Mimecast Synchronization Engine site cannot connect to Mimecast.
To identify the cause of this issue follow these steps:
Check 1: Review Your Configuration
Before starting any troubleshooting double check that your configuration as detailed in the Enable Active Directory Sync using the Mimecast Synchronization Engine guide.
Check 2: Mimecast Synchronization Engine Service Status
Active Directory Sync is run by the Mimecast Synchronization Engine application that is installed in your environment.
The Mimecast Synchronization Engine signals it's status to Mimecast once per minute, if the status of your site is not active and up to date, this can be the cause of your Directory Connector issue. To check this status:
- Login to the Administration Console and navigate to the Administration | Services | Synchronization Engine Sites menu.
- Locate the site that was selected for the Directory Connector you are troubleshooting and validate that the status is Active and that the Last Active time is within the last 2 minutes.
If the status is Active and up to date move on to the next troubleshooting step.
- If the status is:
- Active but the Last Active time is not up to date,
- or the status is Bound,
- this indicates that the Mimecast Synchronization Engine service is not running on your server.
- To start the service, connect to the server where the Mimecast Synchronization Engine is installed in your environment, launch the Site Configure utility and click the play button on General tab.
- Once the service status is running on your server, go back to the Administration | Services | Synchronization Engine Sites menu in the Administration Console and validate the status is now Active and the Last Active time is up to date.
Once you have your service status resolved wait for the next scheduled sync to run and re-check the Directory Connector status.
If the status still does not update move on to the next troubleshooting step.
- If the Mimecast Synchronization Engine service fails to start please check the siteconfigure.log file and / or the Windows Event Viewer for more details on why the service is failing.
Check 3: Task Check
Within 2 minutes of saving the configuration in the Administration Console your Mimecast Synchronization Engine server should pickup the new configuration and schedule Active Directory Sync. To check this:
- Login in to the Mimecast Synchronization Engine server that the Active Directory Sync connection is configured to use and navigate to the service log directory, by default C:\Program Files\Mimecast\SynchronizationEngine\log\service.
- Open the log file for the current day and search for the string, "calling siteConfig."
- Following this you should see a line similar to the one below showing Active Directory Sync being applied and the next time the synchronization is scheduled to start:
DEBUG|02062015 08:46:37,319| 4|mseservice|AntiCorruptionScheduler|+ event taskId: 2972, name: Task Description, next occurrence: 02/06/2015 13:00:00
If you do not see this line you should see an error message indicating why Active Directory Sync cannot be applied. Typically this is caused by a networking issue preventing the Mimecast Synchronization Engine connecting to the Mimecast API.
If you would like to run a sync before the next scheduled execution, use the Sync Directory Data button on the Administration | Services | Directory Synchronization page in the Administration Console.
Check 4: Permissions Check
In order for the Mimecast Synchronization Engine to connect to Active Directory and extract data, the user you have specified to run the Mimecast Synchronization Engine service, or the user you have specified in the advanced settings of the Directory Connector requires read permissions to Active Directory.
If the issue still persists please contact our support team for further assistance.