Info: Expected service start-up behavior when TPP is unable to communicate with any configured domain controllers

Applies to:

19.4.x+ and above


If an Active Directory connector has been configured in Venafi Trust Protection Platform, and one (or more) TPP engine(s) are unable to communicate with the associated domain controller(s) this will result in very slow start-up times for TPP service(s) on the affected engine(s).

More Information:

Currently the Active Directory connector in TPP is designed to initialize the associated domain controllers in parallel, and will not 'start' the services until each domain controller has either failed or succeeded to be initialized.

Due to the above, very large/complex Active Directory environments with TPP servers that are unable to reach the environment's various domain controllers will experience heavily delayed start-up times of TPP services - the amount of time required for TPP to start when domain controllers are unreachable will depend on the number of Active Directory domain controllers in the environment.

As of TPP version 19.4.2, DCs are discovered in parallel. If you are using an earlier patch version of 19.4, DCs are instead discovered serially.

Was this article helpful?
1 out of 1 found this helpful