0x000006BA Error connecting to Domain Controller Running password filter

  • 7016708
  • 27-Jul-2015
  • 10-Mar-2021

Environment

NetIQ Identity Manager Driver - Active Directory

Situation

When attempting to connect to the Domain Controller running the password sync filter,  a RPC 0x000006BA error is returned.


--------------------- Remote loader trace, level 5 --------------------
DirXML: [07/02/15 09:25:40.64]: ADDriver: [PWD 2004]   lpszDCName = <name of domain>    status = 0x000006BA
DirXML: [07/02/15 09:25:40.64]: ADDriver: [PWD 2004] - SetFilterInfo() returned 0x000006BA
----------------------------------------------------------------------------

Here is a definition of the 6BA error from Microsoft's site. Please refer to Microsoft's documentation for further information on this Microsoft error.
System error 1722 has occurred (0x000006ba)   The RPC server is unavailable

Resolution

Possible Solutions.
1.  A DNS issue in the environment can be causing an issue with RPC communications.   After resolving the DNS issue, the RPC error was fixed and passwords started to synchronize from AD to eDirectory.
2.  A Firewall blocking higher ports between the remote loader server and the domain controller running the password sync filter (pwfilter.dll) could also case a 6BA error.  
3.  If port 88 is blocked, it will also cause the error.

Cause

1.  The DNS problem could be that either the remote loader server that runs the driver is not able to resolve the domain controller, or that the domain controllers are not able to resolve back the remote loader servers. The latter is more common cause.

2.  Upon startup the remote loader attempts to contact each DC running the password filter.   The initial connection is made through port 135.   If that is connected, then a connection is attempted under a higher port (5XXXX), if the connection fails under that higher port, then a 6BA error can be produced.

3.  When the driver is configured to use Authentication Method as Negotiate it will use Kerberose hence port 88 needs to be open