Connection to Active Directory fails during PIM installation.
search cancel

Connection to Active Directory fails during PIM installation.


Article ID: 33660


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


During PIM installation, while selecting the "User Store Type" as "Active Directory", after providing the required details the following error message in the foreground is as under:

"Could not connect to the Active Directory. Please enter the Active Directory connection information"

The above message is displayed, even though all the required details are provided and are correct.



Privileged Identity Manager 12.9


The user with which the connection to the Active Directory is being performed has either one or both of these characters in the password, the characters are % (percentile symbol) and “(double quotes).

Below is the script we execute in the background along with the detailed error message:

-- Execute AD Connection Check

"C:\jdk1.7.0\bin\java.exe" -cp "C:\Users\Administrator\AppData\Local\Temp\2\226412.tmp\ca-ac-javautils.jar" shell.Jndi -action connect -contextFactory com.sun.jndi.ldap.LdapCtxFactory -jndiUrl ldap:/<LDAP Server name>:<port> -usr  <User DN>< XXXX password>

EXECUTE_STDERR = Error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]


Error details:

 javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
 LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v23f0 ]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.connect(
        at com.sun.jndi.ldap.LdapCtx.<init>(
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
        at javax.naming.spi.NamingManager.getInitialContext(
        at shell.Jndi.getContext(
        at shell.Jndi.connect(
        at shell.Jndi.connect(
        at shell.Jndi.main(


Make sure that the password for the bind user does not contain the % (percentage symbol) or “ (double quotes) any where in the password string. The same problem would arise even if the password for this user is modified later on having the same characters in the password string.