Provisioning Server Service Does Not Start - Error Code 21
search cancel

Provisioning Server Service Does Not Start - Error Code 21


Article ID: 6423


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


After either rebooting the Provisioning Server machine or restarting all DSAs and the Provisioning Server, the Provisioning Server service does not start.

From Service window we have the error message:

"error code 21"


Identity Manager 12.x


The im_ps.log file display the following messages:

[14:21:06.078:00000B38] reading config file D:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\fips.conf

TLS: can't connect.

[14:21:09.218:00000B38] backend_startup: bi_db_open 0 failed!

[14:21:09.265:00000B38] slapd stopped.

[14:21:09.265:00000B38] connections_destroy: nothing to destroy.


Check the <hostname>-impd-main.dxc file under DX_HOME\config\ssld\personalities

The "Not After" line shows that is expired.

i.e Not After : Feb 22 19:28:51 2017 GMT



Because the certificate expired, re-create all DSAs certificates.

Follow these steps:

1. Backup your DX_HOME\config\ssld folder.

2. Stop all Connector Servers C++ and Java.

3. Stop all DSAs running "dxserver stop all".

4. From DX_HOME\config\bin, run the following command:

       dxcertgen -d <Number_of_Days> certs

       i.e dxcertgen -d 3650 certs       it will generate new certificates valid for 10 years

5. Start all DSAs running "dxserver start all".

6. Start both Connector Servers C++ and Java.

7. Start Provisioning Server service.