Question:

What is the recommended monitoring that needs to be in place to ensure we are alerted if there is a problem with Centrify Agents or it's communication with Active Directory ?


Answer:

If you have monitoring tools such as Openview/Arcsite or other monitoring tools, you can set up alerts in several different ways:

1) Monitor for process failures(no longer running) : ps -ef | grep adclient

2) Run command to check if agent is running in disconnected mode or not running : "adinfo -m"

3) Monitor syslog for "Running in disconnected mode"

Jul 7 02:07:11 linux adclient[30261]: INFO <fd:22 ldap fetch> base.bind.healing Lost connection to vmtest1.ianlau.net. Running in disconnected mode: fetch
<SID=01050000000000051500000033e099711ec37c39a4b34c65e2040000> : Timed out
Jul 7 02:07:11 linux adclient[30261]: INFO <bg:ageBindings> base.bind.ad ConnectToServer: fetch("") from vmtest1.ianlau.net:389 failed (Reason: fetch : Can't contact LDAP server)
Jul 7 02:07:11 linux adclient[30261]: INFO <bg:ageBindings> dns.state DNS is up
Jul 7 02:07:11 linux adclient[30261]: INFO <bg:ageBindings> base.bind.ad ConnectToServer: fetch("") from vmtest3.ianlau.net:389 failed (Reason:
fetch : Can't contact LDAP server)
Jul 7 02:07:11 linux adclient[30261]: INFO <fd:23 ldap search> base.bind.healing Lost connection to vmtest1.ianlau.net. Running in disconnected mode: Last
error was unexpected disconnect vmtest1.ianlau.net; deferring reconnect.