Configuration of Password Sync & JMS Listener in fail over in SUN IDM 7.1

HI All,
We are having a set up with IDM running on two Sun application servers pointed to single repository. Sun webserver Reverse Proxy has configured for load balancing.
We have configured JMS Listener adapter for Password Sync and JMS Listener Sync is running on Instance1*
and I copied a copy of .bindings file from Instance1 to Instance2 (I doubt whether this is correct or not) by keeping in mind about load balancing with Reverse Proxy.
Issue
Some times the JMS Listener Sync running on Instance1 is hanging (no polling is happening) and password changes are not happening. To make password changes happen, we are restarting Application server of Instance1 and with this some password are failing to synchronize.
I want to configure High availability or Failover to overcome the above issue.
[http://docs.sun.com/source/819-6123/IDM_admin_passwordsync.html#wp25192] not having any detailed steps to configure failover.
Please provide valuable suggestions
Thanks In Advance
Madhu

The problem appears to be machine account password changes that pass null or corrupted values. Machine accounts are like users, but the password change occur automatically between machine and DC so that the client can be a member of the domain.
We turned up the Password Sync logging were able to see the machine name that occurred before each event, and then researching those machines identified them as NT 4.0 workstations. It turns out that NT 4.0 machines cycle their password every 7 days, down to the second. To say that we were surprised to find these machines still on the network was an understatement.
Contact support for this issue. They have been working on a patch for this.
Jason

Similar Messages

  • OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.

    Followed the steps describe in "Deploying the connector"
    http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
    section
    Pre-Installation both SSL n non-SSL works for SPML verification.
    For JBoss Application Server:
    http://IP ADDRESS:8080/spmlws/services/HttpSoap11
    https://IP ADDRESS:8443/spmlws/services/HttpSoap11
    Post Installation - configured SSL.
    On AD machine logs following error message is displayed:
    MAX_RETRY LIMIT count is not updated: OIM is down
    Following meta-link ID 1073889.1
    https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
    explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
    oimport is 8443
    Any suggestion.
    Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
    as i found a similar thread in OTN forum where user had issues over SSL.

    Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
    Debug [7/8/2010 6:35:45 AM] oimport is
    Debug [7/8/2010 6:35:45 AM] 4443
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimsslclient is
    Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimuserattr is
    Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimusessl is
    Debug [7/8/2010 6:35:45 AM] Y
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] oimappservertype is
    Debug [7/8/2010 6:35:45 AM] 2
    Debug [7/8/2010 6:35:45 AM]
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
    Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
    Debug [7/8/2010 6:35:45 AM] The SOAP start element is
    Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
    Debug [7/8/2010 6:35:45 AM] The SOAP end element is
    Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
    Debug [7/8/2010 6:35:45 AM] The path is
    Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
    Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters

  • Password Sync and HTTPS

    Hi All,
    We are configuring the password Sync in https. In http works and the password was send to the queue.
    In Https the Password Sync Test function works but when there is a change password it returns an error and the password wasn't send to the queue.
    We are using:
    - IDM 7.1 update 1
    - Password Sync 7.1 update 1
    Thanks,
    Zaic
    Server Log on Password Sync Test Function
    [01/Apr/2008:13:40:55 CEST] [B1065]: Accepting: [email protected]:52862->jms:55466. Count=1
    [01/Apr/2008:13:40:55 CEST] [B1066]: Closing: [email protected]:52862->jms:55466 because "[B0059]: Client closed the connection". Count=0
    Log Password Sync on change password
    PwSyncClient::SendToServlet
    04/01/2008 12.16.52.484000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Connecting to idmcluster on port 443
    04/01/2008 12.16.52.500000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,102): Resource is '/idm/servlet/PasswordSync?JNDIProperties=java.naming.factory.initial%3dcom.sun.jndi.fscontext.RefFSContextFactory%3bjava.naming.provider.url%3dfile%3a%2f%2f%2ftmp&accountId=&clientEndpoint=VM103DCP&connectionFactory=IdmQueueConnectionFactory&direct=false&emailEndUser=false&jmsPassword=fp%2frcCDuWhE%3d&jmsUser=admin&password=&queueName=IdmQueue&resourceAccountGUID=96deb639505af842b1cc2ea8c947f06e&resourceAccountId=CN%3dLorenzini_M%2cOU%3dSindacati%2cDC%3dlab%2cDC%3drersdm%2cDC%3dit&resourcePassword=zWQfQiMbgq%2f3o0G1cpWxAg%3d%3d&resourcePasswordLength=10&resourcetype=Windows Active Directory&sessionType=LOCAL'
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,132): httpSendRequest failed
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,139): HTTPSendRequest last error was ...(null)
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,141): HTTPSendRequest last error was ...2F0D
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,157): servlet contact failed
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,165): Exit: PwSyncClient::SendToServlet
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,83): Enter: writeToEventLog
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,105): Exit: writeToEventLog
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,203): Enter: EmailNotification
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,206): Email is not enabled
    04/01/2008 12.16.53.062000 [3572] (e:\waveset\build\idm711-35\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,198): Exit: SyncPassword

    I ran into a similar situation on Linux - https stopped working when we switched default SSL cert provided with Sun App server and switched to a external CA issued cert.
    You may want to check if something is wrong with certificate IDM app server is using.

