Repetitive Invalid Credential errors when AD Endpoint is configured with SASL security

book

Article ID: 185853

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

I have set up SASL Security configured AD Endpoint, with Failover for AD, and User ID in Endpoint Configuration is specified as '<username>' only, e.g. srv_ca (without Windows domain). I found the following repetitive "Invalid Credentials" errors in AD log.

GetStatusOfAllServers: total servers=11
GetStatusOfAllServers: total threads=11
GetStatusOfAllServers: WaitForMultipleObjects: object 0..11
ldap__bind_s() ..... Thread 0x28d8 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
 Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
 Return Code: 49 --- Reason: Invalid Credentials
ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... ldap__bind_s() ..... Thread 0x3ba4 Connection to Server: DC1.MYDOMAIN.COM; Port: 389
 Credentials: CN=srv_ca,OU=Service Accounts,DC=MYDOMAIN,DC=COM
 Return Code: 49 --- Reason: Invalid Credentials

I have multiple Backup Domain Controllers and configured AD Fail-over. Functionality wise, the Fail-over is not impacted however my Security Team considers this attempting to login AD server suspicious activities.

Cause

This is a known issue that is recorded in DE447532

Environment

Release : 14.3, 14.3 CP1

Component : Identity Manager

Resolution

At the time this article is written, the following production fix is available to address this issue
          HF-DE447045-DE447715-DE447532.zip
Please raise a Support Call Ticket and request for the fix.

This hot fix is for CCS, i.e. external Connector Server on Windows. This fix replaces E2KPS.dll and W2KNamespace.dll in CCS bin directory.

This hot fix is also applicable on top of CSS that is installed from External Connector installation you have downloaded from vApp with IM 14.3 CP1.
Currently this issue is planned to be addressed in IM 14.3 CP2.