Installing Identity Synchronization in a firewalled enviroment

I am currently attempting to install the Identity Synchronization in a replica envirnment of our current network infrastructure.
I am having difficulties installing the Identity Synchronization Server Core on a machine behind a firewall with the Sun Directory Server outside of the firewall.
SUN DIrectory Server (Public IP)
|
(Public IP) Firewall (Private IP)
|
Identity Sync Core Server (Private IP)
Each time I attemt to install the Core Server, the installation fails, and the logs indicate that the Core Installer is not able to contact the Directory Server on ldap://saturn.xxx.xxx.xx:389
If I try to contact the server witht eh LDP.exe tool from Microsoft, I am able to view the directory. So there is no problem of communication.
I have attempted to open all traffic between the Directory Server and the Identity Server to cope with the mesage brokers dynamic port, and any other port requirements, but that did not allow the Installation to complete either.
I have noticed that the Sun Directory Services are "Heavily" dependent on DNS lookups. Since there is no way for the Directory Server to resolve the Identity Server, can this cause the Identity Server Core installation to fail?
If any one can help me I would be apreciative. If you need more information, I can upload a schematic of what my current test envirnment looks like, or I can attempt to answer any question that might help.

The Installation Logs from the Synchronization Installer:
Looking for the configuration directory server URL in C:\Program Files\Sun\MPS
Using null as the configuration directory URL.
EXCEPTION: ldap Url is null
EXCEPTION: netscape.ldap.LDAPException: no connection parameters (89); Bad parameter to an LDAP method
Will connect to the configuration directory using the URL, ldap://saturn.cct.xxx.xxxx.xx:389.
Checking to see if core is already installed under dc=XXX,dc=xxx
Core is not installed.
Examining the configuration directory to determine if core is partially installed at dc=XXX,dc=xxx
All requisite patches appear to be present.
java -server option is available.
java -server option is available.
Checking if sun-id-srv.acis.xxx.xxxx.xx is the localhost by binding to port 7676
Encountered exception while searching for ServerGroup saturn.cct.xxx.xxxx.xx
Identified data source version as: 6.0
Creating o=NetscapeRoot into the configuration Directory
EXCEPTION: Cannot upload the templates failed to connect to server saturn:389. netscape.ldap.LDAPException: failed to connect to server saturn:389 (91); Cannot connect to the LDAP server
EXCEPTION: Exception while uploading the o=netscapeRoot schema

Similar Messages

  • Error while installing "Identity Synchronization for Windows"

    Hello All,
    I am in the middle of installing Identity Synchronization for Windows and I am running into a probelm.
    After I gave the ldap address of the Java Directory server, (which is installed in the same machine that I am installing ISW on), then I specified the "Configuration Root Suffix" , and then I gave the "cn=Directory Manager" credentials, It returns an error saying...
    The selected Directory Server is not a configuration
    directory server. You must select a directory server that
    has "o=netscaperoot". Please note that merely adding the
    +"o=netscaperoot" entry will not suffice.+
    I am running Solaris 10 (SPARC) on a T2000, and I downloaded the latest version of "Sun Java System Directory Server Enterprise Edition" (6.2 I think it is...is there a way to find out?) and I downloaded ISW (1.1 SP1) from Sun.com...
    Anyone else had this problem? Any solutions? Thanks.
    -C

    That was that !
    The proof:
    possum@laptop ~/Downloads/Sun/Directory Server $ tar tvzf DSEE.6.2.Solaris-Sparc-full.tar.gz | more
    drwxr-xr-x svbld/staff       0 2007-08-21 13:51 DSEE_Directory_Editor/
    -rw-r--r-- svbld/staff 3154227 2006-10-23 15:23 DSEE_Directory_Editor/DE_InstallConfigGuide.pdf
    -rw-r--r-- svbld/staff  113483 2006-10-23 15:23 DSEE_Directory_Editor/DE_ReleaseNotes.pdf
    -rw-r--r-- svbld/staff 9649312 2006-10-23 15:23 DSEE_Directory_Editor/de.class
    -rw-r--r-- svbld/staff     178 2006-10-23 15:23 DSEE_Directory_Editor/install.bat
    -rw-r--r-- svbld/staff     167 2006-10-23 15:23 DSEE_Directory_Editor/install.sh
    drwxr-xr-x svbld/staff       0 2007-08-21 13:53 DSEE_Identity_Synchronization_for_Windows/
    -rw-r--r-- svbld/staff     831 2007-08-21 13:53 DSEE_Identity_Synchronization_for_Windows/README.txt
    drwxr-xr-x svbld/staff       0 2006-11-07 01:32 DSEE_Identity_Synchronization_for_Windows/installer/
    drwxr-xr-x svbld/staff       0 2006-11-07 01:16 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/
    drwxr-xr-x svbld/staff       0 2006-11-07 01:17 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/
    drwxr-xr-x svbld/staff       0 2006-11-07 01:16 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/
    drwxr-xr-x svbld/staff       0 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/
    drwxr-xr-x svbld/staff       0 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/
    -rwxr-xr-x svbld/staff  186114 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_zh.properties
    -rwxr-xr-x svbld/staff  163040 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_es.properties
    -rwxr-xr-x svbld/staff  163040 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_es_ES.properties
    -rwxr-xr-x svbld/staff  184456 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_zh_TW.properties
    -rwxr-xr-x svbld/staff  233399 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_ko.properties
    -rwxr-xr-x svbld/staff  233399 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_ko_KR.properties
    -rwxr-xr-x svbld/staff  162199 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_de.properties
    -rwxr-xr-x svbld/staff  162199 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_de_DE.properties
    -rwxr-xr-x svbld/staff  172057 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_fr.properties
    -rwxr-xr-x svbld/staff  172057 2006-10-25 14:45 DSEE_Identity_Synchronization_for_Windows/installer/admserv_package/setup_data/l10n/locale/resources/ASSetupResources_fr_FR.propertiesSo, we need both packaging: native PKG and tar.gz ! Great !
    I think this thread can be marked as resolved now.

  • Can't log into Sun DS 5.2 Console after installing Identity Synchronization

    Installing the Identity Synchronization module over the directory server prevents me from logging into the server using the console.
    I installed Sun Java System Directory Server 5.2 on a Windows 2000 server. After that, I installed the following in the order below:
    1. Patch 5077789 Patch 2
    2. Patch 117667-03
    3. Sun Java System Message Queue 3.5 SP1.
    Upto this point, I was able to log into the DS server without any problems. I was also able to access and use the MQ.
    After this, I installed the Sun Java System Identity Synchronization module.
    Now I am unable to log into the DS console. The error I get is "Cannot logon because of an incorrect User ID, Incorrect password or Directory problem.
    java.net.SocketException: Connection reset"
    Any ideas what the problem might be? I've tried uninstalling, cleaning up and reinstalling everything, but to no avail.
    Thanks in advance

    Look at the logs/error under admin-serv directory for more clue
    Make sure hostname.ldapdomainname (eg: ldap1.example.com) for LDAP server is set in Windows hosts file as 1st field.
    cd to slapd-hostname and run
    .\saveconfig
    Notepad the ldif file generated, search for userPassword for cn=admin-serv-hostname, AND CHECK IF there is passwordExpirationTime set, if there it could mean userPassword of admin-serv-hostname expired, if so you may follow a recent thread to set it to never expire.
    http://swforum.sun.com/jive/thread.jspa?threadID=48144&tstart=0
    Gary

  • Installing DS Plug-in for Identity Synchronization for Windows

    Hello! We installed Sun Java Communications Suite 5 (with Directory Server Enterprise 6.0) on Linux Red Hat ES.
    Now We want install Identity Synchronitation for Windows but there isn't the supported version for Linux red Hat ES (only for Linux Red Hat AS, Windows 200-2003 and Solaris).
    I thought that it isn't a problem: I install Identity Synchronization on Windows 2003 and I can synchronize my LDAP on Red Hat ES and my AD on Windows. But I have this question: can I install the Directory Server Plug-in on Red Hat ES?
    If the answer is not, I have to migrate my LDAP to another supported platform. Can I install the Directory Server Enterprise Edition version I have in Sun Java Communications Suite 5, or is it better that I install the new Directory server Enterprise Edition version?
    Thank you very much
    Mary

    Hello Nicolas,
    Thank you for taking the time to look into this. I am very much aware of your great blog entry and I'd like to take the opportunity to thank you for posting it. It's just that I don't find PSEM plug-in version 8.51 on edelivery for Linux x86 32-bit to install it, that's why I used version 8.52. Maybe I missing something on edelivery ... Can you point me to where PSEM plug-in version 8.51 for Linux x86 32-bit exists and I can try that instead ? This is the link I use and I don't see version 8.51:
    https://edelivery.oracle.com/EPD/Download/get_form?egroup_aru_number=14217144
    FYI, the error gets raised immediately after I supply the host name for the grid control, SYS password , port 1521 and then click next :( . The installation continues after that but doesn't install the plug-in.
    Quick question since you are here :) : in PeopleBooks they say to uninstall the PSEM plug-in, run the script @PSEMDROPALL.sql , but they didn't mention which user to run against (I should know but unfortunately I don't), whom should I run this script against SYS or SYSMAN ?
    Regards.
    Tulip

  • I can't resync and uninstall Identity Synchronization for Windows 1.0

    Hi, every body.
    I downloaded and installed Identity Synchronization for Windows 1.0 on Solaris 8.
    But I can't execute idsync resync comannd. The below error message is output on console,
    # ./idsync resync -h crow.bird.soft.hitachi.co.jp -p 3890 -D cn=manager -w managersecret -q netscape -s dc=bird,dc=soft,dc=hitachi,dc=co,dc=jp
    Exception in thread "main" java.lang.NoClassDefFoundError
    at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.initializeEncryptor(LDAPConfigurationRegistryDAO.java:756)
    at com.sun.directory.wps.registry.model.dao.LDAPConfigurationRegistryDAO.open(LDAPConfigurationRegistryDAO.java:721)
    at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:120)
    at com.sun.directory.wps.registry.util.BasicRegistryFacade.openRegistry(BasicRegistryFacade.java:211)
    at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1126)
    at com.sun.directory.wps.ui.model.PSWConfigurationFacade.openRegistry(PSWConfigurationFacade.java:1114)
    at com.sun.directory.wps.ui.cli.CRCLIProgram.getConfigurationFacade(CRCLIProgram.java:64)
    at com.sun.directory.wps.ui.cli.RefreshUsers.execute(RefreshUsers.java:283)
    at com.sun.directory.wps.ui.cli.ResyncUsers.<init>(ResyncUsers.java:54)
    at com.sun.directory.wps.ui.cli.IdSyncProgram.execute(IdSyncProgram.java:94)
    at com.sun.directory.wps.ui.cli.IdSyncProgram.<init>(IdSyncProgram.java:129)
    at com.sun.directory.wps.ui.cli.IdSyncProgram.main(IdSyncProgram.java:135)
    And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.
    Both error outputs same message "org/apache/xerces/utils/Base64" in log files, so I think CLASSPATH is wrong.
    In runUninstaller.sh, below jar file name are written -classpath arguments.
    /usr/share/lib/mps/jss3.jar
    /usr/sfw/share/lib/xerces-200.jar
    These Are settings correct?
    If these settings are wrong, resync is set by same wrong settings in binary code?
    Please tell me how to resync and to uninstall Identity Synchronization for Windows 1.0.

    I mistakes log file name.
    I wrote:
    And I can't execute runUnInstaller.sh too becasu same error messages in logs/cli/error.log file.But runUnsitaller.sh outputs to /var/sadm/install/logs/Uninstall-xxxxxxx.log.
    logs/cli directory is where idsync command outpus error.log and audit.log.
    Sorry.

  • I can't access the Identity Synchronization console!!

    Hi, at first sorry for my english, I'm from spain :)
    I've installed Sun Directory server 5.2 in a Windows 2003 server machine.
    I need to synchronize sun ldap directory with active directory in another machine, and I've installed Identity Synchronization for windows 12004Q3 in the sun ldap's machine. Everything was right, I think, but when I try to open Identity Sychronization console from system server console, I receive an error. I mean, I'm asked about the configuration password and when I introduce it, I receive this error message:
    Invalid argument: {0} - {1}
    I don't know what is happening, when I test from command line I receive this output:
    C:\Program Files\Sun\MPS\isw-ldapserver\bin>idsync printstat -w sespa -q sespa
    Exploring status of connectors, please wait...
    No connectors were found.
    Sun Java(TM) System Message Queue Status: Started
    Checking the System Manager status over the Sun Java(TM) System Message Queue.
    System Manager Status: Started
    Remaining Installation and Configuration Steps:
    1. Create an initial configuration using the product's console or by migrating
    from a previous installation using 'idsync importcnf'.
    2. Prepare every Sun Directory Server included in this configuration by using
    the console or the 'idsync prepds' command.
    3. Install connectors for every configured directory source.
    4. After installing each Sun Directory Server connector, run the installer aga
    in on every master and on every read-only replica to install the Sun Directory S
    erver plugin.
    5. Run 'idsync resync' to establish links between existing Directory Server an
    d Windows users.
    6. Start synchronization using the console or the 'idsync startsync' command.
    SUCCESS
    But I can't finish de installation because I can't acces de console, what could be de cause? I'm starting whith ldap and I afraid I'm not very expert.
    Thank you very much!!
    Message was edited by:
    mariafro
    Message was edited by:
    mariafro
    Message was edited by:
    mariafro

    It is not guaranteed to work .
    ISW 1.1(2004Q3) has not been tested with DS 5.2patch3 (2004Q4)
    The release notes require 5.2patch2 (or higher).
    But then mention a known issue with 5.2patch3:
    Identity Synchronization for Window installation fails on Directory Server 5.2p3 installed with Sun Java Enterprise System 3. (5092530)
    You cannot install the core Identity Synchronization for Windows product against Directory Server 5.2 P3 or higher. Identity Synchronization for Windows 1 2004Q3 will support Sun Java Enterprise System 3 (Directory Server 5.2 P3) as a data synchronization source only.
    Ludovic

  • Identity Synchronization for Windows- still supported?

    Hello,
    I am doing some testing for a customer who is interested in syncing up his Active Directory and System Directory Server information, so I have been trying to build this solution in our lab.
    From what I have read, this can be done with Identity Synchronization for Windows.
    Identity Synchronization for Windows requires that Message Queue be installed.
    I installed Message Queue 4.3 but when I ran the Identity Synchronization for Windows installer I was told that I need the Enterprise Edition of Message Queue (is looking for a license file). However, according to the Sun page on Message Queue, Platform Edition and Enterprise Edition have been rolled into one product.
    So I have three questions. First, is Identity Synchronization for Windows supported on Message Queue 4.3? If so, how to get by the error message asking for Enterprise Edition? If not, is my only alternative to use an older version of Message Queue?
    Thanks in advance,
    Al

    is Identity Synchronization for Windows supported on Message Queue 4.3From the release notes, looks like the answer is no.
    http://docs.sun.com/app/docs/doc/820-2759/additional-software
    When installing Identity Synchronization for Windows, you must specify the path to the version of Message Queue to use. The Identity Synchronization for Windows installation program then installs a required broker into Message Queue, so that Identity Synchronization for Windows can use Message Queue for synchronization.
    On Windows systems, Identity Synchronization for Windows supports only Message Queue 3.6. You therefore install Message Queue 3.6 provided with the Identity Synchronization for Windows bundle.
    Message Queue 3.7 is, however, installed as a Java Enterprise System shared component. On Windows systems by default you can therefore end up with both Message Queue 3.6 and Message Queue 3.7 installed. If you install Java Enterprise System components alongside Identity Synchronization for Windows on a Windows system, be sure Message Queue 3.7 is not selected.
    ---------------

  • Message queue for Identity Synchronization

    I want to install Identity Synchronization on Windows 2003. I installed Directory server and now I tried to install the message queue. When I launch the setup.bat file, a pop-up says just:
    1158:
    I don't know why I can't start the installation :-((((
    Can you help me?
    Thank you very much.
    Mary
    Edited by: afiordipelle on Nov 19, 2007 8:19 AM

    winerrno(1158)

