In the Provisioning Manager configuration, both the TLS (20390) and non TLS (20389) ports to the Provisioning Server are specified, but it's not clear which one is used:
Can you please specify which one is used, when both are configured?
Is it possible to provide only the TLS port in the provisioning manager configuration?
All Identity Manager
Both ports need to be configured and which one is used depends on the below settings and where the Provisioning Manager is installed related to the Provisioning Server.
The following Windows Registry entries, which are located in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ComputerAssociates\Identity Manager\Provisioning Manager which define the security settings of a Provisioning Manager installation. Each entry can have one of the following values:
0-Do not encrypt communications.
1-Encrypt communications.
ETRUST_LDAPOPEN_NEED_TLS
Determines whether the communication channel between Provisioning Manager and the Provisioning Server should be encrypted. The default value is 1.
ETRUST_LOCALHOST_NEED_TLS
When the Provisioning Manager and Provisioning Server are located on the same host, the Provisioning Manager will communicate with the Provisioning Server through localhost (a network interface for the local machine). This registry value determines whether the communication channel is encrypted. The default value is 0, because there is no need to encrypt the communications traffic that passes through localhost.