Follow

Info: Expected service start-up behavior when TPP is unable to communicate with any configured domain controllers

Applies to:

19.4.x+ and above

Summary:

If an Active Directory connector has been configured in Venafi Trust Protection Platform, and one (or more) TPP engine(s) are unable to communicate with the associated domain controller(s) this will result in very slow start-up times for TPP service(s) on the affected engine(s).

More Information:

Currently the Active Directory connector in TPP is designed to initialize the associated domain controllers serially - this means that TPP will attempt to initialize each domain controller in order, and will not 'start' the services until each domain controller has either failed or succeeded to be initialized.

Due to the above, very large/complex Active Directory environments with TPP servers that are unable to reach the environment's various domain controllers will experience heavily delayed start-up times of TPP services - the amount of time required for TPP to start when domain controllers are unreachable will depend on the number of Active Directory domain controllers in the environment.

Engineering has built a workaround FTF (field test file) that is intended to change the Active Directory connector's behavior to initialize the domain controllers in parallel (each domain controller will be initialized simultaneously instead of in-order) - this will improve start-up times for TPP engines affected by the above.

If you have further questions, or would like the above FTF to be built/provided for your Engineering-supported TPP version feel free to open up a Support Ticket by emailing 'support@venafi.com' or via the Support section of the Customer Portal.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments