Identity Synchronization 1.0/AD - MQClient failure

Similar Messages

• Identity Synchronization for Windows: AD connector failure

  I've recently setup ISW in order to synchronize my primary AD domain and my newly installed directory server instance. The ISW core, connectors and plug-in installs are completed.
  I ran the final idsync resync to populate directory server from AD and that ran successfully. I then ran an idsync startsync and saw that synchronization was started on all components of the system.
  - The Synchronization, Configuration Directory, Message Bus and System Manager are all in the "Started" state.
  - The AD (CNN101) and Directory Server (CNN100) directory sources are in the SYNCING state
  idsync printstat output as follows:
  Exploring status of connectors, please wait...
  Connector ID: CNN100
  Type: Sun Java(TM) System Directory
  Manages: dc=domain,dc=com (ldaps://ldap1.domain.com:636) (ldaps://ldap2.domain.com:636)
  State: SYNCING
  Installed on: ldap1.domain.com
  Plugin SUBC100 is installed on ldaps://ldap1.domain.com:636
  Plugin SUBC101 is installed on ldaps://ldap2.domain.com:636
  Connector ID: CNN101
  Type: Active Directory
  Manages: ne.domain.com (ldaps://london.ne.domain.com:636) (ldaps://winads02.ne.domain.com:636) (ldaps://winads03.ne.domain.com:636) (ldaps://winads04.ne.domain.com:636) (ldaps://winads05.ne.domain.com:636) (ldaps://winads01.ne.domain.com:636)
  State: SYNCING
  Installed on: linopsldp01.prod.domain.com
  Sun Java(TM) System Message Queue Status: Started
  Checking the System Manager status over the Sun Java(TM) System Message Queue.
  System Manager Status: Started
  SUCCESS
  I then try to login to a linux client system to complete the on-demand password synchronization. However, when I do that I see the following in the directory server that is handling the request's error log:
  [30/Sep/2009:16:51:49 -0400] - WARNING<38783> - isw - conn=17 op=1 msgId=3 - Plugins authentication cannot be completed, because no domain controller (ldaps://winads01.ne.domain.com:636 ldaps://london.ne.domain.com:636 ldaps://winads02.ne.domain.com:636 ldaps://winads03.ne.domain.com:636 ldaps://winads04.ne.domain.com:636 ldaps://winads05.ne.domain.com:636) is available to verify credentials for user uid=user,ou=people,dc=domain,dc=com
  In the CNN100 logs I see the following error on both directory server plugin sub-components:
  "DS Plugin (SUBC101): authentication to Active Directory server at ldaps://winads01.ne.domain.com:636 failed (bind DN: CN=iswadm,OU=Service Accounts,DC=ne,DC=domain,DC=com), error(81): Can't contact LDAP server"
  I know that connectivity to the domain controller listed is fine and I can reach port 636 on that host from both directory servers. I don't understand how the connecters can be in the SYNCING state if there is no connectivity to them and I went through the entire setup previous to this with no issues. I've restarted the DS instances and ISW with no luck. Has anyone seen this sort of problem before? Any ideas on a fix/further troubleshooting would be greatly appreciated.

  Thanks for the pointer to the SSL certificates. It turns out that some of the AD controllers were reporting expired certificates even though they had updated and valid certs. A reboot of those domain controllers fixed that issue.
  I now have an issue in completing the on-demand password synchronization process when my client systems are pointed at the directory proxy server systems. I can complete the operation and login when the client is pointing directly at one of the directory servers:
  [09/Oct/2009:00:58:12.584 -0400] INFO 40 CNN100 ldap01.prod.domain.com "DS Plugin (SUBC100): on-demand validation has been successfully completed for 'uid=user,ou=people,dc=domain,dc=com' by authenticating the user against ldaps://winads01.ne.domain.com:636"
  Do I need to add some schema to the directory proxy servers or add some control for dspsqpassword/dspswvalidate operations? I'm looking through both DPS and DS logs now in hopes of finding something.
  Any additional pointers are appreciated.

