Environment
NetIQ Directory & Resource Administrator 8.7
Situation
When adding a managed domain you receive an error saying that the service account is not a member of a windows administration group of one or more domains. Also when you look at the user accounts in DRA it does not show them as being a member of any groups.
FIPS is enabled on the the DRA Server.
Resolution
We have a workaround for this issue by creating a config file in the <installation Directory>\NetIQ\DRA\X64 folder that tell the CacheLoader.exe to ignore FIPS. The one call that uses an MD5 hash is not security or authentication related; it is used solely to generate unique IDs for the Mongo database.
2. Create a file named DRACacheLoader.exe.config
3. Open DRACacheLoader.exe.config with Notepad.
4. Paste the below text in to the DRACacheLoader.exe.config file
To resolve this issue:
2. Create a file named DRACacheLoader.exe.config
3. Open DRACacheLoader.exe.config with Notepad.
4. Paste the below text in to the DRACacheLoader.exe.config file
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<runtime>
<enforceFIPSPolicy enabled="false"/>
</runtime>
</configuration>
Configuration Management >Managed Domains>Double Click Your Domain(s)>Full refresh > Refresh Now
Cause
This is an issue with the MongoDB C# driver running on a FIPS compliant server. This is a known issue with the C# driver that is expected to be fixed in the next release of MongoDB.