Error javax.naming.NamingException: LDAP response read timed out, timeout used: 3000 ms when trying to rotate an Active Directory target account in CA PAM
search cancel

Error javax.naming.NamingException: LDAP response read timed out, timeout used: 3000 ms when trying to rotate an Active Directory target account in CA PAM

book

Article ID: 440880

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to rotate an account in Active Directory, it does not work and there is the following error message in catalina.out

2026-04-22T03:43:10.477+0000 SEVERE [com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager] com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.updatePasswordInActiveDirectory Failed to update password in Active Directory
    javax.naming.NamingException: LDAP response read timed out, timeout used: 3000 ms.; remaining name '<Account_CN>'
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:129)
        at com.sun.jndi.ldap.Connection.readReply(Connection.java:469)
        at com.sun.jndi.ldap.LdapClient.processReply(LdapClient.java:887)
        at com.sun.jndi.ldap.LdapClient.modify(LdapClient.java:961)

....

and the target account's password is  not changed

Cause

This may happen if the Active Directory Read and/or Connect Timeout values for the target application used are too low. 

The default is 3000 millisecons, so 3 seconds, which may not be enough for some complex Active Directories. 

Resolution

Please increase the Active Directory Connect Timeout and Active Directory Read Timeout in the Target Application definition and retry

Powered by Wolken Software