AD password sync with SSL

Hello everyone
The following note is in AD Password sync.connector documentation:
Note: It is strongly recommended that you configure SSL
communication between the connector and Oracle Identity Manager
in your production environment.
However, the configuration of secure client operation (using SSL at the
server) affects all clients. This means that if you use SSL to secure
Oracle Identity Manager communication with the connector, then the
Oracle Identity Manager Design Console and any other custom clients
must also communicate with Oracle Identity Manager using SSL.
I've installed the connector and configured SSL and it is working fine. Design console can still connect to OIM without using SSL. What is this note all about?
Thanks

Because you have enabled both SSL and non-SSL port. Once you will disable the non-ssl (recommended in prod) you will not able to access the Design Console.
I am struggling to use PassSync with SSL. I have two DCs and I imported the certificate on both DCs. Installed the PassSync Connector with Use SSL value to "Yes" and giving OIM SSL port and OIM host name. However, PassSync is not working and log is showing OIM is down. I tested the https url of OIM from both DCs and able to access from there. Do you have any idea what could be the cause?
Thanks

Similar Messages

  • OIM Password Sync with SAP

    Hi,
    I have a requirement of password sync between OIM and SAP. Do you have any idea of how we can achieve this?
    Is there any out of box connector for the password sync with SAP?
    Please let me know.
    thanks in advance
    Edited by: IDMuser19 on Jul 26, 2010 2:17 PM

    Ramesh,
    Are you using the password hook or something from the framework?
    The password hook only works with Microsoft Active Directory.
    If you're using a framework task or other job or a custom task you almost always need a SSL enabled connection to the LDAP server.
    Hope this helps.
    Matt

  • Error while password sync with Active directory.

    Hi all.
    Am doing active directory password sync with oim 11g but this gives an error
    Debug [07/31/12 11:52:14] CONFIG VALUE LENGTH
    Debug [07/31/12 11:52:14] 254
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] Before adding configsync attributes
    Debug [07/31/12 11:52:14]
    sgslrgac instance
    Debug [07/31/12 11:52:14] User Name --->
    Debug [07/31/12 11:52:14] TEST.TEST10
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] RelativeId:
    Debug [07/31/12 11:52:14] 1122
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14]
    sgsladac Instance
    Debug [07/31/12 11:52:14]
    LDAP Connected
    Debug [07/31/12 11:52:14] search string :
    Debug [07/31/12 11:52:14] (&(objectCategory=person)(objectClass=user)(sAMAccountName=TEST.TEST10))
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] Connected to ADSI
    Debug [07/31/12 11:52:14] After Search
    Debug [07/31/12 11:52:14] SID::
    Debug [07/31/12 11:52:14] S-1-5-21-449192332-2375483478-3823051035-1122
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] DN::
    Debug [07/31/12 11:52:14] CN=test test10,CN=Users,DC=thakralone,DC=com
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] GUID:::
    Debug [07/31/12 11:52:14] QHetRJE7hEKkG8PeqYRKlQ==
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14] after ladp search
    Debug [07/31/12 11:52:14] Success sgsldpap
    Debug [07/31/12 11:52:14]
    Passlen populated :
    Debug [07/31/12 11:52:14] 190
    Debug [07/31/12 11:52:14]
    Debug [07/31/12 11:52:14]
    Moving sgsloidi from asynchSystem
    Debug [07/31/12 11:52:14] Store Object populated
    Debug [07/31/12 11:52:14] [getObjectGuid=QHetRJE7hEKkG8PeqYRKlQ==
    getPasswordLen=190
    getUserDn=CN=test test10,CN=Users,DC=thakralone,DC=com
    getUserId=TEST.TEST10
    Debug [07/31/12 11:52:14]
    ***end of status
    Debug [07/31/12 11:52:14]
    Out of sgsloidi from asynchSystem
    Debug [07/31/12 11:52:14]
    Before Free
    Debug [07/31/12 11:52:14]
    After Free
    i have tried to reconfig and reinstall the connector but still the same issue.

