Under review

One InsufficientAccessRights error writing to AD results in thousands of lines of error messages in the UNIFYBroker log

Adrian Corston 2 years ago in UNIFYBroker Service updated by Beau Harrison (Senior Product Software Engineer) 1 year ago 4

When a write to AD fails with an InsufficientAccessRights error UNIFYBroker writes an error log entry for every user in the current update batch, which usually numbers in the thousands.  This is unwieldy, and due to log write throughput limitation in UNIFYConnect environments this results in degraded service logging functionality for several minutes at a time, while the logs are being written and new log entries cannot be viewed.

The AD LDAP export exception could be escalated as a single entity update failure, rather than a failure of an entire batch of entities.

Image 6409

Image 6410

It seems that once this exception occurs no further updates go through to AD.  So one problematical user causes the whole solution to stop working, turning an otherwise minor issue into a major P1 outage on the service :(

Under review

Hi Adrian

Thanks for the report. This is definitely something that should be handled better, both in terms of the error logging and the failure recovery. Adding this to the v6.0 backlog.

Will all our existing UNIFYConnect customers be moved across to v6.0 when it is ready?  Otherwise this is something that I believe should be addressed in the current service offering.