• Identity Synchronization for Microsoft 1.0 password synchronization failure

  Hi
  I�ve installed Identity Synchronization for Microsoft 1.0, and I can synchronize all attribute mail, telephonenumber etc � but I can not sync passwords! Between Active Directory and DS 5.2!!!
  In the audit log of isw I have
  CNN101 server1 "The controller has received the following inbound action from the accessor: Typ
  e: UNKNOWN {Data Attrs: } {Other Attrs: samaccountname: user1 usnchanged: 1696 objectguid: NfQTjHdpAE+h4MS/2UxZzQ== dn: CN=user1 user,OU=util
  i,DC=ldap,DC=com whenchanged: 20040825204423.0Z sn: user1 givenname: user}." (Action ID=CNN101-FE9B7FD2EE-6, SN=0)
  but for a telephone number modification i have:
  CNN101 server1 "The agent has received the following inbound action from the controller: Type: MODIFY SUL: SUL1 {Data Attrs: [REPL telephonenumber: 88888888888888]} {Other Attrs: samaccountname: user1 usnchanged: 2893 objectguid: ReawE
  r7nqkSYpupcV/7V3w== dn: CN=user1 users,OU=utlisateurs,DC=fr,DC=ldap,DC=com whenchanged: 20040826194415.0Z}." (Action ID=CNN101-FE9BE2BDDF-26, S
  N=1)
  Can anybody help ?
  I have installed one connector for AD , and one connector for DS and a subcomponent, the user are linked and resync with success.
  Thanks

  Hi,
  ISW does not propagate the new password value itself when a password change is detected in Active Directory. The log message quoted does not show any error.
  Note that passwords are not synchronized during resync. However, when resync'ing from Active Directory to Sun ONE Directory, you can invalidate the passwords of the Sun ONE Directory accounts using the -i flag. The invalidation will force on-demand password synchronization to start when a user with invalidated passwords attempts authentication to Sun ONE Directory.
  I would also highly recommend following the instructions in the troubleshooting section of the product documentation.
  Bertold

• Error while installing "Identity Synchronization for Windows"

  Hello All,
  I am in the middle of installing Identity Synchronization for Windows and I am running into a probelm.
  After I gave the ldap address of the Java Directory server, (which is installed in the same machine that I am installing ISW on), then I specified the "Configuration Root Suffix" , and then I gave the "cn=Directory Manager" credentials, It returns an error saying...
  The selected Directory Server is not a configuration
  directory server. You must select a directory server that
  has "o=netscaperoot". Please note that merely adding the
  +"o=netscaperoot" entry will not suffice.+
  I am running Solaris 10 (SPARC) on a T2000, and I downloaded the latest version of "Sun Java System Directory Server Enterprise Edition" (6.2 I think it is...is there a way to find out?) and I downloaded ISW (1.1 SP1) from Sun.com...
  Anyone else had this problem? Any solutions? Thanks.
  -C

  That was that !
  The proof:
  possum@laptop ~/Downloads/Sun/Directory Server $ tar tvzf DSEE.6.2.Solaris-Sparc-full.tar.gz | more
  drwxr-xr-x svbld/staff       0 2007-08-21 13:51 DSEE_Directory_Editor/
  -rw-r--r-- svbld/staff 3154227 2006-10-23 15:23 DSEE_Directory_Editor/DE_InstallConfigGuide.pdf
  -rw-r--r-- svbld/staff  113483 2006-10-23 15:23 DSEE_Directory_Editor/DE_ReleaseNotes.pdf
  -rw-r--r-- svbld/staff 9649312 2006-10-23 15:23 DSEE_Directory_Editor/de.class
  -rw-r--r-- svbld/staff     178 2006-10-23 15:23 DSEE_Directory_Editor/install.bat
  -rw-r--r-- svbld/staff     167 2006-10-23 15:23 DSEE_Directory_Editor/install.sh
  drwxr-xr-x svbld/staff       0 2007-08-21 13:53 DSEE_Identity_Synchronization_for_Windows/
  -rw-r--r-- svbld/staff     831 2007-08-21 13:53 DSEE_Identity_Synchronization_for_Windows/README.txt
  drwxr-xr-x svbld/staff       0 2006-11-07 01:32 DSEE_Identity_Synchronization_for_Windows/installer/
  drwxr-xr-x svbld/staff       0 2006-11-07 01:16 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/
  drwxr-xr-x svbld/staff       0 2006-11-07 01:17 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/
  drwxr-xr-x svbld/staff       0 2006-11-07 01:16 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/
  drwxr-xr-x svbld/staff       0 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/
  drwxr-xr-x svbld/staff       0 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/
  -rwxr-xr-x svbld/staff  186114 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_zh.properties
  -rwxr-xr-x svbld/staff  163040 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_es.properties
  -rwxr-xr-x svbld/staff  163040 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_es_ES.properties
  -rwxr-xr-x svbld/staff  184456 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_zh_TW.properties
  -rwxr-xr-x svbld/staff  233399 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_ko.properties
  -rwxr-xr-x svbld/staff  233399 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_ko_KR.properties
  -rwxr-xr-x svbld/staff  162199 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_de.properties
  -rwxr-xr-x svbld/staff  162199 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_de_DE.properties
  -rwxr-xr-x svbld/staff  172057 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_fr.properties
  -rwxr-xr-x svbld/staff  172057 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_fr_FR.propertiesSo, we need both packaging: native PKG and tar.gz ! Great !
  I think this thread can be marked as resolved now.

• Can't log into Sun DS 5.2 Console after installing Identity Synchronization

  Installing the Identity Synchronization module over the directory server prevents me from logging into the server using the console.
  I installed Sun Java System Directory Server 5.2 on a Windows 2000 server. After that, I installed the following in the order below:
  1. Patch 5077789 Patch 2
  2. Patch 117667-03
  3. Sun Java System Message Queue 3.5 SP1.
  Upto this point, I was able to log into the DS server without any problems. I was also able to access and use the MQ.
  After this, I installed the Sun Java System Identity Synchronization module.
  Now I am unable to log into the DS console. The error I get is "Cannot logon because of an incorrect User ID, Incorrect password or Directory problem.
  java.net.SocketException: Connection reset"
  Any ideas what the problem might be? I've tried uninstalling, cleaning up and reinstalling everything, but to no avail.
  Thanks in advance

  Look at the logs/error under admin-serv directory for more clue
  Make sure hostname.ldapdomainname (eg: ldap1.example.com) for LDAP server is set in Windows hosts file as 1st field.
  cd to slapd-hostname and run
  .\saveconfig
  Notepad the ldif file generated, search for userPassword for cn=admin-serv-hostname, AND CHECK IF there is passwordExpirationTime set, if there it could mean userPassword of admin-serv-hostname expired, if so you may follow a recent thread to set it to never expire.
  http://swforum.sun.com/jive/thread.jspa?threadID=48144&tstart=0
  Gary

• I can't resync and uninstall Identity Synchronization for Windows 1.0

  Hi, every body.
  I downloaded and installed Identity Synchronization for Windows 1.0 on Solaris 8.
  But I can't execute idsync resync comannd. The below error message is output on console,
  # ./idsync resync -h crow.bird.soft.hitachi.co.jp -p 3890 -D cn=manager -w managersecret -q netscape -s dc=bird,dc=soft,dc=hitachi,dc=co,dc=jp
  Exception in thread "main" java.lang.NoClassDefFoundError
  at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.initializeEncryptor(LDAPConfigurationRegistryDAO.java:756)
  at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.open(LDAPConfigurationRegistryDAO.java:721)
  at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:120)
  at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:211)
  at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1126)
  at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1114)
  at com.sun.directory.wps.ui.cli.CRCLIProgram.getConfigurationFacade(CRCLIProgram.java:64)
  at com.sun.directory.wps.ui.cli.RefreshUsers.execute(RefreshUsers.java:283)
  at com.sun.directory.wps.ui.cli.ResyncUsers.<init>(ResyncUsers.java:54)
  at com.sun.directory.wps.ui.cli.IdSyncProgram.execute(IdSyncProgram.java:94)
  at com.sun.directory.wps.ui.cli.IdSyncProgram.<init>(IdSyncProgram.java:129)
  at com.sun.directory.wps.ui.cli.IdSyncProgram.main(IdSyncProgram.java:135)
  And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.
  Both error outputs same message "org/apache/xerces/utils/Base64" in log files, so I think CLASSPATH is wrong.
  In runUninstaller.sh, below jar file name are written -classpath arguments.
  /usr/share/lib/mps/jss3.jar
  /usr/sfw/share/lib/xerces-200.jar
  These Are settings correct?
  If these settings are wrong, resync is set by same wrong settings in binary code?
  Please tell me how to resync and to uninstall Identity Synchronization for Windows 1.0.

  I mistakes log file name.
  I wrote:
  And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.But runUnsitaller.sh outputs to /var/sadm/install/logs/Uninstall-xxxxxxx.log.
  logs/cli directory is where idsync command outpus error.log and audit.log.
  Sorry.

• I can't access the Identity Synchronization console!!

  Hi, at first sorry for my english, I'm from spain :)
  I've installed Sun Directory server 5.2 in a Windows 2003 server machine.
  I need to synchronize sun ldap directory with active directory in another machine, and I've installed Identity Synchronization for windows 12004Q3 in the sun ldap's machine. Everything was right, I think, but when I try to open Identity Sychronization console from system server console, I receive an error. I mean, I'm asked about the configuration password and when I introduce it, I receive this error message:
  Invalid argument: {0} - {1}
  I don't know what is happening, when I test from command line I receive this output:
  C:\Program Files\Sun\MPS\isw-ldapserver\bin>idsync printstat -w sespa -q sespa
  Exploring status of connectors, please wait...
  No connectors were found.
  Sun Java(TM) System Message Queue Status: Started
  Checking the System Manager status over the Sun Java(TM) System Message Queue.
  System Manager Status: Started
  Remaining Installation and Configuration Steps:
  1. Create an initial configuration using the product's console or by migrating
  from a previous installation using 'idsync importcnf'.
  2. Prepare every Sun Directory Server included in this configuration by using
  the console or the 'idsync prepds' command.
  3. Install connectors for every configured directory source.
  4. After installing each Sun Directory Server connector, run the installer aga
  in on every master and on every read-only replica to install the Sun Directory S
  erver plugin.
  5. Run 'idsync resync' to establish links between existing Directory Server an
  d Windows users.
  6. Start synchronization using the console or the 'idsync startsync' command.
  SUCCESS
  But I can't finish de installation because I can't acces de console, what could be de cause? I'm starting whith ldap and I afraid I'm not very expert.
  Thank you very much!!
  Message was edited by:
  mariafro
  Message was edited by:
  mariafro
  Message was edited by:
  mariafro

  It is not guaranteed to work .
  ISW 1.1(2004Q3) has not been tested with DS 5.2patch3 (2004Q4)
  The release notes require 5.2patch2 (or higher).
  But then mention a known issue with 5.2patch3:
  Identity Synchronization for Window installation fails on Directory Server 5.2p3 installed with Sun Java Enterprise System 3. (5092530)
  You cannot install the core Identity Synchronization for Windows product against Directory Server 5.2 P3 or higher. Identity Synchronization for Windows 1 2004Q3 will support Sun Java Enterprise System 3 (Directory Server 5.2 P3) as a data synchronization source only.
  Ludovic

• What is happening about Java System Identity Synchronization for Windows

  I have been playing with "Java System Identity Synchronization for Windows" for a while now. I am about to swich over to is 100%, but I am worried that the latest version is "Windows 1 2004Q3".
  Has any one got any ideas about this. The product sort of works, and is much smaller that going for the whole "Java System Identity Management Suite 2005Q4" which is way to big and complicated for our and I think many people.
  Don't forget Microsoft have now release its own tools to do this in the latest Windows 2003 SP.
  Andrew

