Limber displays the -603 error if the server has only sub-ref replica of the encrypted attribute policy partition.
To work around this issue, do any one of the following:
Give read access to the NCP server object. You can do this through iManager by adding a trustee at the tree root and giving read access to NCP server object. In the attributes, specify attrEncryptionDefinition and attrEncryptionRequiresSecure.
Give Public Read access to the following attributes through LDAP or ndssch:
attrEncryptionDefinition
attrEncryptionRequiresSecure