Password Synchronization from Test AD to Test CAIDM

book

Article ID: 210493

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

We have a password synchronization issue from Test AD to Test IDM. Raised the below cases and worked accordingly but the issue is not yet resolved.

1) 32369822 (Recommended to upgrade PSA agent ) - Our AD team has upgraded PSA agent on one of the test servers and performed Password reset from this AD server. However, IDM did not receive any updated passwords.

2) 32398400 - Provided all the required details queried by your team but no major guidelines to resolve the issue but concluded that they are a lot of communication issues within PSA Logs. We internally tried changing the port number from 20390 to 20389  but this did not resolve the issue.

here are a lot of communication issues within your logs on the PSA:

            Error: ldap_simple_bind() failed while connecting to 'ldaps://cltidma0028.NA.KO.COM:20390'.
            LDAP error: Invalid credentials.
            Error: ldap_simple_bind() failed while connecting to 'ldaps://cltidma0029.na.ko.com:20390'.
            LDAP error: Invalid credentials.

Attached logs for reference.

 

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

Reviewing the logs attached we see:

Psynch agent sends the password to the provisioning server

The provisioning server sends the password to the IM server

IM server receives the password via eta notify, and processes the password through the password policies, but has a problem setting the password with this error:

Caused by: javax.naming.CommunicationException: (customer's Hostname Removed):19389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

  There are only a few causes for this error:

1) wrong hostname

2) wrong port

3) the service on that server is not started

4) networking issues between the servers such as firewall or DNS

Basic network troubleshooting can help you here, as Broadcom support is for software issues, and you have not upgraded or changed any Broadcom software something else in the environment is causing the issue.

Please check steps 1 through 4 with troubleshooting from your network team.