  • AD Password Sync connector 9.1.1 With OIM 11g R2 - ERROR OVER SSL

    I have set up AD password sync with from AD to OIM 11G R2
    The password syncs from AD to OIM 11G R2 on non ssl port 389.
    But if fails on SSL Port 636.
    Errors in OIMMain.Log:_
    Debug [10/11/2012 10:49:34 AM] Inside ConnectToADSI
    Debug [10/11/2012 10:49:34 AM]
    ldap_connect failed with
    Debug [10/11/2012 10:49:34 AM] Server Down
    Debug [10/11/2012 10:49:34 AM]
    Steps Carried Out thus far:_
    AD is up and running.
    Configured AD Password Sync Connector on 636 and selected ssl.
    Created Certificate on OIM host, configured custom identity key store on weblogic. Restarted Weblogic.
    Imported Certificate to AD. After this, restarted the AD
    I can Telnet port 636 from OIM Box and also connect to AD through LDAP Browser on 636 and view OU and CN, so this seems fine.
    Provisioning from OIM through Connector Server to AD works over SSL and this works fine.
    Help would be appreciated.
    Many Thanks

    This question is now been fixed.
    Instead of explicitly stating 636 for SSL,
    Use the same port 389 for ssl and also configured oim port to be 140001 which is the ssl port for oim in the configuration of OIM Password Sync.
    Export Certificates from AD to java security keystore and to weblogic keystore
    Export .pem certificate created on OIM host machine to AD.
    Restart weblogic, oim and AD
    Everything would work fine.
    For all the other information, refer to doc.
    Thanks

  • OIM AD password Sync connector. Connection to AD through SSL

    Hi.
    I am trying to configure AD password sync connector 9.1.1.5 with patch 14627510 to connecto to AD through SSL.
    At this moment, connector is able to connect to OIM through SSL but not to the AD. If i set AD port number to 389 on the connector configuration, everything works fine.
    If i set it to 636, it is not able to connect to the AD.
    I've imported the AD SSL certificate to <connector install directory>\OIMADPasswordSync\_jvm\lib\security\cacerts and restarted the domain controller but still no luck.
    To test that the certificate and everything else is OK, i've also installed a jxplorer and imported the same certificate into <jexplorer install directory>\jxplorer321\security\cacerts. Jxplorer is able to connect to the AD through SSL on port 636 so user credentials, certificate, etc.. are ok
    Connector documentation doesn't mention anything regarding SSL connection to AD, it only describes SSL connection to OIM.
    Anyone has donde this before? Is there any additional step i should follow to enable SSL connection from AD password sync connector to AD? Does the connector support SSL connection to AD?
    Regards.

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • AD password Sync connector .. LOAD Balanced

    we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
    Akshay

    In password synch the event stream is as follows:
    User changes password on the user's machine
    The user's machine contacts a "suitable" AD domain controller and updates the user password
    The first AD domain controller contacts other AD DCs in order to replicate the change
    At some point the AD DC that contains the OIM password synch client module gets updated
    The AD password synch client module contacts OIM and updates the password in OIM
    Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
    Best regards
    /Martin