  • Identity Synchronization for Microsoft 1.0 password synchronization failure

    Hi
    I�ve installed Identity Synchronization for Microsoft 1.0, and I can synchronize all attribute mail, telephonenumber etc � but I can not sync passwords! Between Active Directory and DS 5.2!!!
    In the audit log of isw I have
    CNN101 server1 "The controller has received the following inbound action from the accessor: Typ
    e: UNKNOWN {Data Attrs: } {Other Attrs: samaccountname: user1 usnchanged: 1696 objectguid: NfQTjHdpAE+h4MS/2UxZzQ== dn: CN=user1 user,OU=util
    i,DC=ldap,DC=com whenchanged: 20040825204423.0Z sn: user1 givenname: user}." (Action ID=CNN101-FE9B7FD2EE-6, SN=0)
    but for a telephone number modification i have:
    CNN101 server1 "The agent has received the following inbound action from the controller: Type: MODIFY SUL: SUL1 {Data Attrs: [REPL telephonenumber: 88888888888888]} {Other Attrs: samaccountname: user1 usnchanged: 2893 objectguid: ReawE
    r7nqkSYpupcV/7V3w== dn: CN=user1 users,OU=utlisateurs,DC=fr,DC=ldap,DC=com whenchanged: 20040826194415.0Z}." (Action ID=CNN101-FE9BE2BDDF-26, S
    N=1)
    Can anybody help ?
    I have installed one connector for AD , and one connector for DS and a subcomponent, the user are linked and resync with success.
    Thanks

    Hi,
    ISW does not propagate the new password value itself when a password change is detected in Active Directory. The log message quoted does not show any error.
    Note that passwords are not synchronized during resync. However, when resync'ing from Active Directory to Sun ONE Directory, you can invalidate the passwords of the Sun ONE Directory accounts using the -i flag. The invalidation will force on-demand password synchronization to start when a user with invalidated passwords attempts authentication to Sun ONE Directory.
    I would also highly recommend following the instructions in the troubleshooting section of the product documentation.
    Bertold

  • Identity Synchronization for Windows

    I get the folowing error: Alert- Lost contact with system manager.
    I am uncertain as to how to resolve this. Any suggestions would be helpful

    I also want some rocket science... I just installed Identity Synchronization and it says the same... I restart /etc/init.d/isw......... but this is not the "System Manager", is it? At least it does not work for me.

  • Can't configure Identity Synchronization for Windows through Server Console

    Hi everybody!
    I am trying to get Sun Java System Directory Server EE talking with Windows Active Directory buy my progress has come to a halt getting Identity Synchronization for Windows 6 configured and working. I would appreciate any hints!
    Here are the steps I have taken:
    1. I installed Directory Server Enterprise Edition 6.3.1 using native packages, no problems there (in terms of adding resources to directory, browsing them, etc).
    2. I installed the Message Queue (3.6 05Q1) that is bundled with the zip archive of DSEE
    3. I installed Identitty Synchronization for Windows (6), that is bundled with the zip archive of DSEE
    4. Logged into Sun Java System Server Console as per instructions after install.
    Here is where I am stuck!
    I logged in, but something is really weird! Here is what my structure looks like in the default view:
    domain name
    +Server
    ++Server Group [desc: Directory Server 6.0 /opt/SUNWdsee/ds6]
    ++Server Group (1) [var/mps/serverroot]
    +++Administration Server
    +++Identity Synchronization for Windows [details are totally blank... even icon is an empty blue square!]
    This is the second time I went through the process of installing all this stuff, I made sure to pay attention to the installation instructions as best as I could, but I am very new to Solaris and unfortunately am on an extremely tight deadline.
    I am suspecting the problem has something to do with ports or directories, but my knowledge of Solaris is not even at a level where I can troubleshoot this by myself. Even if you have some advice that seems stupid to you, please let me hear it! I am pretty stupid, I might benefit from it!!
    Please, if anyone has any hints or suggestions, I would love to hear them. Like I said, I configured all this while following the installation guides, but I am worried I missed something or misunderstood something.
    Thanks in advance,
    Al
    Edited by: newtmonkey on May 25, 2009 2:05 AM