    Don't think so.
    Reconcile will just find accounts that are out of sync (that is, that exist on one system but not the other). It doesn't update account attributes.
    ActiveSync can identify and process changed records, but the password itself is hashed, so unless you can use the hashed password directly (and IDM can't) then you just would get "garbage" data via the sync.
    I think you do need to use one of the PasswordSync tools for this, because they intercept the password change process before the password is hashed, allowing you to apply the changes in multiple locations.

  • PASSWORD SYNC WITH AD

    Hi All,
    Please Help Regarding This Issue
    I Cannot Resolve password sync with this AD
    My Idm Version Is 9.1
    My Active Directory Running on Windows 2003
    =========================================================================================
    My AD SYNC LOG
    15 Sep 2008 19:05:51 INFO Logger created
    15 Sep 2008 19:05:51 INFO Triggering Password Synchronization mechanism
    15 Sep 2008 19:05:52 INFO Value of the installedFlag=>true
    15 Sep 2008 19:05:52 INFO Password Reset Installed..get the ITResourceType and ITResourceName
    15 Sep 2008 19:05:52 INFO IT ResourceType Name=> AD Server
    15 Sep 2008 19:05:52 INFO ITResourceName=> ADITResource
    15 Sep 2008 19:05:52 INFO Checking for OIM Server to synchronize password for the user--> IDMUSER
    15 Sep 2008 19:05:52 INFO Port: 1099
    15 Sep 2008 19:05:52 INFO Host: idmkuneh
    15 Sep 2008 19:06:04 INFO OIM Server is up and running !!
    15 Sep 2008 19:06:04 INFO Logging to OIM server
    15 Sep 2008 19:06:04 INFO Logging into OIM Server with an auth mechanism
    15 Sep 2008 19:06:04 INFO Necessary Configurations read
    15 Sep 2008 19:06:04 INFO Logging into OIM Server with uname/pwd based auth
    15 Sep 2008 19:06:04 INFO Finally !!
    15 Sep 2008 19:06:04 INFO Before System.exit(0):
    =========================================================================================
    MY XLCONFIG.XML
    - <xl-configuration>
    <appServerName>jboss</appServerName>
    - <Discovery>
    - <CoreServer>
    <java.naming.provider.url>jnp://idmkuneh:1099</java.naming.provider.url>
    <java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
    </CoreServer>
    </Discovery>
    - <Security>
    - <XLSymmetricProvider>
    - <KeyStore>
    <Provider>com.sun.crypto.provider.SunJCE</Provider>
    </KeyStore>
    </XLSymmetricProvider>
    - <XLPKIProvider>
    - <KeyStore>
    <Location>.xlkeystore</Location>
    <Password encrypted="true">FlbwcjDZAB0hS3Q8F7PB4g==</Password>
    <Type>JKS</Type>
    <Provider>sun.security.provider.Sun</Provider>
    </KeyStore>
    - <Keys>
    - <PrivateKey>
    <Alias>xell</Alias>
    <Password encrypted="true">FlbwcjDZAB0hS3Q8F7PB4g==</Password>
    </PrivateKey>
    </Keys>
    <SignatureAlgorithm>SHA1withDSA</SignatureAlgorithm>
    <SignatureProvider>sun.security.provider.Sun</SignatureProvider>
    <VerifySigner>false</VerifySigner>
    </XLPKIProvider>
    </Security>
    - <!-- Configuration for AD Password Sync Adapter
    -->
    - <ADSync>
    - <Login>
    <UseSignature>false</UseSignature>
    <Username>xelsysadm</Username>
    <Password encrypted="true">aPM3F6YImvbctkGkE4C4Ww==</Password>
    </Login>
    - <UserMatch>
    - <!-- UserID and UDF
    -->
    <MatchingMethod>UserID</MatchingMethod>
    <FieldName>UD_ADUSER_LOGIN</FieldName>
    <ResourceObject>AD User</ResourceObject>
    </UserMatch>
    - <Result>
    <UpdateUDF>false</UpdateUDF>
    <FieldName>USR_UDF_ADPWDRES</FieldName>
    <SuccessValue>SUCCESS</SuccessValue>
    <FailureValue>FAIL</FailureValue>
    <AppendTimeStamp>true</AppendTimeStamp>
    </Result>
    - <ADConnectorConfig>
    <Installed>true</Installed>
    <ITResourceType>AD Server</ITResourceType>
    <ITResourceName>ADITResource</ITResourceName>
    </ADConnectorConfig>
    </ADSync>
    - <Cache>
    - <XLCacheProvider>
    <MultiCastAddress>10.10.10.30</MultiCastAddress>
    </XLCacheProvider>
    </Cache>
    </xl-configuration>
    =========================================================================================
    Thanks Before
    Gde