  • Password reset problem with Password sync and Waveset exception

    Hi,
    We are using IdM 5 SP 5 with password sync installed on ad.
    Once a user tries to change password by using Ctrl-Alt-Del, password sync intercepts the requests and then invoke an IdM change user password form, but on the log we see the following exceptions. Can anyone identity what are the nature/reason for the exceptions?
    [#|2005-08-17T16:22:14.914-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
    WavesetException: Constructor threw an exception.
    ==> java.lang.reflect.InvocationTargetException:
    ==> Missing required argument "operator". |#]
    [#|2005-08-17T16:22:14.917-0400|WARNING|sun-appserver-ee8.1|javax.enterprise.system.stream.err|_ThreadID=24;|com.waveset.util.WavesetException: Constructor threw an exception.
    ==> java.lang.reflect.InvocationTargetException:
    ==> Missing required argument "operator".
    at com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:366)
    at com.waveset.util.WavesetException.<init>(WavesetException.java:159)
    at com.waveset.util.Reflection.throwInstantiation(Reflection.java:266)
    at com.waveset.util.Reflection.instantiate(Reflection.java:350)
    at com.waveset.expression.ExNew.eval(ExNew.java:144)
    at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
    at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
    at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
    at com.waveset.object.Property.getValue(Property.java:232)
    at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
    at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
    at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
    at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
    at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
    at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
    at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
    at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
    at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
    at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
    at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
    at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
    at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
    Wrapped exception:
    java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
    at com.waveset.util.Reflection.instantiate(Reflection.java:334)
    at com.waveset.expression.ExNew.eval(ExNew.java:144)
    at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
    at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
    at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
    at com.waveset.object.Property.getValue(Property.java:232)
    at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
    at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
    at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
    at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
    at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
    at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
    at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
    at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
    at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
    at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
    at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
    at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
    at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
    Caused by: java.lang.IllegalArgumentException: Missing required argument "operator".
    at com.waveset.object.AttributeCondition.confirmMembers(AttributeCondition.java:436)
    at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:370)
    at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:408)
    ... 38 more
    |#]
    [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
    XPRESS <new> exception:|#]
    [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
    com.waveset.util.WavesetException: Constructor threw an exception.
    ==> java.lang.reflect.InvocationTargetException:
    ==> Missing required argument "operator". |#]
    Thanks,
    David

    If thjis is a reproducible problem log a support case with the traces and have them figure it out for you.
    WilfredS

  • Password Sync Issue:JMS Listener: java.lang.ClassCastException

    Hi,
    For AD Password sync implemetation, I have installed Sun IDM 8.0, Sun Message Queue 4.5, Open DS and Active Directory.
    While configuring the IDM JMS Listner Adapter, I am getting the below error during the Test connection:
    Test connection failed for resource(s):
    JMS Listener: java.lang.ClassCastException: javax.naming.Reference cannot be cast to javax.jms.QueueConnectionFactory
    Can someone please help me out to resolve this issue?

    Can you tell us what you put in the JMS listener fields for:
    java.naming.factory.intial and java.naming.factory.url
    These shoudl match the settings used to create the JMX Queue.
    Looks to me like you simply didn't put the right values in there.

  • JMS Listener configuration problem

    I am installing IDM6.0 and trying to use the password synch feature with Active Directory. Below are my environment details
    tomcat 5.0.28 on linux
    Sun Message Queue 3.6 for JMS
    When I am configuring the JMS Listener adapter I am getting the below error. I have installed the Sun Message Queue and storing the administered objects in a file.
    Test connection failed for resource(s):
    JMS Listener: javax.naming.NameNotFoundException
    If anyone has ever done that earlier it will be very helpful for me.
    Thanks in advance

    Just an update on my last comment
    I had tested this on the windows box. The problem may not be there in the Linux

  • I need help for install and configure password sync from AD to OID

    Hi guys!
    I need to sync passwords from AD to OID, first all, ¿What software do I need? I read some docs and don't find the good config.
    I'm trying with:
    -Database 11g
    -Weblogic 11g
    -SOA 11g
    -IDM 11g
    -IAM 11g
    First I install the Database and load the schemas with RCU, next install Weblogic without domian, next install SOA, next install IDM (OID and DIP) in a new Weblogic Domain, next install IAM, next configure IAM in the domain created before, next configure SSL, check the config by using ldapbind, next configure DIP.
    It's that ok?
    ¿What I am doing wrong?
    Thank you all.

    If all you need is AD & OID then OIM is not required. DIP alone can handle this
    Password sync should work using DIP. if this is not working then check synchronization mapping and verify that password attribute is also part of this AD-OID sync. Enable debug in synchronization profile or raise an Service Request with Oracle support.
    Check
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_actdir.htm#CHDIGDEH
    and
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_config_integration.htm#BABBFAAJ
    and
    http://docs.oracle.com/cd/E23943_01/oid.1111/e10031/odip_adpasswordsync.htm#CHDBIIJC
    Atul Kumar

  • AD Password Sync Connector: Configuring IT Resource Parameters

    Hi,
    In the installation guide of the AD Password Sync Connector there is a step (page 30) to configure the IT Resource (ADITResource) parameters: ADPWSYNCH Installed, ADPWSYNCH OIMFlag and ADPWSYNCH ADFlag. Even after a successful installation of the connector, these parameters were not created during the installation. Do they are created during the installation process or I have to create them manually?
    If they area created during the installation, so the UDF USR_UDF_PWDCHANGEDINDICATION also has to be created, right? In my case, the USR_UDF_PWDCHANGEDINDICATION field also was not created.
    Thanks,
    Renato Guimarães.

