Connection to Active Directory fails during PIM installation.
search cancel

Connection to Active Directory fails during PIM installation.

book

Article ID: 33660

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

During PIM installation, while selecting the "User Store Type" as "Active Directory", after providing the required details the following error message in the foreground is as under:

"Could not connect to the Active Directory. Please enter the Active Directory connection information"

The above message is displayed, even though all the required details are provided and are correct.

 

Environment

Privileged Identity Manager 12.9

Cause

The user with which the connection to the Active Directory is being performed has either one or both of these characters in the password, the characters are % (percentile symbol) and “(double quotes).

Below is the script we execute in the background along with the detailed error message:

-- Execute AD Connection Check

"C:\jdk1.7.0\bin\java.exe" -cp "C:\Users\Administrator\AppData\Local\Temp\2\226412.tmp\ca-ac-javautils.jar" shell.Jndi -action connect -contextFactory com.sun.jndi.ldap.LdapCtxFactory -jndiUrl ldap:/<LDAP Server name>:<port> -usr  <User DN>< XXXX password>

EXECUTE_STDERR = Error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]

 

Error details:

 javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
 LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at shell.Jndi.getContext(Jndi.java:168)
        at shell.Jndi.connect(Jndi.java:70)
        at shell.Jndi.connect(Jndi.java:221)
        at shell.Jndi.main(Jndi.java:333)
 EXECUTE_EXITCODE = 1 

Resolution

Make sure that the password for the bind user does not contain the % (percentage symbol) or “ (double quotes) any where in the password string. The same problem would arise even if the password for this user is modified later on having the same characters in the password string.

Powered by Wolken Software