    Which version of AD Connector and AD Pass Sync Agent are you using?
    I think the Filed Name is now UD_ADUSER_UID.
    Did you complete all the post installation steps of Password Sync Agent?

  • How to have SAP password sync with Windows AD password

    Hi All,
    Can someone guide me with the setup required to have the SAP password to be in sync with the Windows Active Directory password?
    Thanks
    Vijay

    Hello Vijay,
    UME means  User Management Engine which provides central user administration for all
    Java applications. The UME is  used as the default user store as of SAP Web Application
    Server 6.40. The UME is integrated into SAP Web Application Server Java as a service.
    The UME itself administers users and uses databases, directory services, or the
    SAP ABAP user administration to store the data. With newer versions of SAP Web Application
    Server, the UME is set as the default user store.
    SAP recommends that, as of SAP Web Application Server Java
    6.40, you use the UME, which is preconfigured by default during the
    installation, as the user store.
    The UME has its own user management administration console for
    administering users. It allows  to perform the routine tasks
    of user administration, such as creating users and groups, role assignment,
    and other actions.
    The UME provides different self-service scenarios that can be used by
    applications. For example, a user can change his or her data, or register as a
    new user.
    Security settings can be used to define minimum
    password length and the number of incorrect logon attempts before a user is
    locked etc
    The UME logs  unsuccessful logons,incorrect logon attempts,changes to user data etc
    Hope this satisfies your querry to some extent.
    Pl dont forget to award points if resolved.
    Regards

  • ADLDS password sync with DB2

    We have one application for storing ID & password and that working fine. How we have to sync those users and passwords with ADLDS. 
    1. Can the LDS server be configured to use the MD5 hashed password, either directly from the database  or by periodic import?
    2 Can the LDS server be configured to use the other plain text credentials, either directly from the database  or by periodic import?
    AliahMurfy

    I don't believe you can sync with any free software from Microsoft, but you coul duse a product from Dell.
    Quick Connect Connector
    http://software.dell.com/products/quick-connect-for-base-systems/quick-connect-connector-matrix.aspx
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Zen Password sync with win2k (Not grey box issue)

    Is there anyway to automatically sync a users Novell password and their
    local win2k password? We have our Novell accounts set to prompt form a
    password change every 90 days. We a group of users that are bouncing
    around from PC to PC and they may not use a PC for over 90 days and are
    prompted to manually sync their windows password with their Novell
    password.
    The only solution I can come up with is to give them NT accounts to
    eliminate the local windows password problem. Under the Novell 4.9SP2
    client and earlier: If they use one PC and don't bounce around their Zen
    policy automatically updates the local windows password when a 90 day
    Novell password change takes affect. This isnt the case when they bounce
    to another PC that they haven't logged in for over 90 days where their
    windows password is different from their Novell password.