  ISW is already present in the 5.2p4 and 5.2p6 archives.
  dn: cn=pswsync,cn=plugins,cn=config
  objectClass: top
  objectClass: nsSlapdPlugin
  objectClass: ds-signedPlugin
  objectClass: extensibleObject
  cn: pswsync
  nsslapd-pluginPath: /export/home/abc/local/ds52p6/lib/psw-plugin.so
  nsslapd-pluginInitfunc: pswsync_init
  nsslapd-pluginType: preoperation
  nsslapd-pluginEnabled: off
  creatorsName: cn=server,cn=plugins,cn=config
  modifiersName: cn=server,cn=plugins,cn=config
  createTimestamp: 20090121011643Z
  modifyTimestamp: 20090121011643Z
  nsslapd-pluginId: Identity Sync for Windows
  nsslapd-pluginVersion: 5.2_Patch_6
  nsslapd-pluginVendor: Sun Microsystems, Inc.
  nsslapd-pluginDescription: Identity Synchronization for Windows Plug-In

• Unable to download Sun Java System Identity Synchronization for Windows

  Please any one can help me How can i download Sun Java System Identity Synchronization for Windows
  * Sun Java System Directory Server ---------------------able to download
  * Sun Java System Directory Proxy Server --------------able to download
  * Sun Java System Identity Synchronization for Windows-------------Not able to download
  * Sun Java System Directory Editor------------------------able to download
  * Sun Java System Directory Server Resource Kit------able to download
  Regards
  kamal

  ISW is already present in the 5.2p4 and 5.2p6 archives.
  dn: cn=pswsync,cn=plugins,cn=config
  objectClass: top
  objectClass: nsSlapdPlugin
  objectClass: ds-signedPlugin
  objectClass: extensibleObject
  cn: pswsync
  nsslapd-pluginPath: /export/home/abc/local/ds52p6/lib/psw-plugin.so
  nsslapd-pluginInitfunc: pswsync_init
  nsslapd-pluginType: preoperation
  nsslapd-pluginEnabled: off
  creatorsName: cn=server,cn=plugins,cn=config
  modifiersName: cn=server,cn=plugins,cn=config
  createTimestamp: 20090121011643Z
  modifyTimestamp: 20090121011643Z
  nsslapd-pluginId: Identity Sync for Windows
  nsslapd-pluginVersion: 5.2_Patch_6
  nsslapd-pluginVendor: Sun Microsystems, Inc.
  nsslapd-pluginDescription: Identity Synchronization for Windows Plug-In

• Installing Identity Synchronization in a firewalled enviroment

  I am currently attempting to install the Identity Synchronization in a replica envirnment of our current network infrastructure.
  I am having difficulties installing the Identity Synchronization Server Core on a machine behind a firewall with the Sun Directory Server outside of the firewall.
  SUN DIrectory Server (Public IP)
  |
  (Public IP) Firewall (Private IP)
  |
  Identity Sync Core Server (Private IP)
  Each time I attemt to install the Core Server, the installation fails, and the logs indicate that the Core Installer is not able to contact the Directory Server on ldap://saturn.xxx.xxx.xx:389
  If I try to contact the server witht eh LDP.exe tool from Microsoft, I am able to view the directory. So there is no problem of communication.
  I have attempted to open all traffic between the Directory Server and the Identity Server to cope with the mesage brokers dynamic port, and any other port requirements, but that did not allow the Installation to complete either.
  I have noticed that the Sun Directory Services are "Heavily" dependent on DNS lookups. Since there is no way for the Directory Server to resolve the Identity Server, can this cause the Identity Server Core installation to fail?
  If any one can help me I would be apreciative. If you need more information, I can upload a schematic of what my current test envirnment looks like, or I can attempt to answer any question that might help.

