Password Sync Agent does not propagate the password to accounts
search cancel

Password Sync Agent does not propagate the password to accounts


Article ID: 6135


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


The user/accounts passwords were being synchronizing correct but suddenly it stop to work


Identity Manager


From the Active Directory where you installed PSync Agent, navigate to PSync installation folder, and go the the Logs folder, by default:



Open eta_pwdsync.log file in Text Editor


If you find the message below:

Error: ldap_simple_bind() failed while connecting to 'ldaps://<ProvServer_Hostname>:20390'. 

LDAP error: Invalid credentials. 

Result: Password will be out of sync with eTrust Admin. 


The etapwd user password has expired or someone changed its password.


To fix this problem, open Provisioning Manager using your Super User and search for etapwd user.

- Right click on it, and select Properties

- Select Password tab

- Check if the option "Enable explicit password expiration date" is enabled


If so, you must reset its password, and set a new Password expiration date or disable this option.

If you changed the etapwd password for any reason, you must set this password in ADS machine, where Password Synchronization Agent is installed, using PwdSyncConfig.exe tool located under "password_sync_folder\bin."

Additional Information

For more information about Password Synchronization, please see the documentation Synchronizing Passwords on Endpoints

Related Articles: 

KB 52161 PSync Agent Configuration Best Practices

KB 249339 LDAP error: Invalid credentials during PYNC Password update