    On Fri, 21 Jan 2005 14:14:40 +0000, dunlevyt wrote:
    > Is there anyway to automatically sync a users Novell password and their
    > local win2k password? We have our Novell accounts set to prompt form a
    > password change every 90 days. We a group of users that are bouncing
    > around from PC to PC and they may not use a PC for over 90 days and are
    > prompted to manually sync their windows password with their Novell
    > password.
    What about Dynamic Local User?
    It will handle this perfectly for you.
    The following link contains information about this policy
    http://tinyurl.com/68yzo
    -Jared
    Novell Support Forums SysOp

  • AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

    I have set up AD password sync with from AD to OIM 11G R2
    The password syncs from AD to OIM 11G R2 on non ssl port 389.
    But if fails on SSL Port 636.
    Errors in OIMMain.Log:_
    Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
    Debug [10/11/2012 10:49:34 AM]
    ldap_connect failed with
    Debug [10/11/2012 10:49:34 AM] Server Down
    Debug [10/11/2012 10:49:34 AM]
    Steps Carried Out thus far:_
    AD is up and running.
    Configured AD Password Sync Connector on 636 and selected ssl.
    Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
    Imported Certificate to AD. After this, restarted the AD
    I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
    Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
    Help would be appreciated.
    Many Thanks

    This question is now been fixed.
    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.
    Thanks

  • OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.

    Followed the steps describe in "Deploying the connector"
    http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
    section
    Pre-Installation both SSL n non-SSL works for SPML verification.
    For JBoss Application Server:
    http://IP ADDRESS:8080/spmlws/services/HttpSoap11
    https://IP ADDRESS:8443/spmlws/services/HttpSoap11
    Post Installation - configured SSL.
    On AD machine logs following error message is displayed:
    MAX_RETRY LIMIT count is not updated: OIM is down
    Following meta-link ID 1073889.1
    https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
    explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
    oimport is 8443
    Any suggestion.
    Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
    as i found a similar thread in OTN forum where user had issues over SSL.

    Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
    Debug [7/8/2010 6:35:45 AM] oimport is
    Debug [7/8/2010 6:35:45 AM] 4443
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimsslclient is
    Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimuserattr is
    Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimusessl is
    Debug [7/8/2010 6:35:45 AM] Y
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimappservertype is
    Debug [7/8/2010 6:35:45 AM] 2
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
    Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
    Debug [7/8/2010 6:35:45 AM] The SOAP start element is
    Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
    Debug [7/8/2010 6:35:45 AM] The SOAP end element is
    Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
    Debug [7/8/2010 6:35:45 AM] The path is
    Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters

  • AD password Sync connector .. LOAD Balanced

    we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
    Akshay

    In password synch the event stream is as follows:
    User changes password on the user's machine
    The user's machine contacts a "suitable" AD domain controller and updates the user password
    The first AD domain controller contacts other AD DCs in order to replicate the change
    At some point the AD DC that contains the OIM password synch client module gets updated
    The AD password synch client module contacts OIM and updates the password in OIM
    Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
    Best regards
    /Martin

