11.17 Error Messages

The following sections contains a list of common error messages.

LDAP_SERVER_DOWN

Source: The status log or DSTrace screen.
Explanation: The driver can’t open the LDAP port on the Active Directory domain controller configured for synchronization.
Possible Cause: The server named in the driver authentication context is incorrect.
Possible Cause: You are using an IP address for the authentication context, and you have disabled non-kerberos authentication to Active Directory. kerberos requires a DNS name for the authentication context.
Possible Cause: You have incorrectly configured the driver to use an SSL connection to Active Directory.
Action: The authentication context should hold the DNS name or the IP address of the domain controller you use for synchronization. If you leave the parameter empty, the driver attempts to connect to the machine that is running the driver shim (either the same server that is running Identity Manager, or the server hosting the Remote Loader).
Action: The driver shim can authenticate only by using the pre-Windows 2000 Logon method or simple bind. If you have disabled NTLM, NTLM2, and simple bind on your network, you might receive the LDAP_SERVER_DOWN message. Enable NTLM, NTML2, and simple bind on your network.
Action: Something is wrong with the certificate that was imported to the driver shim server, or no certificate was imported. Either import a certificate, or generate a new certificate and import it.

LDAP_AUTH_UNKNOWN

Source: The status log or DSTrace screen.
Explanation: The driver is unable to authenticate to the Active Directory database.
Action: Try to authenticate to the Active Directory database again.
Solution: Unhide the retry-ldap-auth-unknown driver parameter to allow the driver to retry the authentication when it fails:

  1. Open the driver configuration file in the an XML editor.

  2. Search for retry-ldap-auth-unknown.

  3. Change hide=“true” to hide=“false”.

  4. Access the driver parameters. See Driver Parameters for more information.

  5. Select Driver Settings > Access Options > Retry LDAP Auth unknown error, then select Yes.

  6. Click OK, then restart the driver.

An error was encountered while reading domain on the network 1208

Source: Password Sync Control Panel Applet on Windows server 2008
Action: The Computer Browser service must be started to get the list of computers on the network. By default, it is disabled. In the control panel, go to Administrative tools > Services and start the service.

Unable to locate language file NSL\ENU\ADManagerRes.dll

Source: Running the ADManager tool on Windows 2016 Domain Controller.
Explanation: Displays the following warning message:

Unable to locate language file NLS\ENU\ADManagerRes.dll

Action: Ignore this warning message. This does not cause any functionality loss.