Password Sync Agent does not propagate the password to accounts

book

Article ID: 6135

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

The user/accounts passwords were being synchronizing correct but suddenly it stop to work

Cause

From the Active Directory where you installed PSync Agent, navigate to PSync installation folder, and go the the Logs folder, by default:

 "password_sync_folder\Logs

 

Open eta_pwdsync.log file in Text Editor

 

If you find the message below:

Error: ldap_simple_bind() failed while connecting to 'ldaps://<ProvServer_Hostname>:20390'. 

LDAP error: Invalid credentials. 

Result: Password will be out of sync with eTrust Admin. 

 

The etapwd user password has expired or someone changed its password.

Environment

Identity Manager 12.x and 14.0Identity Suite 12.x and 14.0

Resolution

To fix this problem, open Provisioning Manager using your Super User and search for etapwd user.

- Right click on it, and select Properties

- Select Password tab

- Check if the option "Enable explicit password expiration date" is enabled

 

If so, you must reset its password, and set a new Password expiration date or disable this option.

If you changed the etapwd password for any reason, you must set this password in ADS machine, where Password Synchronization Agent is installed, using PwdSyncConfig.exe tool located under "password_sync_folder\bin."

Additional Information

For more information about Password Synchronization, please access https://docops.ca.com

 

Select the product version and navigate to Home > Administrating > Password Management > Synchronizing Passwords on Endpoints