  • Password Sync not happening in AD with SSL 636

    I am working on OIM 9.1.0. I followed the Connector Guide for Microsoft Active Directory Password Synchronization.(Connector version 9.1.1)
    Configured AD with SSL. AD SSL Provisioning (636) is working fine.
    Configuration of SSL on Weblogic was done (generation of keys, signing, export, etc) & imported the Certificate in AD.
    Installed Password Sync on AD(389) without SSL & it worked.
    I re-configured it to SSL (AD 636) but it shows errors
    Can anyone give some info on it.
    ***********Inside sgslldpcopenLDAPConnection****************
    Debug [2/9/2012 4:43:35 PM] Inside sgsladac c-tor
    Debug [2/9/2012 4:43:35 PM] AD Host
    Debug [2/9/2012 4:43:35 PM] 10.129.149.131
    Debug [2/9/2012 4:43:35 PM]
    Debug [2/9/2012 4:43:35 PM] AD Port
    Debug [2/9/2012 4:43:35 PM] *636*
    Debug [2/9/2012 4:43:35 PM]
    Debug [2/9/2012 4:43:35 PM] AD Base DN
    Debug [2/9/2012 4:43:35 PM] DC=oimpad,DC=com
    Debug [2/9/2012 4:43:35 PM]
    Debug [2/9/2012 4:43:35 PM]
    Debugging the code
    Debug [2/9/2012 4:43:35 PM] Inside ConnectToADSI
    Debug [2/9/2012 4:43:35 PM]
    ldap_connect failed with
    Debug [2/9/2012 4:43:35 PM] Server Down
    Debug [2/9/2012 4:43:35 PM]
    Debug [2/9/2012 4:43:35 PM]
    Connection to AD failed
    Debug [2/9/2012 4:43:35 PM]
    ***********Out of openLDAPConnection****************
    Debug [2/9/2012 4:43:35 PM] Inside sgsladac destructor
    Debug [2/9/2012 4:43:36 PM] Datastore --- Connect to AD
    Debug [2/9/2012 4:43:36 PM]
    ***********Inside sgslldpcopenLDAPConnection****************
    Debug [2/9/2012 4:43:36 PM] Inside sgsladac c-tor
    Debug [2/9/2012 4:43:36 PM] AD Host
    Debug [2/9/2012 4:43:36 PM] 10.129.149.131
    Debug [2/9/2012 4:43:36 PM]
    Debug [2/9/2012 4:43:36 PM] AD Port
    Debug [2/9/2012 4:43:36 PM] 636
    Debug [2/9/2012 4:43:36 PM]
    Debug [2/9/2012 4:43:36 PM] AD Base DN
    Debug [2/9/2012 4:43:36 PM] DC=oimpad,DC=com
    Debug [2/9/2012 4:43:36 PM]
    Debug [2/9/2012 4:43:36 PM]
    Debugging the code
    Debug [2/9/2012 4:43:36 PM] Inside ConnectToADSI
    Debug [2/9/2012 4:43:36 PM]
    ldap_connect failed with
    Debug [2/9/2012 4:43:36 PM] Server Down
    Debug [2/9/2012 4:43:36 PM]
    Debug [2/9/2012 4:43:36 PM]
    Connection to AD failed
    Debug [2/9/2012 4:43:36 PM]
    ***********Out of openLDAPConnection****************
    Regards,
    Praveen

    Both the URLs are working & I configured the SSL one. Telnet to the port also happens with IP & hostname in OIM & Ad servers
    http://pwoim:7001/spmlws/OIMProvisioning
    https://pwoim:7002/spmlws/OIMProvisioning

  • AD Password Sync Connector in SSL Mode

    Hi,
    The AD Password Sycn connector works fine with non-SSL , but not in SSL mode.
    This is the log generated-
    Debug [11/19/12 15:35:08] Start getting config parameters from registry
    Debug [11/19/12 15:35:08] oimhost is
    Debug [11/19/12 15:35:08] abc.com
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] oimport is
    Debug [11/19/12 15:35:08] 14001
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] oimsslclient is
    Debug [11/19/12 15:35:08] PwdSync
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] oimuserattr is
    Debug [11/19/12 15:35:08] Users.User ID
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] oimusessl is
    Debug [11/19/12 15:35:08] Y
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] oimappservertype is
    Debug [11/19/12 15:35:08] 1
    Debug [11/19/12 15:35:08]
    Debug [11/19/12 15:35:08] End of sgsloidi::getConfigParamters
    Debug [11/19/12 15:35:08] Inside sgsloidi::setParameters
    Debug [11/19/12 15:35:08] The SOAP start element is
    Debug [11/19/12 15:35:08] <processRequest xmlns=""><sOAPElement>
    Debug [11/19/12 15:35:08] The SOAP end element is
    Debug [11/19/12 15:35:08] </sOAPElement></processRequest>
    Debug [11/19/12 15:35:08] The path is
    Debug [11/19/12 15:35:08] /spmlws/OIMProvisioning
    Debug [11/19/12 15:35:08] End of sgsloidi::setParameters
    Debug [11/19/12 15:35:09] Look for client cert
    Debug [11/19/12 15:35:09] Search the opened store
    Debug [11/19/12 15:35:09] Inside sgsloidiOIMDownErrorHandler
    Please suggest.

