Overview: This document is a basic overview of how to filter and review Wireshark log captures for Projectwise User Sync Service issues. This will answer the two questions below.
- What port does User Sync and LDAP use?
- What is a valid method to determine if payload traffic is being returned from the Domain Controller?
Pre-requisites \ Assumptions \ Preliminary setup:
- The Windows account that the User Sync Service is being run as under Services must have appropriate rights to connect to the Domain and enumerate or view users In active directory from on the server running the User Sync Service and be to be able to “run as a service”.
- The ProjectWise user credentials (username and password) specified in ProjectWise Administrator under the user sync section as the local Projectwise account for writing to the Datasource must be re-entered under the User Sync Settings after any change is made to the User Sync Service under Windows services. This user should be a logical account and be part of the Administrators Group in Projectwise
- Once the service account is verified as working and reports successful Synchronizations. You can start troubleshooting the packet level traffic via Wireshark.
- Two Pieces of information that will be required are the IP address of both the Primary Domain Controller as well as the IP address of the Server running the Projectwise User Sync Service.
- If you do not know which Domain Controller is the Primary Domain Controller (PDC), you can get a list of Domain Controllers using the NLTEST command from an elevated command prompt on the User Sync Service Server. Example syntax and results are listed below.
- nltest /dclist:{domainname}
- Output below (you may see multiple Domain Controllers listed, the primary is always identified with [PDC] and is the one that User Sync is looking to for LDAP queries)
- Example: Get list of DCs in domain 'DAN' from'\\2016DC'.
- 2016DC.dan.net [PDC] [DS] Site: Default-First-Site-Name
- The command completed successfully
- You can then do a simple windows ping of the Domain Controller to determine its IP address
Steps
Once you obtain both the IP address of the Domain Controller and the User Sync Service Server, you can start to “break down” the Wireshark traffic logs.
Microsoft LDAP port information can be found below. Default ports for LDAP requests are 636 and 3269.
The best way to isolate traffic between the Domain Controller and the User Sync Server is to filter the Wireshark logs by the IP address of the Domain Controller.
The filter I recommend using is ip.src == {ip of Domain Controller} This will give you all of the traffic to and from the Domain Controller from the machine the Wireshark capture was performed on (this should be the User Sync Service server which in most cases will be an Integration server).
You should see LDAP traffic (as shown) between the DC and the USS server
In this example the DC is 192.168.1.4 and the USS server is 192.168.1.91, The LDAP protocol traffic is identified along with the CN path of the LDAP query. Farther down the results, you should see traffic identified as SMB2 protocol which is the packet traffic that carries the data that is being returned from the LDAP query and which is being synchronized with the Datasource via the User Sync Service.
The port numbers vary on the SMB2 ports, as once Windows takes the LDAP request, it appears to automatically manage the ports used in the transfer of the data.
See Also
If applicable include links to other documents here.