  The Installation Logs from the Synchronization Installer:
  Looking for the configuration directory server URL in C:\Program Files\Sun\MPS
  Using null as the configuration directory URL.
  EXCEPTION: ldap Url is null
  EXCEPTION: netscape.ldap.LDAPException: no connection parameters (89); Bad parameter to an LDAP method
  Will connect to the configuration directory using the URL, ldap://saturn.cct.xxx.xxxx.xx:389.
  Checking to see if core is already installed under dc=XXX,dc=xxx
  Core is not installed.
  Examining the configuration directory to determine if core is partially installed at dc=XXX,dc=xxx
  All requisite patches appear to be present.
  java -server option is available.
  java -server option is available.
  Checking if sun-id-srv.acis.xxx.xxxx.xx is the localhost by binding to port 7676
  Encountered exception while searching for ServerGroup saturn.cct.xxx.xxxx.xx
  Identified data source version as: 6.0
  Creating o=NetscapeRoot into the configuration Directory
  EXCEPTION: Cannot upload the templates failed to connect to server saturn:389. netscape.ldap.LDAPException: failed to connect to server saturn:389 (91); Cannot connect to the LDAP server
  EXCEPTION: Exception while uploading the o=netscapeRoot schema

• Can't configure Identity Synchronization for Windows through Server Console

  Hi everybody!
  I am trying to get Sun Java System Directory Server EE talking with Windows Active Directory buy my progress has come to a halt getting Identity Synchronization for Windows 6 configured and working. I would appreciate any hints!
  Here are the steps I have taken:
  1. I installed Directory Server Enterprise Edition 6.3.1 using native packages, no problems there (in terms of adding resources to directory, browsing them, etc).
  2. I installed the Message Queue (3.6 05Q1) that is bundled with the zip archive of DSEE
  3. I installed Identitty Synchronization for Windows (6), that is bundled with the zip archive of DSEE
  4. Logged into Sun Java System Server Console as per instructions after install.
  Here is where I am stuck!
  I logged in, but something is really weird! Here is what my structure looks like in the default view:
  domain name
  +Server
  ++Server Group [desc: Directory Server 6.0 /opt/SUNWdsee/ds6]
  ++Server Group (1) [var/mps/serverroot]
  +++Administration Server
  +++Identity Synchronization for Windows [details are totally blank... even icon is an empty blue square!]
  This is the second time I went through the process of installing all this stuff, I made sure to pay attention to the installation instructions as best as I could, but I am very new to Solaris and unfortunately am on an extremely tight deadline.
  I am suspecting the problem has something to do with ports or directories, but my knowledge of Solaris is not even at a level where I can troubleshoot this by myself. Even if you have some advice that seems stupid to you, please let me hear it! I am pretty stupid, I might benefit from it!!
  Please, if anyone has any hints or suggestions, I would love to hear them. Like I said, I configured all this while following the installation guides, but I am worried I missed something or misunderstood something.
  Thanks in advance,
  Al
  Edited by: newtmonkey on May 25, 2009 2:05 AM

  Hello wlier, thanks for all your help with this! I really appreciate it.
  Reinstalled this whole thing, and at least I got everything under one server group... still can't access ISW though... it is listed in the leftside pane, but when I click on it the rightside pane goes completely blank.
  ~status of idsnyc is:
  -no connectors were found
  -System Manager Status: Started
  next step is "1. create an initial configuration using the product's console..."
  ~installed/configured everything as root
  ~no errors generated when I login to the console, but when I expand the hostname in the leftside pane I get the following error:
  Exception in thread "Thread-2" java.lang.UnsatisfiedLinkError: /usr/lib/mps/libjss4.so: ld.so.1: java: fatal: libnss3.so: open failed: No such file or directory
  at java.lang.ClassLoader$NativeLibrary.load(Native Method)
  at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1751)
  at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1676)
  at java.lang.Runtime.loadLibrary0(Runtime.java:822)
  at java.lang.System.loadLibrary(System.java:993)
  at org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1443)
  at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:912)
  at com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown Source)
  at com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocketFactory(Unknown Source)
  at com.sun.directory.wps.ui.gui.view.PSWServer.<init>(PSWServer.java:71)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at java.lang.Class.newInstance0(Class.java:350)
  at java.lang.Class.newInstance(Class.java:303)
  at com.netscape.management.client.topology.ServerNode.createServerInstance(Unknown Source)
  at com.netscape.management.client.topology.ServerNode$ServerLoadThread.run(Unknown Source)
  ~If "run the Administration Server from the Server Group" means what I think it means, I can do that with no problem. I can double click on the Administration Server and configure various options, start/stop the server, etc.
  ~I just have one interface/hostname configured, and the Server Console shows the correct name
  It's like it's not making the connection to the ISW server (btw, it is listed as "isw-solaris1"... is this okay? "solaris1" is the hostname for this server). From what I understand after logging in to Server Console as Directory Manager, it should be asking me for a password to access ISW, but I don't any kind of login/password prompt.
  I should be logging in to Server Console on the port I configured during ISW installation, right? In my case, port 1390.
  We don't have a service plan and I doubt my company would want to spring the cash for it, so I'm pretty much stuck!!