    Hello wlier, thanks for all your help with this! I really appreciate it.
    Reinstalled this whole thing, and at least I got everything under one server group... still can't access ISW though... it is listed in the leftside pane, but when I click on it the rightside pane goes completely blank.
    ~status of idsnyc is:
    -no connectors were found
    -System Manager Status: Started
    next step is "1. create an initial configuration using the product's console..."
    ~installed/configured everything as root
    ~no errors generated when I login to the console, but when I expand the hostname in the leftside pane I get the following error:
    Exception in thread "Thread-2" java.lang.UnsatisfiedLinkError: /usr/lib/mps/libjss4.so: ld.so.1: java: fatal: libnss3.so: open failed: No such file or directory
    at java.lang.ClassLoader$NativeLibrary.load(Native Method)
    at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1751)
    at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1676)
    at java.lang.Runtime.loadLibrary0(Runtime.java:822)
    at java.lang.System.loadLibrary(System.java:993)
    at org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1443)
    at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:912)
    at com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown Source)
    at com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocketFactory(Unknown Source)
    at com.sun.directory.wps.ui.gui.view.PSWServer.<init>(PSWServer.java:71)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
    at java.lang.Class.newInstance0(Class.java:350)
    at java.lang.Class.newInstance(Class.java:303)
    at com.netscape.management.client.topology.ServerNode.createServerInstance(Unknown Source)
    at com.netscape.management.client.topology.ServerNode$ServerLoadThread.run(Unknown Source)
    ~If "run the Administration Server from the Server Group" means what I think it means, I can do that with no problem. I can double click on the Administration Server and configure various options, start/stop the server, etc.
    ~I just have one interface/hostname configured, and the Server Console shows the correct name
    It's like it's not making the connection to the ISW server (btw, it is listed as "isw-solaris1"... is this okay? "solaris1" is the hostname for this server). From what I understand after logging in to Server Console as Directory Manager, it should be asking me for a password to access ISW, but I don't any kind of login/password prompt.
    I should be logging in to Server Console on the port I configured during ISW installation, right? In my case, port 1390.
    We don't have a service plan and I doubt my company would want to spring the cash for it, so I'm pretty much stuck!!

  • Identity Synchronization 1.0/AD - MQClient failure

    After what appears to have been a successful install of Sun ONE Directory Server 5.2 and Sun ONE Synchronization Server for Windows 1.0 on an S9 system (fully patched), attempts to link users with the idsync linkusers command results in what appears to be a missing message queue failure being flagged.
    Specifically, the command invoked is:
    ./idsync linkusers -h s3.sso.isdintegration.com -p 389 -D "cn=Directory Manager" -w sun123 -s dc=sso,dc=isdintegration,dc=com -q sun123 -f../samples/IlodeLinkUsersIntegrate
    The response echoed to the console is:
    Operation is started. Enter 'c' to cancel.
    MQClient failed due to a Java Message Service error.
    CNN101/error.log reports:
    [20/Jul/2004:15:11:29.767 -0400] SEVERE 10 CNN101 s3 "Failed to establish a connection to the Sun ONE Message Queue Broker because of a JMSException: javax.jms.JMSSecurityException: [C4035]: Forbidden."
    and cli/error.log reports:
    [20/Jul/2004:15:28:21.570 -0400] INFO 10 "Log opened. Identity Synchronization for Windows build 2003.328.0933. Java runtime version is 1.4.2_04."
    [20/Jul/2004:15:28:24.899 -0400] INFO 10 "Log opened. Identity Synchronization for Windows build 2003.328.0933. Java runtime version is 1.4.2_04."
    [20/Jul/2004:15:28:32.308 -0400] SEVERE 11 s3 "Failed to establish a connection to the Sun ONE Message Queue Broker because of a JMSException: javax.jms.JMSSecurityException: [C4035]: Forbidden."
    [20/Jul/2004:15:28:32.390 -0400] SEVERE 10 s3 "MQClient failed due to a Java Message Service error."
    The message service appears to be operational (I can stop and start it with /etc/init.d/imq
    A Google search for JMSSecurityException: [C4035] notes that this error is flagged if a non-existant queue is forbidden from being created. The 64K$ question is... what queue is missing? plus... what have I failed to do to insure its existance?
    Thanx in advance -
    -Darren-

    HI Toph_TF....
    During our Windows Synchronization build we experienced the exact same MQClient error and found a resolution which may help you:
    under the following directory:
    var/imq/instances/psw-broker/props there is a file called config.properties
    under this file are domain references which could be the root cause of your problem. In our case we did a re-install of Identity Synchronization for Windows but changed domains from abc.dce.company.com to abc.hji.company.com.
    Because we didnt obliterate the var/imq directory during a reinstall, the above file was the source of our MQClient Java failure.
    To cure the issue we modified the config.properties where references to the old domain occurred. Additionally we deleted all the messages in the following directory:
    /var/imq/instances/psw-broker/filestore/message
    and cleared up the information in the following file
    /var/imq/instances/psw-broker/filestore/destination
    Hope this help!

