search cancel

Error: AD Internal Error:Check AD when logging into IM User Console


Article ID: 16428


Updated On:


CA Identity Manager CA Identity Suite


When configuring the Active Directory Authentication Module for CA Identity Suite 14.x, and setting the BASEDN to the root of the AD domain (example; DC=lab,DC=local) AD will respond to searches with referrals that are not handled correctly by the current version of the Authentication Module.  As a result, a login with correct credentials will return “Error: AD Internal Error:Check AD”. How can this issue be resolved?


Release: 14.x
Component: IDMGR


Configure the SERVERS property to point to the catalog by adding the port

For example

SERVERS=adserver:3268 or adserver:3269 if you use SSL.


Another option is to add a container to the BASEDN.


For Example:



If all the users are in this OU. Another note is the location of the trusted keystore. The path used is %JAVA_HOME%\jre\lib\security\cacerts