• Identity Synchronization for Windows- still supported?

  Hello,
  I am doing some testing for a customer who is interested in syncing up his Active Directory and System Directory Server information, so I have been trying to build this solution in our lab.
  From what I have read, this can be done with Identity Synchronization for Windows.
  Identity Synchronization for Windows requires that Message Queue be installed.
  I installed Message Queue 4.3 but when I ran the Identity Synchronization for Windows installer I was told that I need the Enterprise Edition of Message Queue (is looking for a license file). However, according to the Sun page on Message Queue, Platform Edition and Enterprise Edition have been rolled into one product.
  So I have three questions. First, is Identity Synchronization for Windows supported on Message Queue 4.3? If so, how to get by the error message asking for Enterprise Edition? If not, is my only alternative to use an older version of Message Queue?
  Thanks in advance,
  Al

  is Identity Synchronization for Windows supported on Message Queue 4.3From the release notes, looks like the answer is no.
  http://docs.sun.com/app/docs/doc/820-2759/additional-software
  When installing Identity Synchronization for Windows, you must specify the path to the version of Message Queue to use. The Identity Synchronization for Windows installation program then installs a required broker into Message Queue, so that Identity Synchronization for Windows can use Message Queue for synchronization.
  On Windows systems, Identity Synchronization for Windows supports only Message Queue 3.6. You therefore install Message Queue 3.6 provided with the Identity Synchronization for Windows bundle.
  Message Queue 3.7 is, however, installed as a Java Enterprise System shared component. On Windows systems by default you can therefore end up with both Message Queue 3.6 and Message Queue 3.7 installed. If you install Java Enterprise System components alongside Identity Synchronization for Windows on a Windows system, be sure Message Queue 3.7 is not selected.
  ---------------

• Get System Identity Synchronization for Windows working in relication mode

  I have got ISW running on DS 5.2 it is all working correctly.
  What I want to do is set up a relica DS server with ISW on it as well.
  What I have done:
  Install DS5.2 on another machine and start replication and it works all data is in the new LDAP server, but I am having problems install the ISW software on the new server.
  Steps:
  1) On original master with ISW installed and tell ISW of a secondery server. It tell me to install connector an that machine.
  2) On my replica server I run "runInstaller.sh" and it all seems to work except when I stop and restart the server I get the followowing errors:
  # /etc/init.d/directory start
  [11/Aug/2006:15:07:38 +0100] - ERROR<4167> - Startup - conn=-1 op=-1 msgId=-1 - System error Load library /opt/SUNWiswdp/lib/64/psw-plugin.so: error ld.so.1: ns-slapd: fatal: /opt/SUNWiswdp/lib/64/psw-plugin.so: open failed: No such file or directory
  [11/Aug/2006:15:07:38 +0100] - ERROR<4140> - plugin_setup - conn=-1 op=-1 msgId=-1 - Configuration error Could not load symbol "pswsync_init" from library "/opt/SUNWiswdp/lib/psw-plugin.so" for plugin pswsync
  [11/Aug/2006:15:07:38 +0100] - ERROR<4112> - Bootstrap config - conn=-1 op=-1 msgId=-1 - Configuration error Unable to load plugin "cn=pswsync,cn=plugins,cn=config".
  Server not running!! Failed to start ns-slapd process.
  /etc/init.d/directory: unable to start the Directory Server 5.2
  I have checked and the above files are not installed well SUNWxrcsj and SUNWiswcm have not be installed.
  Question:
  How do I install ISW on a secondery server. I thought I was following the online docs, but I guess I am missing something.

