Failed Execution of Run_UST_Live in Adobe UST

[rmusick]

Hi All I am having an issue with our AUST server. Up until sometime last year, the tool would run perfectly and Sync our AD users into Adobe Enterprise. However it stopped working, When I check the log files, I see this:

2023-07-09 05:00:27 3464 CRITICAL main - Connection to org 5769149755D363A97F000101@AdobeOrg at endpoint https://usermanagement.adobe.io/v2/usermanagement failed: ('Connection aborted.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)) 2023-07-09 05:00:27 3464 INFO main - ========== End Run (User Sync version: 2.4.3) (Total time: 0:00:18)

When I run it under my domain admin account, the script will run flawlessly. Does anyone have any suggests?

[Luci2015]

some questions I'd ask in order to troubleshoot:

• when you run it under your admin account, do you use the usual .bat file that the task scheduler is using to start the script, or do you write the commands in command line?
• if you type "set" in command line, do you see an HTTPS_PROXY variable printed on the screen? If it does, is that proxy/port still valid?
• does the batch file that is used to trigger the script contain any "set HTTPS_PROXY=..." commands? If yes, is that proxy value still required/correct?
• last thing I'd check would be permissions to call our 2 public endpoints for the running account (whatever runs the task by default).

If you can't figure this out on your own, open a support ticket and ask for developer support on UST

[rmusick]

1. when you run it under your admin account, do you use the usual .bat file that the task scheduler is using to start the script, or do you write the commands in command line? Yes, I log into the server with my administrative account and run it as admin. Works fine. _2. if you type "set" in command line, do you see an HTTPSPROXY variable printed on the screen? If it does, is that proxy/port still valid? I don't even see a variable for this value on the system.

_does the batch file that is used to trigger the script contain any "set HTTPSPROXY=..." commands? If yes, is that proxy value still required/correct? This is the only items that are in the bat file: cd /D "%~dp0" python user-sync.pex --process-groups --users mapped

last thing I'd check would be permissions to call our 2 public endpoints for the running account (whatever runs the task by default). Permissions on our side or Adobe's side?

[Luci2015]

I was referring to local account permissions for service acct that runs the task vs your acct. Since you do not seem to have a proxy setup and it does run when you run it as admin, it points to a local permissions issue. Most of the times, this error is met when a proxy is in between and the tool attempts to connect directly to the endpoints instead of passing through the proxy, but you'd have the error on all running accounts, including local admins. Something must have changed if it used to run and now it doesn't - possible some group policy? have you tried to login with the service account on the server (same svc that runs the task for UST) and run the batch file manually - do you get same error? How about right click -> "Run as administrator" does it change anything?

This is mainly an analysis that should be made locally to your environment. Above are just some hints that have helped others resolve this issue.

[adorton-adobe]

@rmusick Ensure the server running the UST can make HTTPS calls to the hosts usermanagement.adobe.io and ims-na1.adobelogin.com for each of the user accounts in question. It's likely there is an upstream proxy that is preventing outgoing HTTPS calls made by the service account. I recommend raising a ticket with your organization's network security team and asking them to investigate.

There's probably not much for the UST development team to do here, but I'll keep this open for a couple of days in case anything comes up.

[adorton-adobe]

It's been two weeks with no activity. Closing.