    That is the problem...
    When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
    Thanks,
    Renato

  • How configure password sync connector in OIM cluster environmet

    Hi,
    i want some inputs to configure password sync connector in OIM cluster environmet.
    Thanks,

    Use a load balanced URL.
    -Kevin

  • Configuration settings for the AD Password Sync Connector

    Hi,
    I am looking for information on how do retries work for the OIM Password (Sync) Connector for Active Directory. We are currently using version 9.1.1.5.10. If anyone can help answer any of the below questions, it will be very appreciated. Also, if there is a doc that explains this, please do let me know. The official connector doc on the Oracle site provides a good architectural overview but it does not talk about any of these registry settings.
    a) What does this registry setting "OIMConfig\ConfigSleepTime" control
    b) What does this registry setting "OIMConfig\MAX_RETRIES" control
    c) What does this registry setting "OIMConfig\SleepTime" control
    - In my experience this is the time when the password update thread kicks off. So in other words it represents the max latency between when you change a password in AD and when it will get pushed down to OIM. If you set this to 300 seconds, then you are looking at a worse case scenario of a 300 second lag between the time you changed your AD password and when it was pushed to OIM.
    d) According to this doc, http://docs.oracle.com/cd/E11223_01/doc.910/e11218/overview.htm#CEGHJCJE, bullet #6 states:
    "If Oracle Identity Manager rejects the password change, then the password update thread keeps resending SPML requests until the retry count reaches the maximum number of retries."
    I am trying to understand what is the reasoning behind having the connector retry the password update if OIM has already rejected it once. Is there a possible scenario where OIM would reject a password update the first time and then accept the same password update on a second attempt?
    e) Referring back to question #d above, what is the frequency at which the connector will attempt retries?
    Thanks
    Aspi Engineer
    Putnam Investments

    That is the problem...
    When I installed the connector I didn't get any error and I get a message the connector was installed ok. I think I will reinstall it.
    Thanks,
    Renato

  • AD password sync connector configuration for OIM Cluster

    Hi
    I have OIM running on clustered environment in two nodes.
    I have some AD domain controller. I need to install the AD password sync connector (version 9.1.1) in the AD domain controller.
    I remember that in the earlier versions we need to install the user management console and then change the value in xlConfig file to have both the node name.
    Version 9.1.1 is changed to use the SPML webservices. I have installed the SPML WS in both the nodes.
    My question is where do i specify in the AD password sync connector that I have two server as there is no xlConfig or any other config file that I can give both the server address.
    I referred the following PDF http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218.pdf
    Thanks
    Narendar Doshi

    have you tried importing the cert in cacerts under $JAVA_HOME?

  • Issue with installing password sync on Windows 2008

    I have installed pwd sync 64 bit on Windows 2008. Configured it in direct mode (no jms). But when I change the password of a user it is not syncing with the IdM. We have the 32 bit pwd sync working fine on Win 2003. Is there any special steps for installing, configuring 64 bit pwd sync on Win 2008. Thanks. Jack

    Hi again Tim-
    Given the error "failed to crack URL" I believe you're hitting an issue we have documented as bug # 21999. Here's the jist of it and a possible way around it.
    ==========
    When installing password sync on a Windows 2008 system, if you are not
    logged in as 'Administrator', the installer and the configure applications
    may be subject to Windows File And Registry Virtualization (FARV). This may
    cause the registry entries for password sync to be written to the user portion
    of the registry, rather than the system portion. Subsequently, password sync
    will fail with the message "failed to crack URL".
    To work around FARV, either run the MSI installer from a privileged cmd.exe
    prompt, or run the configure.exe application using the "Run As Administrator"
    functionality (right-click on the configure.exe application, select "Run As
    Administrator").
    ==========
    Hope this helps.
    Regards,
    Alex

Maybe you are looking for

  • FCP 6.0.4 update problem

    Hi, I seem to be having the same/similar issue that a few have had. I have a MBP running FCP 6.0.1, but can't update to 6.0.4. I have tried updating the Pro Apps through Apple's website, but I'm unable to get the Pro Apps 2008-02 update specifically;

  • Can't access results dynamically because of callback API

    LV6 TS1 - posted a question a week ago about accessing the step results to display immediately on a step failure. Ray kindly pointed me in the right direction where the TS example used RunState.PreviousStep.Result.etc to access the various data. I th

  • How to fill two variables from url parameter?

    Hello friends, the following case should be discussed: The URL restricts the values for 0CALMONTH (e.g. FILTER_IOBJNM=u20190CALMONTHu2019 FILTER_VALUE_LOW_EXT=u20191u2019 FILTER_VALUE_HIGH_EXT='2'). Is ist possible to fill variable VAR01 with the LOW

  • PO number and Finance doc number connection

    Hi Experts, In our project we got a requirement like we need to show fields from fs10n, fields are, GL account number, FI document number, PO number, Amount in local currency and PO description. I didnt see any datasource which bring PO number, FI GL

  • Read the Onion this week.

    Read the Onion, all Java Programmers should like it. www.theonion.com