My Oracle Support Banner

ODSEE - Replication Values with "dsconf" Command Return "Failed to bind to remote" after Expired DefaultCert was Deleted and Replication is Broken (Doc ID 2358502.1)

Last updated on OCTOBER 31, 2023

Applies to:

Oracle Directory Server Enterprise Edition - Version and later
Information in this document applies to any platform.


Replication commands using dsconf fail with bind errors.

For example -

# dsconf show-repl-agmt-status ou=<OU>,dc=<SUFFIX_DN> <HOSTNAME>.<DOMAIN>:<LDAPS_PORT>
Enter "cn=Directory Manager" password:
Unable to bind on "<HOSTNAME>.<DOMAIN>:<LDAPS_PORT>".

Configuration Status : Unknown
Authentication Status : Unknown
Initialization Status : Unknown

Status : Error Sending Updates
Last Message : Replication error updating replica: Could not bind to replica : transient error - Failed to bind to remote
Pending Changes :

# dsconf init-repl-dest ou=<OU>,dc=<SUFFIX_DN> <HOSTNAME>.<DOMAIN>:<LDAPS_PORT>
Enter "cn=Directory Manager" password:
Initialization of "<HOSTNAME>.<DOMAIN>:<LDAPS_PORT>" failed
Server exit code: "900"
Server exit message: "Replication error initializing replica: Total update failed : Unable to bind consumer - Failed to bind to remote"
The "init-repl-dest" operation failed on "<HOSTNAME>:<LDAP_PORT>".


 The server certificate with the alias defaultCert expired and then was deleted. After the deletion of that server certificate, when running dsconf replication commands, bind errors.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.