    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configure oim port to be same(ex:140001) which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.

  • Password sync error using SSL

    Hello All,
    I installed password sync in a Windows 2003 server SE.
    The application server(websphere 5) is using SSL.
    The waveset version is 5.5.
    I manualy registered the dll DotNetWrapper.dll but I am still getting the following log:
    ,110): Version: 'Sun Identity Manager 5.0 (20041020 SP 2)'
    pwicsvc.cpp,594): Enter: ReadRegisterySettings
    pwicsvc.cpp,637): Error reading USE_SSL from registry.
    pwicsvc.cpp,666): Proxy Port: 8080
    pwicsvc.cpp,751): Error reading SecurityFlags from registry.
    pwicsvc.cpp,763): Error reading ConnectionFlags from registry.
    pwicsvc.cpp,779): Exit: ReadRegisterySettings
    pwicsvc.cpp,511): WINVER: Windows Active Directory
    pwicsvc.cpp,557): Service::svc
    pwicsvc.cpp,374): Enter: waitForIntercepts
    pwicsvc.cpp,402): Waiting for client.Requests Processed: 0 failures: 0
    pwicsvc.cpp,416): read from pipe
    pwicsvc.cpp,420): REQUEST: SRTCTkASGZP1++W/mobdreEAtquTHmFJDTpZ+1fsztFSWSU2j5QdZw==
    pwicsvc.cpp,441):           GETTING NEW SOAP CLIENT
    pwicsvc.cpp,228): Enter: GetClient
    pwicsvc.cpp,245): Soap client created
    pwicsvc.cpp,246): ClientTimeout: 10000
    pwicsvc.cpp,256): Proxy server not specified
    pwicsvc.cpp,260): EndpointURL: https://servername:443/idm/servlet/rpcrouter2
    pwicsvc.cpp,287): SSL Enabled
    ptor.cpp,67): RAEncryptor::Decrypt3DES: input length (16) moded to 2
    pwicsvc.cpp,301): Login failed error code : -2147467259. Disassembing client
    pwicsvc.cpp,321): Exit: GetClient
    pwicsvc.cpp,450): **ERROR: Failed to get soap client.
    pwicsvc.cpp,402): Waiting for client.Requests Processed: 1 failures: 0
    Any help will be appreciated.
    Itay.

    I would like to add that .NET and IE 6 are installed with the OS (Win2003) by default.
    When I surf to the to the endpointURL I get the following message:
    ERROR: org.openspml.server.SOAPRouter: GET is unsupported

  • OIM AD password Sync connector. Connection to AD through SSL

    Hi.
    I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
    At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
    If i set it to 636, it is not able to connect to the AD.
    I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
    To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
    Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
    Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
    Regards.

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • I downloaded the latest update on my MacBook Pro. Now I keep getting a pop-up that iCloud wants my password from an email login I haven't had in a year. Now the calendar won't sync with my iPhone5.

    I downloaded the latest update on my MacBook Pro last week. Now I keep getting a pop-up that iCloud wants my password from an email login I haven't had in a year. I can't find where to delete that email login.  iCloud is also showing my new email login, plus a bogus one I accidentally created trying to fix this problem. Now the calendar on my MacBook Pro won't sync with my iPhone5.

    It sounds like you have the Find my iphone Activation lock for sure. Go to www.icloud.com/find and see if you put in that Apple ID that is coming up and yoru password to see if you are able to sign into the account that way to turn it off. If you are unable to, you will have to contact AppleCare by phone (chat cannot handle account lock outs or forgotten password due to not being able to verify your identity) and see if they can reset it. And are you sure the Apple ID that is coming up yours?

Maybe you are looking for