The following sections contains a list of common error messages.
Source:
The status log or DSTrace screen.
Explanation:
The driver can’t open the LDAP port on the Active Directory domain controller configured for synchronization.
Possible Cause:
The server named in the driver authentication context is incorrect.
Possible Cause:
You are using an IP address for authentication context, and you have disabled non-Kerberos authentication to Active Directory. Kerberos requires a DNS name for authentication context.
Possible Cause:
You have incorrectly configured the driver to use an SSL connection to Active Directory.
Action:
The authentication context should hold the DNS name or the IP address of the domain controller you use for synchronization. If you leave the parameter empty, the driver attempts to connect to the machine that is running the driver shim (either the same server that is running IDM, or the server hosting the Remote Loader).
Action:
The driver shim can authenticate only using the pre-Windows 2000 Logon method or simple bind. If you have disabled NTLM, NTLM2, and simple bind on your network, you might receive the LDAP_SERVER_DOWN message.
Action:
Something is wrong with the certificate that was imported to the driver shim server, or no certificate was imported.
Source:
The status log or DSTrace screen.
Explanation:
The driver is unable to authenticate to the Active Directory database.
Action:
Try to authenticate to the Active Directory database again.
Solution:
Unhide the driver parameter of retry-ldap-auth-unknown to allow the driver to retry the authentication when it fails.
-
Open the driver configuration file in the an XML editor.
-
Search for retry-ldap-auth-unknown.
-
Change the hide=“true” to hide=“false”.
-
Access the driver parameters, see Section E.1.5, Driver Parameters for more information.
-
Select error, then select .
-
Click , then restart the driver.
Error initializing connection to DirXML: SSL library initialization error: error:00000000:lib(0) :func(0) :reason(0)
Source:
The status log or DSTrace screen.
Explanation:
The Remote Loader cannot make an SSL connection to the Identity Manager engine.
Possible Cause:
Incorrect format for the certificate file.
Action:
If you are running a Windows 2003 R2 SP1 32-bit server, and are using a self-signed certificate format of DER, the connection fails. The certificate has to have a base 64 format for the SSL connection to work.