My Oracle Support Banner

OID 11g: Microsoft Active Directory (MSAD) Password Filter Stops Working on a Single Domain Controller (DC) Only. OIDMain Log Error: Password updation failed in child process (Doc ID 2111745.1)

Last updated on MARCH 01, 2019

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


Oracle Internet Directory (OID) 11g with Oracle Password Filter (OPF or PF) for Microsoft (MS) Active Directory (AD).

One of many MS Domain Controllers (DCs) suddenly stopped synchronizing the users'passwords to OID via the Oracle Password Filter.

The ldapbindssl.exe test continues to work from the DC to OID.

At first there were no Password Filter log errors generated.  After uninstalling and reinstalling the Password Filter, the <date>OIDMain.log then started to show:

AD search for a user objectGUID is successfull

Adding a new node to datastore
Inside sgslutilconcatData
Entire dn is ==>
cn=myuser,OU=orclpwf<DC IP address>,,DC=corp,DC=internal,DC=mycompany,DC=com

Adding a Node Now
Inside sgslcodsaddEPWRecord without Seq Attribute
Encrypted record added to datastore successfully
Operation add completed
Inside sgsladac destructor
Inside sgslodac destructor
Inside sgsladac destructor
Password updation failed in child process
Inside sgsladds::sgslperreadData
Only dataattribute
Inside sgsladdsSearchUser
Firing Search Request

AD search for a user objectGUID is successfull

Count success


Tried, to no avail:

- Reconfigured the Password Filter
- Reinstalled the Password Filter
- Tested connection using ldapbindssl.exe from domain controller successfully.
- Checked that SSL is enabled on the Windows DC server.


After setting OID low log level debug, the following error shows in the OID log:

ConnID:718431 mesgID:13744 OpID:1 OpName:search ConnIP:::ffff:<DC IP address> ConnDN:cn=svc_oid_ad_dip_sync,cn=users,dc=corp,dc=internal,dc=mycompany,dc=com
INFO :gslfseADoSearch BASE = cn=<DC IP address>,,cn=PWSync,cn=Products,cn=OracleContext FILTER = (&(objectclass=oidconfig)(cn=*)) #REQDATTR = 0 SCOPE = 2 REQDATTRS =
2016-01-06T16:25:44 * INFO:gsleswrASndResult OPtime=5614 micro sec RESULT=32 tag=101 nentries=0

This indicates it did connect to OID and the connection was successful, but it could not find the OIDConfig object as it does not exist (RESULT=32).

Taking from another working DC example, and referencing from Document 1368738.1, manually added this missing entry in OID with ldif file:


After that, the Password Filter logs no longer showed the previous log error from above (i.e., no further occurrence of "Password updation failed in child process"), however the passwords still did not get sync'd to OID.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.