After either rebooting the Provisioning Server machine or restarting all DSAs and the Provisioning Server, the Provisioning Server service does not start.

From Service window we have the error message:

"error code 21"

The im_ps.log file display the following messages:

[14:21:06.078:00000B38] reading config file D:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\fips.conf

TLS: can't connect.

[14:21:09.218:00000B38] backend_startup: bi_db_open 0 failed!

[14:21:09.265:00000B38] slapd stopped.

[14:21:09.265:00000B38] connections_destroy: nothing to destroy.

Check the <hostname>-impd-main.dxc file under DX_HOME\config\ssld\personalities

The "Not After" line shows that is expired.

i.e Not After : Feb 22 19:28:51 2017 GMT

Because the certificate expired, re-create all DSAs certificates.

Follow these steps:

1. Backup your DX_HOME\config\ssld folder.

2. Stop all Connector Servers C++ and Java.

3. Stop all DSAs running "dxserver stop all".

4. From DX_HOME\config\bin, run the following command:

       dxcertgen -d <Number_of_Days> certs

       i.e dxcertgen -d 3650 certs       it will generate new certificates valid for 10 years

** If running in a cluster do this on one server and copy the files to the other, then Copy the last key/certificate hash content from 'trusted.pem' file to 'impd_trusted.pem' file on both nodes.

This is required as dxcertgen is CA Directory tool and it puts the trusted root CA in 'trusted.pem' file.

5. Start all DSAs running "dxserver start all".

6. Start both Connector Servers C++ and Java.

7. Start Provisioning Server service.