LDAP error code 49 in Policy Server with Active Directory
search cancel

LDAP error code 49 in Policy Server with Active Directory


Article ID: 54575


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


What does "LDAP: error code 49" mean when Microsoft Active Directory is used by the Policy Server as User Directory?



The Policy Server reports Error 49 when the user credentials are invalid.

With Active Directory as the user store, error 49 may appear for multiple reasons.

In the Policy Server log, error 49 is followed by a date code, and this data code gives the exact reason for unsuccessful authentication.

Take the following sample from the Policy Server smps.log:

  [SmDsLdapProvider.cpp:2323][ERROR] (AuthenticateUser) DN: 'CN=xxxxx,OU=People,OU=Dealers,OU=External Business Units, DC=example ,DC=com' . Status: Error 49 . 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893

In this example, "52e" means "invalid credentials".



The Active Directory specific error code is the one after "data" and before "vece" or "v893" in the actual error string in the smps log.

  • 525 - User not found
  • 52e - Invalid credentials
  • 530 - Not permitted to logon at this time
  • 531 - Not permitted to logon at this workstation
  • 532 - Password expired
  • 533 - Account disabled
  • 701 - Account expired
  • 773 - User must reset password
  • 775 - User account locked