TROUBLESHOOT THE AD BRIDGE AGENT
AD Bridge services and status
The AD Bridge Service Manager lets you troubleshoot all the AD Bridge services from a single command-line utility. You can, for example, check the status of the services and start or stop them. The service manager is the preferred method for restarting a service because it automatically identifies a service's dependencies and restarts them in the right order.
To list the status of the services, run the following command with superuser privileges at the command line:
/opt/pbis/bin/lwsm list
Example
[root@cent64b62 ~]# /opt/pbis/bin/lwsm list lwreg running (container: 4241) dcerpc stopped eventfwd running (container: 4436) eventlog running (container: 4300) gpagent running (container: 4351) lsass running (container: 4335) lwio running (container: 4319) lwpkcs11 stopped lwsc stopped netlogon running (container: 4310) rdr running (io: 4319) reapsysl running (container: 4400) usermonitor running (container: 4447)
To restart the lsass service, run the following command with superuser privileges:
/opt/pbis/bin/lwsm restart lsass
To view all the service manager's commands and arguments, execute the following command:
/opt/pbis/bin/lwsm --help
Check the status on AD Bridge services
Check the status of the authentication service
You can check the status of the authentication service on a Unix or Linux computer running the AD Bridge agent by executing the following command at the shell prompt as the root user:
/opt/pbis/bin/lwsm status lsass
If the service is not running, execute the following command:
/opt/pbis/bin/lwsm start lsass
Check the status of the DCE/RPC service
The DCE/RPC service manages communication between AD Bridge clients and Microsoft Active Directory.
On Linux and Unix
You can check the status of dcerpcd on a Unix or Linux computer running the AD Bridge agent by running the following command as the root user:
/opt/pbis/bin/lwsm status dcerpc
If the service is not running, run the following command:
/opt/pbis/bin/lwsm start dcerpc
Check the status of the network logon service
The netlogon service detects the optimal domain controller and global catalog and caches the data.
On Linux and Unix
You can check the status of netlogon on a computer running the AD Bridge agent by executing the following command as the root user:
/opt/pbis/bin/lwsm status netlogon
If the service is not running, execute the following command:
/opt/pbis/bin/lwsm start netlogon
Important
If the error message Failed to verify DC . (error ) is logged in the agent's syslog files, enable debug logging on the agent. If the incident occurs again, submit the debug logs to support for review.
Check the status of the input-output service
The AD Bridge input-output service, lwio, communicates over SMB with external SMB servers and internal processes.
You can check the status of lwio on a Linux or Unix computer running the AD Bridge agent by executing the following command as the root user:
/opt/pbis/bin/lwsm status lwio
If the service is not running, execute the following command:
/opt/pbis/bin/lwsm start lwio
Check the status of GPAGENT service
The AD Bridge Group Policy service, gpagent, communicates with the AD Bridge domain controller and pulls down group policies.
You can check the status of gpgaent on a Linux or Unix computer running the AD Bridge agent by executing the following command as the root user:
/opt/pbis/bin/lwsm status gpagent
If the service is not running, execute the following command:
/opt/pbis/bin/lwsm start gpagent
Note
If the agent is not joined to the domain, gpagent will not be running.
Restart AD Bridge services
Restart the authentication service
The authentication service handles authentication, authorization, caching, and idmap lookups.
You can restart the AD Bridge authentication service by executing the following command at the shell prompt:
/opt/pbis/bin/lwsm restart lsass
To stop the service, type this command:
/opt/pbis/bin/lwsm stop lsass
To start the service, type this command:
/opt/pbis/bin/lwsm start lsass
Restart the AD Bridge DEC/RPC service
The AD Bridge DCE/RPC service helps route remote procedure calls between computers on a network by serving as an end-point mapper.
Note
For more information, see AD Bridge Agent in Install AD Bridge.
You can restart the DCE/RPC service by running the following command at the shell prompt:
/opt/pbis/bin/lwsm restart dcerpc
To stop the daemon, type this command:
/opt/pbis/bin/lwsm stop dcerpc
To start the daemon, type this command:
/opt/pbis/bin/lwsm start dcerpc
Restart the network logon service
The netlogon service determines the optimal domain controller and global catalog and caches the data.
Note
For more information and a list of start-order dependencies, see Manage AD Bridge Enterprise services .
You can restart the AD Bridge network logon service by executing the following command at the shell prompt:
/opt/pbis/bin/lwsm restart netlogon
To stop the service, type this command:
/opt/pbis/bin/lwsm stop netlogon
To start the service, type this command:
/opt/pbis/bin/lwsm start netlogon
Restart the input-output service
The AD Bridge input-output service, lwio, communicates over SMB with SMB servers; authentication is with Kerberos 5.
You can restart the input-output service by executing the following command at the shell prompt:
/opt/pbis/bin/lwsm restart lwio
To stop the service, type this command:
/opt/pbis/bin/lwsm stop lwio
To start the service, type this command:
/opt/pbis/bin/lwsm start lwio
Note
If you start the lwio service and the rdr service does not also start, use the following command to start the rdr service:
Restart the Group Policy service
The AD Bridge group policy service communicates with the domain controller and pulls down group policies.
You can restart the group policy service by executing the following command at the shell prompt:
/opt/pbis/bin/lwsm restart gpagent
To stop the service, type this command:
/opt/pbis/bin/lwsm stop gpagent
To start the service, type this command:
/opt/pbis/bin/lwsm start gpagent
Updated about 1 month ago