error 774 DC not in list with Active Directory driver when getting password changes

  • 7024119
  • 17-Sep-2019
  • 17-Sep-2019

Environment

Identity Manager Driver - Active Directory

Situation

Passwords stop syncing from Active Directory to eDirectory via the IDM AD driver.
With a level 5 remote loader trace we see the error 774 DC not in list.  You will see only a partial list of domain controllers listed in the trace.

Resolution

Problem is that one of the domain controllers has stopped responding to the getdc list command that we issue.
Often rebooting the problem server will solve the problem, but there may be underlying network or Microsoft problems that may cause the problem to reoccur.  To troubleshoot the issue, you can do the following:
The command the driver issues is the same as the DSGet call that you can do at a powershell prompt.
Dsquery server – domain <server DNS name> | dsget server -dnsname -site
If you look at the trace you will see that a “lpszHostName = <server name here>” line shows up, followed by a “lpszDCName = <same server name as before” line.  So, for every DC in the list there is a HostName then a DCName call.
Except the last one in the list you see which should match up with the last server you see in the list.  You will see server name “lpszHostName = <server name>” is there, but not a matching lpszDCName.
We found that it was stopping after that server and NOT continuing to the rest of the DC’s on the list.  This makes some sense that when the Remote Loader is started the list does not get populated with any DC AFTER the problem server.  But, when the other DC’s are restarted, they show up.  There is no RPC/firewall/etc. issue with this DC’s, they just do not get processed on a Remote Loader start.
After restarting the problem server, all the other servers showed up in the list.
Again, if the problem reappears, you may have network, DNS problems, or some other application/server OS configuration causing the problem.