  • Get System Identity Synchronization for Windows working in relication mode

    I have got ISW running on DS 5.2 it is all working correctly.
    What I want to do is set up a relica DS server with ISW on it as well.
    What I have done:
    Install DS5.2 on another machine and start replication and it works all data is in the new LDAP server, but I am having problems install the ISW software on the new server.
    Steps:
    1) On original master with ISW installed and tell ISW of a secondery server. It tell me to install connector an that machine.
    2) On my replica server I run "runInstaller.sh" and it all seems to work except when I stop and restart the server I get the followowing errors:
    # /etc/init.d/directory start
    [11/Aug/2006:15:07:38 +0100] - ERROR<4167> - Startup - conn=-1 op=-1 msgId=-1 - System error Load library /opt/SUNWiswdp/lib/64/psw-plugin.so: error ld.so.1: ns-slapd: fatal: /opt/SUNWiswdp/lib/64/psw-plugin.so: open failed: No such file or directory
    [11/Aug/2006:15:07:38 +0100] - ERROR<4140> - plugin_setup - conn=-1 op=-1 msgId=-1 - Configuration error Could not load symbol "pswsync_init" from library "/opt/SUNWiswdp/lib/psw-plugin.so" for plugin pswsync
    [11/Aug/2006:15:07:38 +0100] - ERROR<4112> - Bootstrap config - conn=-1 op=-1 msgId=-1 - Configuration error Unable to load plugin "cn=pswsync,cn=plugins,cn=config".
    Server not running!! Failed to start ns-slapd process.
    /etc/init.d/directory: unable to start the Directory Server 5.2
    I have checked and the above files are not installed well SUNWxrcsj and SUNWiswcm have not be installed.
    Question:
    How do I install ISW on a secondery server. I thought I was following the online docs, but I guess I am missing something.

    Hello All,
    Waiting for any idea for the long time. I am trying again and again by restoring my directory server zone. I have two whole root zones one i am using for sun portal and communication suite 5 and other is for directory server. They are working fine. but when i try to install the Sun Java System Identity Synchronization for Windows 6.0 on directory server zone. Some time it hangs at 97% while installing core and some time it giving error the installer cannot upload some entries in the template this error comes when i restore my directory server zone.
    Can some please give me idea why it giving these error on solaris zone.
    Thanks in Advance,
    Sikander

  • Manual uninstall of Identity Synchronization for Windows 2004Q3

    Hello Everyone,
    When I first tried to uninstall Identity Synchronization I received a message at the end telling me to manully remove the products from the product registry. They said to look at the documentation for instructions on how to handle the manual removal.
    However, I can't find anything in the documentation about this. The closes I found was removing version 1.0 of identity sync. I tried that but it didn't work.
    Does anyone have any instructions or at least some tips?
    I have tried a few things and might have done more damage. I am hoping that if I can manually remove everything then I will be able to reinstall successfully.
    Thanks you.

    Thank you for the response.
    I have tried removing the parts of the productregistry file that are associated with the Identity Snychronization server. When I run the installer again, I get a message that it was already installed and this will be a reinstall.
    I always get error messages that .jar files are missing.
    It doesn't seem to be moving all of the .jar files into the lib directory. I have moved all the .jar files in the install directory into the lib directory but the installer still fails looking for the connector.jar file. I looked for it but can't find that file any where.
    I was hoping that a full uninstall would allow the installer to work the way it was supposed to.
    I have not tried removing the whole product registry file because I do have the Directory Server installed on this server and the info from that is in the product registry.

  • How to implement Identity Synchronization failover

    My configuration:
    I have two DS-servers in a MMR configuration on two different systems. I have also installed SUN ONE Identity Synchronization for Windows 1.0 on one of the systems.
    I understood from the SUN ONE Identity Synchronization for Windows 1.0 documentation that two implementations of SUN ONE Identity Synchronization for Windows 1.0 don't communicate about synchronizations in progress. So I did not install SUN ONE Identity Synchronization for Windows 1.0 on both systems because I did not want to synchronize changes from Active Directory to DS twice.
    But, this gives failover problems in the sense that I have not a failover for the SUN ONE Identity Synchronization for Windows synchronization 1.0.
    Is there a solution to get failover with SUN ONE Identity Synchronization for Windows 1.0?

    No, there is no supported way to install idsync 1.0 in a HA environment that would be supported by Sun. It is considered as a "behind the scene" that is not so critical.
    The change in idsync 1.1 is that the plugin that does "on-demand" password authentication will be HA aware.

Maybe you are looking for