10.15 Error Messages

The following sections contains a list of common error messages.

LDAP_SERVER_DOWN

Source: The status log or DSTrace screen.
Explanation: The driver can’t open the LDAP port on the Active Directory domain controller configured for synchronization.
Possible Cause: The server named in the driver authentication context is incorrect.
Possible Cause: You are using an IP address for authentication context, and you have disabled non-Kerberos authentication to Active Directory. Kerberos requires a DNS name for authentication context.
Possible Cause: You have incorrectly configured the driver to use an SSL connection to Active Directory.
Action: The authentication context should hold the DNS name or the IP address of the domain controller you use for synchronization. If you leave the parameter empty, the driver attempts to connect to the machine that is running the driver shim (either the same server that is running Identity Manager, or the server hosting the Remote Loader).
Action: The driver shim can authenticate only using the pre-Windows 2000 Logon method or simple bind. If you have disabled NTLM, NTLM2, and simple bind on your network, you might receive the LDAP_SERVER_DOWN message.
Action: Something is wrong with the certificate that was imported to the driver shim server, or no certificate was imported.

LDAP_AUTH_UNKNOWN

Source: The status log or DSTrace screen.
Explanation: The driver is unable to authenticate to the Active Directory database.
Action: Try to authenticate to the Active Directory database again.
Solution: Unhide the driver parameter of retry-ldap-auth-unknown to allow the driver to retry the authentication when it fails.
  1. Open the driver configuration file in the an XML editor.

  2. Search for retry-ldap-auth-unknown.

  3. Change the hide=“true” to hide=“false”.

  4. Access the driver parameters, see Section A.1.5, Driver Parameters for more information.

  5. Select Driver Settings > Access Options > Retry LDAP Auth unknown error, then select Yes.

  6. Click OK, then restart the driver.

Error initializing connection to DirXML: SSL library initialization error: error:00000000:lib(0) :func(0) :reason(0)

Source: The status log or DSTrace screen.
Explanation: The Remote Loader cannot make an SSL connection to the Identity Manager engine.
Possible Cause: Incorrect format for the certificate file.
Action: If you are running a Windows 2003 R2 SP1 32-bit server, and are using a self-signed certificate in DER format, the connection fails. The certificate must have a Base64 format for the SSL connection to work.

An error was encountered while reading domain on the network 1208

Source: Password Sync Control Panel Applet on Windows 2008
Action: The Computer Browser service must be started to get the list of computers on the network. By default, it is disabled. Go to Administrative tools > Services and start the service.