  Hello All,
  Waiting for any idea for the long time. I am trying again and again by restoring my directory server zone. I have two whole root zones one i am using for sun portal and communication suite 5 and other is for directory server. They are working fine. but when i try to install the Sun Java System Identity Synchronization for Windows 6.0 on directory server zone. Some time it hangs at 97% while installing core and some time it giving error the installer cannot upload some entries in the template this error comes when i restore my directory server zone.
  Can some please give me idea why it giving these error on solaris zone.
  Thanks in Advance,
  Sikander

• Error in Configuring Identity Synchronization

  I get this error int eh Directory Service Logs:
  Plugins BasicSaintRPC.cpp:341(logCode=0, connectionID=0) BasicSaintRPC::run() exiting because 'XML parse error. Expected a single root element to remain on the parse stack.' (7001)
  and
  In the Identity Synchronization Error Logs, I get:
  "The saint server listening on port 51024 failed to establish a connection with client connecting from /xx.xx.xx.xx:32952 because 'The Connector to subcomponent interface subcomponent could not be authenticated.'."
  I am considering that the problem is witht he SSL certificates, but as far as I can tell, the idsync Certinfo shows that there are paths for the certificates, and if i look in the path, the certificate db are there.
  What else might be wrong in the configuration of the ssl?
  Bobby Ramsook
  CCNY

  This error is due to the scripts not being run correctly. Read the instructions carefully and run them again. The first script is run as user "sys", the second one as your user you indicate in the parameters to the first script. Make sure you use the _all scripts.
  Heidi.

• Installing DS Plug-in for Identity Synchronization for Windows

  Hello! We installed Sun Java Communications Suite 5 (with Directory Server Enterprise 6.0) on Linux Red Hat ES.
  Now We want install Identity Synchronitation for Windows but there isn't the supported version for Linux red Hat ES (only for Linux Red Hat AS, Windows 200-2003 and Solaris).
  I thought that it isn't a problem: I install Identity Synchronization on Windows 2003 and I can synchronize my LDAP on Red Hat ES and my AD on Windows. But I have this question: can I install the Directory Server Plug-in on Red Hat ES?
  If the answer is not, I have to migrate my LDAP to another supported platform. Can I install the Directory Server Enterprise Edition version I have in Sun Java Communications Suite 5, or is it better that I install the new Directory server Enterprise Edition version?
  Thank you very much
  Mary

  Hello Nicolas,
  Thank you for taking the time to look into this. I am very much aware of your great blog entry and I'd like to take the opportunity to thank you for posting it. It's just that I don't find PSEM plug-in version 8.51 on edelivery for Linux x86 32-bit to install it, that's why I used version 8.52. Maybe I missing something on edelivery ... Can you point me to where PSEM plug-in version 8.51 for Linux x86 32-bit exists and I can try that instead ? This is the link I use and I don't see version 8.51:
  https://edelivery.oracle.com/EPD/Download/get_form?egroup_aru_number=14217144
  FYI, the error gets raised immediately after I supply the host name for the grid control, SYS password , port 1521 and then click next :( . The installation continues after that but doesn't install the plug-in.
  Quick question since you are here :) : in PeopleBooks they say to uninstall the PSEM plug-in, run the script @PSEMDROPALL.sql , but they didn't mention which user to run against (I should know but unfortunately I don't), whom should I run this script against SYS or SYSMAN ?
  Regards.
  Tulip