11.17 Error Messages

The following sections contains a list of common error messages.

LDAP_SERVER_DOWN

Source: The status log or DSTrace screen.
Explanation: The driver can’t open the LDAP port on the Active Directory domain controller configured for synchronization.
Possible Cause: The server named in the driver authentication context is incorrect.
Possible Cause: You are using an IP address for the authentication context, and you have disabled non-kerberos authentication to Active Directory. kerberos requires a DNS name for the authentication context.
Possible Cause: You have incorrectly configured the driver to use an SSL connection to Active Directory.
Possible Cause: The driver initiates a failover.
Action: The authentication context should hold the DNS name or the IP address of the domain controller you use for synchronization. If you leave the parameter empty, the driver attempts to connect to the machine that is running the driver shim (either the same server that is running Identity Manager, or the server hosting the Remote Loader).
Action: Something is wrong with the certificate that was imported to the driver shim server, or no certificate was imported. Either import a certificate, or generate a new certificate and import it.
Action: Wait for the specified wait period time.

LDAP_AUTH_UNKNOWN

Source: The status log or DSTrace screen.
Explanation: The driver is unable to authenticate to the Active Directory database.
Action: Try to authenticate to the Active Directory database again.
Solution: Unhide the retry-ldap-auth-unknown driver parameter to allow the driver to retry the authentication when it fails:

  1. Open the driver configuration file in the an XML editor.

  2. Search for retry-ldap-auth-unknown.

  3. Change hide=“true” to hide=“false”.

  4. Access the driver parameters. See Driver Parameters for more information.

  5. Select Driver Settings > Access Options > Retry LDAP Auth unknown error, then select Yes.

  6. Click OK, then restart the driver.

Error initializing connection to DirXML: SSL library initialization error: error:00000000:lib(0) :func(0) :reason(0)

Source: The status log or DSTrace screen.
Explanation: The Remote Loader cannot make an SSL connection to the Identity Manager engine.
Possible Cause: Incorrect format for the certificate file.
Action: If you are running a Windows server and a self-signed certificate in DER format, the connection fails. The certificate must have a Base64 format for the SSL connection to work.

An error was encountered while reading domain on the network 1208

Source: Password Sync Control Panel Applet on Windows server 2008
Action: The Computer Browser service must be started to get the list of computers on the network. By default, it is disabled. In the control panel, go to Administrative tools > Services and start the service.