Connection to Active Directory fails during PIM installation.


Article ID: 33660


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)



During PIM installation, while selecting the "User Store Type" as "Active Directory", after providing the required details the following error message in the foreground is as under:

"Could not connect to the Active Directory. Please enter the Active Directory connection information"

<Please see attached file for image>


The above message is displayed, even though all the required details are provided and are correct.


- PIM R12.8 / R12.9
- Microsoft® Active Directory as the user store


The user with which the connection to the Active Directory is being performed has either one or both of these characters in the password, the characters are % (percentile symbol) and “(double quotes).

Further description of the cause and associated error message in the background.

In the background we are capturing the following error message, which is not the correct cause for the connection not to happen (binding to Active Directory), it’s a false error message that going by LDAP error code 49.

Below is the script we execute in the background along with the detailed error message:

-- Execute AD Connection Check

"C:\jdk1.7.0\bin\java.exe" -cp "C:\Users\Administrator\AppData\Local\Temp\2\226412.tmp\ca-ac-javautils.jar" shell.Jndi -action connect -contextFactory com.sun.jndi.ldap.LdapCtxFactory -jndiUrl ldap:/<LDAP Server name>:<port> -usr  <User DN>< XXXX password>

EXECUTE_STDERR = Error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]


Error details:

 javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
 LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.connect(
        at com.sun.jndi.ldap.LdapCtx.<init>(
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
        at javax.naming.spi.NamingManager.getInitialContext(
        at shell.Jndi.getContext(
        at shell.Jndi.connect(
        at shell.Jndi.connect(
        at shell.Jndi.main(



Make sure that the password for the bind user does not contain the % (percentage symbol) or “ (double quotes) any where in the password string. The same problem would arise even if the password for this user is modified later on having the same characters in the password string.



Release: ACP1M005900-12.9-Privileged Identity Manager


1558699631110000033660_sktwi1f5rjvs16oqu.png get_app